77cc3eadac8b70a37a2bd705793535cd6d32de338c3f68684ccb25334fe393de

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 21:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

77cc3eadac8b70a37a2bd705793535cd6d32de338c3f68684ccb25334fe393de.exe
Size

468KB
MD5

1d90cbad088b9ad40863fdad2695178f
SHA1

276b889c66faa5c2a8b6ae983f905a0676a504ac
SHA256

77cc3eadac8b70a37a2bd705793535cd6d32de338c3f68684ccb25334fe393de
SHA512

862d31ea3ecd7f24dbcccc2fd6180a4e5c7d8033a458e29795d3fa4a2677897969ce8b06be55d2e7bf50e1daa2b2b045bcb53c93a5e85fc98683d487542e3885
SSDEEP

3072:KbCKog/nI95UtFYiEAtjcf8/qCMACzgpacDHeGVfYoLI8mHDukwl/:KbzoJ7UtbEsjcfvcEFoLZcDuk

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1300	Unicorn-43531.exe
2144	Unicorn-50905.exe
4700	Unicorn-35123.exe
2932	Unicorn-23277.exe
1228	Unicorn-11600.exe
1192	Unicorn-5470.exe
116	Unicorn-61356.exe
756	Unicorn-12560.exe
2812	Unicorn-62316.exe
3520	Unicorn-8476.exe
5000	Unicorn-39203.exe
4584	Unicorn-20820.exe
888	Unicorn-43.exe
1308	Unicorn-45980.exe
2436	Unicorn-8201.exe
2816	Unicorn-7646.exe
4484	Unicorn-32705.exe
4468	Unicorn-34673.exe
1712	Unicorn-60553.exe
2464	Unicorn-61315.exe
4620	Unicorn-40895.exe
4128	Unicorn-34764.exe
4104	Unicorn-44979.exe
4852	Unicorn-10068.exe
3084	Unicorn-61870.exe
1140	Unicorn-15933.exe
3236	Unicorn-16199.exe
3460	Unicorn-16199.exe
2848	Unicorn-35227.exe
1980	Unicorn-57807.exe
3712	Unicorn-55761.exe
5112	Unicorn-10744.exe
788	Unicorn-56416.exe
2228	Unicorn-64605.exe
3512	Unicorn-46223.exe
4860	Unicorn-17351.exe
3104	Unicorn-28787.exe
4284	Unicorn-7428.exe
3948	Unicorn-17735.exe
3764	Unicorn-1953.exe
880	Unicorn-5290.exe
3276	Unicorn-50962.exe
3528	Unicorn-19415.exe
4232	Unicorn-19681.exe
4752	Unicorn-3920.exe
1944	Unicorn-9181.exe
4480	Unicorn-59243.exe
5080	Unicorn-65373.exe
1088	Unicorn-65373.exe
4264	Unicorn-53121.exe
1436	Unicorn-5296.exe
2152	Unicorn-1782.exe
4816	Unicorn-8096.exe
1404	Unicorn-51538.exe
940	Unicorn-32509.exe
4124	Unicorn-20257.exe
2820	Unicorn-31117.exe
2444	Unicorn-31117.exe
4292	Unicorn-54802.exe
5036	Unicorn-8196.exe
4724	Unicorn-53048.exe
4952	Unicorn-53313.exe
4820	Unicorn-57397.exe
1740	Unicorn-57397.exe

Program crash 5 IoCs

pid	pid_target	Process	procid_target
10636	8468	WerFault.exe	405
17344	14984	WerFault.exe	785
3912	16396	WerFault.exe	811
15520	7596	Process not Found	323
2580	13912	Process not Found	1212

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57269.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57493.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29641.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56667.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58865.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60553.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7764.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43294.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10744.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60821.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56773.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18029.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35988.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50936.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32704.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39027.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32705.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17643.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47810.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38489.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57269.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60328.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4708	dwm.exe
Token: SeChangeNotifyPrivilege	4708	dwm.exe
Token: 33	4708	dwm.exe
Token: SeIncBasePriorityPrivilege	4708	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2380	77cc3eadac8b70a37a2bd705793535cd6d32de338c3f68684ccb25334fe393de.exe
1300	Unicorn-43531.exe
4700	Unicorn-35123.exe
2144	Unicorn-50905.exe
1228	Unicorn-11600.exe
1192	Unicorn-5470.exe
116	Unicorn-61356.exe
2932	Unicorn-23277.exe
756	Unicorn-12560.exe
888	Unicorn-43.exe
1308	Unicorn-45980.exe
2812	Unicorn-62316.exe
3520	Unicorn-8476.exe
5000	Unicorn-39203.exe
4584	Unicorn-20820.exe
2436	Unicorn-8201.exe
2816	Unicorn-7646.exe
4484	Unicorn-32705.exe
4468	Unicorn-34673.exe
1712	Unicorn-60553.exe
2464	Unicorn-61315.exe
4620	Unicorn-40895.exe
4128	Unicorn-34764.exe
1140	Unicorn-15933.exe
4104	Unicorn-44979.exe
3460	Unicorn-16199.exe
3236	Unicorn-16199.exe
2848	Unicorn-35227.exe
4852	Unicorn-10068.exe
3084	Unicorn-61870.exe
3712	Unicorn-55761.exe
788	Unicorn-56416.exe
5112	Unicorn-10744.exe
1980	Unicorn-57807.exe
2228	Unicorn-64605.exe
3512	Unicorn-46223.exe
4860	Unicorn-17351.exe
3104	Unicorn-28787.exe
4284	Unicorn-7428.exe
3948	Unicorn-17735.exe
3764	Unicorn-1953.exe
3276	Unicorn-50962.exe
880	Unicorn-5290.exe
4232	Unicorn-19681.exe
3528	Unicorn-19415.exe
1944	Unicorn-9181.exe
4480	Unicorn-59243.exe
5080	Unicorn-65373.exe
4264	Unicorn-53121.exe
1088	Unicorn-65373.exe
4752	Unicorn-3920.exe
1436	Unicorn-5296.exe
940	Unicorn-32509.exe
1404	Unicorn-51538.exe
2152	Unicorn-1782.exe
4124	Unicorn-20257.exe
4816	Unicorn-8096.exe
2820	Unicorn-31117.exe
2444	Unicorn-31117.exe
4292	Unicorn-54802.exe
4960	Unicorn-20449.exe
5036	Unicorn-8196.exe
4724	Unicorn-53048.exe
1740	Unicorn-57397.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 1300	2380	77cc3eadac8b70a37a2bd705793535cd6d32de338c3f68684ccb25334fe393de.exe	85
PID 2380 wrote to memory of 1300	2380	77cc3eadac8b70a37a2bd705793535cd6d32de338c3f68684ccb25334fe393de.exe	85
PID 2380 wrote to memory of 1300	2380	77cc3eadac8b70a37a2bd705793535cd6d32de338c3f68684ccb25334fe393de.exe	85
PID 1300 wrote to memory of 2144	1300	Unicorn-43531.exe	88
PID 1300 wrote to memory of 2144	1300	Unicorn-43531.exe	88
PID 1300 wrote to memory of 2144	1300	Unicorn-43531.exe	88
PID 2380 wrote to memory of 4700	2380	77cc3eadac8b70a37a2bd705793535cd6d32de338c3f68684ccb25334fe393de.exe	89
PID 2380 wrote to memory of 4700	2380	77cc3eadac8b70a37a2bd705793535cd6d32de338c3f68684ccb25334fe393de.exe	89
PID 2380 wrote to memory of 4700	2380	77cc3eadac8b70a37a2bd705793535cd6d32de338c3f68684ccb25334fe393de.exe	89
PID 4700 wrote to memory of 2932	4700	Unicorn-35123.exe	92
PID 4700 wrote to memory of 2932	4700	Unicorn-35123.exe	92
PID 4700 wrote to memory of 2932	4700	Unicorn-35123.exe	92
PID 2144 wrote to memory of 1228	2144	Unicorn-50905.exe	93
PID 2144 wrote to memory of 1228	2144	Unicorn-50905.exe	93
PID 2144 wrote to memory of 1228	2144	Unicorn-50905.exe	93
PID 2380 wrote to memory of 1192	2380	77cc3eadac8b70a37a2bd705793535cd6d32de338c3f68684ccb25334fe393de.exe	94
PID 2380 wrote to memory of 1192	2380	77cc3eadac8b70a37a2bd705793535cd6d32de338c3f68684ccb25334fe393de.exe	94
PID 2380 wrote to memory of 1192	2380	77cc3eadac8b70a37a2bd705793535cd6d32de338c3f68684ccb25334fe393de.exe	94
PID 1300 wrote to memory of 116	1300	Unicorn-43531.exe	95
PID 1300 wrote to memory of 116	1300	Unicorn-43531.exe	95
PID 1300 wrote to memory of 116	1300	Unicorn-43531.exe	95
PID 1228 wrote to memory of 756	1228	Unicorn-11600.exe	96
PID 1228 wrote to memory of 756	1228	Unicorn-11600.exe	96
PID 1228 wrote to memory of 756	1228	Unicorn-11600.exe	96
PID 2144 wrote to memory of 2812	2144	Unicorn-50905.exe	97
PID 2144 wrote to memory of 2812	2144	Unicorn-50905.exe	97
PID 2144 wrote to memory of 2812	2144	Unicorn-50905.exe	97
PID 1192 wrote to memory of 3520	1192	Unicorn-5470.exe	98
PID 1192 wrote to memory of 3520	1192	Unicorn-5470.exe	98
PID 1192 wrote to memory of 3520	1192	Unicorn-5470.exe	98
PID 116 wrote to memory of 5000	116	Unicorn-61356.exe	99
PID 116 wrote to memory of 5000	116	Unicorn-61356.exe	99
PID 116 wrote to memory of 5000	116	Unicorn-61356.exe	99
PID 1300 wrote to memory of 4584	1300	Unicorn-43531.exe	100
PID 1300 wrote to memory of 4584	1300	Unicorn-43531.exe	100
PID 1300 wrote to memory of 4584	1300	Unicorn-43531.exe	100
PID 2380 wrote to memory of 888	2380	77cc3eadac8b70a37a2bd705793535cd6d32de338c3f68684ccb25334fe393de.exe	101
PID 2380 wrote to memory of 888	2380	77cc3eadac8b70a37a2bd705793535cd6d32de338c3f68684ccb25334fe393de.exe	101
PID 2380 wrote to memory of 888	2380	77cc3eadac8b70a37a2bd705793535cd6d32de338c3f68684ccb25334fe393de.exe	101
PID 4700 wrote to memory of 1308	4700	Unicorn-35123.exe	102
PID 4700 wrote to memory of 1308	4700	Unicorn-35123.exe	102
PID 4700 wrote to memory of 1308	4700	Unicorn-35123.exe	102
PID 2932 wrote to memory of 2436	2932	Unicorn-23277.exe	103
PID 2932 wrote to memory of 2436	2932	Unicorn-23277.exe	103
PID 2932 wrote to memory of 2436	2932	Unicorn-23277.exe	103
PID 756 wrote to memory of 2816	756	Unicorn-12560.exe	104
PID 756 wrote to memory of 2816	756	Unicorn-12560.exe	104
PID 756 wrote to memory of 2816	756	Unicorn-12560.exe	104
PID 1228 wrote to memory of 4484	1228	Unicorn-11600.exe	105
PID 1228 wrote to memory of 4484	1228	Unicorn-11600.exe	105
PID 1228 wrote to memory of 4484	1228	Unicorn-11600.exe	105
PID 888 wrote to memory of 4468	888	Unicorn-43.exe	106
PID 888 wrote to memory of 4468	888	Unicorn-43.exe	106
PID 888 wrote to memory of 4468	888	Unicorn-43.exe	106
PID 2380 wrote to memory of 1712	2380	77cc3eadac8b70a37a2bd705793535cd6d32de338c3f68684ccb25334fe393de.exe	107
PID 2380 wrote to memory of 1712	2380	77cc3eadac8b70a37a2bd705793535cd6d32de338c3f68684ccb25334fe393de.exe	107
PID 2380 wrote to memory of 1712	2380	77cc3eadac8b70a37a2bd705793535cd6d32de338c3f68684ccb25334fe393de.exe	107
PID 1308 wrote to memory of 2464	1308	Unicorn-45980.exe	108
PID 1308 wrote to memory of 2464	1308	Unicorn-45980.exe	108
PID 1308 wrote to memory of 2464	1308	Unicorn-45980.exe	108
PID 5000 wrote to memory of 4620	5000	Unicorn-39203.exe	109
PID 5000 wrote to memory of 4620	5000	Unicorn-39203.exe	109
PID 5000 wrote to memory of 4620	5000	Unicorn-39203.exe	109
PID 4700 wrote to memory of 4128	4700	Unicorn-35123.exe	110

C:\Users\Admin\AppData\Local\Temp\77cc3eadac8b70a37a2bd705793535cd6d32de338c3f68684ccb25334fe393de.exe
"C:\Users\Admin\AppData\Local\Temp\77cc3eadac8b70a37a2bd705793535cd6d32de338c3f68684ccb25334fe393de.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43531.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43531.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50905.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50905.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11600.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12560.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7646.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10744.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57397.exe
        8⤵
        Executes dropped EXE
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6032.exe
        9⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22857.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18733.exe
        10⤵
        
        PID:11448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
        10⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11397.exe
        10⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59182.exe
        9⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14762.exe
        9⤵
        
        PID:12236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44442.exe
        9⤵
        
        PID:16344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33187.exe
        9⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28428.exe
        8⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        9⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2179.exe
        9⤵
        
        PID:12756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45759.exe
        9⤵
        
        PID:16912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1396.exe
        9⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9579.exe
        8⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2206.exe
        8⤵
        
        PID:13640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
        8⤵
        
        PID:17292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7843.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27722.exe
        7⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13754.exe
        8⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32403.exe
        9⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
        9⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46928.exe
        9⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32573.exe
        8⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32634.exe
        8⤵
        
        PID:12944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13689.exe
        8⤵
        
        PID:16704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22860.exe
        8⤵
        
        PID:15512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22874.exe
        8⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26894.exe
        7⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16259.exe
        8⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26429.exe
        8⤵
        
        PID:14168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64207.exe
        8⤵
        
        PID:17248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20285.exe
        8⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60613.exe
        7⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20829.exe
        7⤵
        
        PID:13968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2073.exe
        7⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56416.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22587.exe
        7⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
        8⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1092.exe
        9⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32772.exe
        10⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        9⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6533.exe
        9⤵
        
        PID:15144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7728.exe
        9⤵
        
        PID:17084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-853.exe
        8⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
        8⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20731.exe
        8⤵
        
        PID:15280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
        8⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62586.exe
        7⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2436.exe
        8⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62401.exe
        8⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18567.exe
        8⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61776.exe
        8⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        7⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
        7⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7764.exe
        7⤵
        
        PID:16388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        7⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26570.exe
        6⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        7⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58030.exe
        8⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
        8⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2077.exe
        8⤵
        
        PID:15408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34214.exe
        7⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
        7⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53867.exe
        7⤵
        
        PID:15928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23450.exe
        7⤵
        
        PID:10092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52079.exe
        6⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32561.exe
        7⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63937.exe
        7⤵
        
        PID:12984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14514.exe
        7⤵
        
        PID:11724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22253.exe
        6⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24334.exe
        6⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        6⤵
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52959.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32705.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57397.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63401.exe
        8⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11398.exe
        9⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32377.exe
        10⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34187.exe
        10⤵
        
        PID:15480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        10⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        9⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43482.exe
        9⤵
        
        PID:15020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38263.exe
        9⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27495.exe
        8⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24100.exe
        8⤵
        
        PID:15420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32967.exe
        8⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24402.exe
        8⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9493.exe
        7⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3396.exe
        8⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15033.exe
        8⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32162.exe
        8⤵
        
        PID:15748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38267.exe
        8⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34790.exe
        7⤵
        
        PID:8468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8468 -s 464
        8⤵
        Program crash
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61137.exe
        7⤵
        
        PID:12832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5010.exe
        7⤵
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12835.exe
        6⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24507.exe
        7⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1092.exe
        8⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16399.exe
        9⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10041.exe
        9⤵
        
        PID:17240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60684.exe
        9⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        8⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6533.exe
        8⤵
        
        PID:15136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46623.exe
        8⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-853.exe
        7⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
        7⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58335.exe
        7⤵
        
        PID:15192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11198.exe
        7⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57847.exe
        6⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3230.exe
        7⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38034.exe
        8⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        7⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43482.exe
        7⤵
        
        PID:15048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51079.exe
        7⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51180.exe
        6⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62910.exe
        6⤵
        
        PID:11044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36307.exe
        6⤵
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12187.exe
        6⤵
        
        PID:10320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46223.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22587.exe
        6⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26069.exe
        7⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31819.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9797.exe
        9⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61545.exe
        9⤵
        
        PID:14972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30592.exe
        9⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        8⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6533.exe
        8⤵
        
        PID:15120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
        8⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27495.exe
        7⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34030.exe
        7⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4395.exe
        7⤵
        
        PID:15324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60328.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        6⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe
        7⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43814.exe
        7⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9604.exe
        7⤵
        
        PID:15660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12304.exe
        7⤵
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44137.exe
        6⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23109.exe
        7⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25760.exe
        7⤵
        
        PID:9096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
        6⤵
        
        PID:10524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35776.exe
        6⤵
        
        PID:16364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12376.exe
        6⤵
        
        PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20183.exe
        5⤵
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
        6⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40371.exe
        7⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44256.exe
        8⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1053.exe
        7⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-284.exe
        7⤵
        
        PID:14708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18029.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
        6⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56398.exe
        6⤵
        
        PID:12628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7764.exe
        6⤵
        
        PID:16444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45240.exe
        6⤵
        
        PID:11576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        5⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
        6⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41483.exe
        6⤵
        
        PID:508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55105.exe
        6⤵
        
        PID:16276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45361.exe
        6⤵
        
        PID:7520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24801.exe
        5⤵
        
        PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30967.exe
        5⤵
        
        PID:12260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14776.exe
        5⤵
        
        PID:16372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50982.exe
        5⤵
        
        PID:10844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62316.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16199.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1782.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40411.exe
        7⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41331.exe
        8⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47819.exe
        8⤵
        
        PID:12524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16429.exe
        8⤵
        
        PID:16396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16396 -s 444
        9⤵
        Program crash
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23872.exe
        8⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44521.exe
        7⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37924.exe
        7⤵
        
        PID:13168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33036.exe
        7⤵
        
        PID:16532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56315.exe
        7⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20977.exe
        6⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11398.exe
        7⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        7⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18785.exe
        7⤵
        
        PID:15104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24436.exe
        7⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
        6⤵
        
        PID:7892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19475.exe
        6⤵
        
        PID:10988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12066.exe
        6⤵
        
        PID:15220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43792.exe
        6⤵
        
        PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31117.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
        6⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
        7⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8614.exe
        8⤵
        
        PID:13076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42351.exe
        8⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
        7⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39625.exe
        7⤵
        
        PID:13832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        7⤵
        
        PID:16944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60821.exe
        7⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61346.exe
        6⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4276.exe
        7⤵
        
        PID:14904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10498.exe
        7⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60097.exe
        6⤵
        
        PID:10812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6149.exe
        6⤵
        
        PID:14700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52653.exe
        6⤵
        
        PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14292.exe
        5⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
        6⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2200.exe
        7⤵
        
        PID:13108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10041.exe
        7⤵
        
        PID:17360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60471.exe
        7⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64411.exe
        7⤵
        
        PID:10620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41701.exe
        6⤵
        
        PID:10448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11576.exe
        6⤵
        
        PID:13328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21048.exe
        6⤵
        
        PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20453.exe
        5⤵
        
        PID:7920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62910.exe
        5⤵
        
        PID:11076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11610.exe
        5⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
        5⤵
        
        PID:11912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20257.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43011.exe
        6⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55319.exe
        7⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30487.exe
        7⤵
        
        PID:15964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13429.exe
        7⤵
        
        PID:10308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
        6⤵
        
        PID:9808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
        6⤵
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31580.exe
        6⤵
        
        PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21630.exe
        5⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24043.exe
        6⤵
        
        PID:10044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23943.exe
        6⤵
        
        PID:13724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34676.exe
        6⤵
        
        PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
        5⤵
        
        PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37234.exe
        5⤵
        
        PID:13272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20393.exe
        5⤵
        
        PID:16892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24755.exe
        5⤵
        
        PID:9276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54802.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
        5⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
        6⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11738.exe
        7⤵
        
        PID:12988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44852.exe
        7⤵
        
        PID:17252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42210.exe
        7⤵
        
        PID:10036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
        6⤵
        
        PID:9360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24702.exe
        6⤵
        
        PID:15560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        6⤵
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        5⤵
        
        PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33342.exe
        5⤵
        
        PID:12816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59288.exe
        5⤵
        
        PID:16696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13297.exe
        5⤵
        
        PID:9628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35543.exe
      4⤵
      PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3404.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59460.exe
        5⤵
        
        PID:15584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49231.exe
        5⤵
        
        PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55271.exe
      4⤵
      PID:8372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57650.exe
      4⤵
      PID:12744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16623.exe
      4⤵
      PID:16924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5598.exe
      4⤵
      PID:9860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61356.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61356.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39203.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40895.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7428.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        7⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
        8⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3230.exe
        9⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27503.exe
        9⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52225.exe
        9⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
        9⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30094.exe
        9⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31579.exe
        8⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
        8⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58335.exe
        8⤵
        
        PID:15028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe
        8⤵
        
        PID:16712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13385.exe
        7⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23843.exe
        8⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48805.exe
        8⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49896.exe
        8⤵
        
        PID:14928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26581.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
        7⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63685.exe
        7⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
        7⤵
        
        PID:15100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48108.exe
        7⤵
        
        PID:11516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25663.exe
        6⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59317.exe
        7⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
        8⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35501.exe
        9⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31089.exe
        9⤵
        
        PID:14496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22095.exe
        9⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18692.exe
        9⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55027.exe
        8⤵
        
        PID:11560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51842.exe
        8⤵
        
        PID:14512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23073.exe
        8⤵
        
        PID:17152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27495.exe
        7⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24100.exe
        7⤵
        
        PID:15396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41732.exe
        7⤵
        
        PID:12168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23036.exe
        6⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1092.exe
        7⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29641.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        7⤵
        
        PID:14016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        7⤵
        
        PID:16936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60821.exe
        7⤵
        
        PID:17020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20453.exe
        6⤵
        
        PID:7984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62910.exe
        6⤵
        
        PID:11048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58865.exe
        6⤵
        
        PID:16352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63910.exe
        6⤵
        
        PID:12792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52135.exe
        6⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8554.exe
        7⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59237.exe
        8⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17348.exe
        8⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51590.exe
        7⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55987.exe
        7⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16429.exe
        7⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
        7⤵
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56556.exe
        6⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27325.exe
        7⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45760.exe
        7⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62697.exe
        7⤵
        
        PID:16084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
        7⤵
        
        PID:8480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14178.exe
        6⤵
        
        PID:8868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-975.exe
        6⤵
        
        PID:13120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7764.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60015.exe
        6⤵
        
        PID:12800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13716.exe
        5⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56193.exe
        6⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27325.exe
        7⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45760.exe
        7⤵
        
        PID:12268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13072.exe
        7⤵
        
        PID:16720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
        6⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58701.exe
        6⤵
        
        PID:12920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18951.exe
        6⤵
        
        PID:16756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26773.exe
        6⤵
        
        PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62498.exe
        5⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29799.exe
        6⤵
        
        PID:9016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40035.exe
        6⤵
        
        PID:13260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45594.exe
        6⤵
        
        PID:16720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36695.exe
        6⤵
        
        PID:9340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19546.exe
        5⤵
        
        PID:8772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        6⤵
        
        PID:15312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5916.exe
        6⤵
        
        PID:224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61732.exe
        5⤵
        
        PID:13020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10816.exe
        5⤵
        
        PID:16708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40583.exe
        5⤵
        
        PID:7492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61870.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53121.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
        6⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10438.exe
        7⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26339.exe
        8⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34083.exe
        8⤵
        
        PID:12512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
        8⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60327.exe
        8⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7625.exe
        7⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44503.exe
        7⤵
        
        PID:13268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23420.exe
        7⤵
        
        PID:17156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17619.exe
        7⤵
        
        PID:8268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30619.exe
        6⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4058.exe
        7⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43632.exe
        7⤵
        
        PID:13208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58754.exe
        6⤵
        
        PID:11388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
        6⤵
        
        PID:14912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64706.exe
        6⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14641.exe
        6⤵
        
        PID:8696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19031.exe
        5⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22691.exe
        6⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14478.exe
        7⤵
        
        PID:12120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61406.exe
        7⤵
        
        PID:15668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35988.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
        6⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39625.exe
        6⤵
        
        PID:13856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
        6⤵
        
        PID:16932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
        6⤵
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17712.exe
        5⤵
        
        PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-425.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42025.exe
        5⤵
        
        PID:14388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19781.exe
        5⤵
        
        PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8096.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
        5⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
        6⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35387.exe
        7⤵
        
        PID:15348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19704.exe
        7⤵
        
        PID:13008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
        6⤵
        
        PID:9368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46195.exe
        6⤵
        
        PID:14040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
        6⤵
        
        PID:14980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38263.exe
        6⤵
        
        PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10696.exe
        5⤵
        
        PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38334.exe
        5⤵
        
        PID:11432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2336.exe
        5⤵
        
        PID:15160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
        5⤵
        
        PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34870.exe
        5⤵
        
        PID:10472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48746.exe
      4⤵
      PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59613.exe
        5⤵
        
        PID:8072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5905.exe
        5⤵
        
        PID:11060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14866.exe
        5⤵
        
        PID:15236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11624.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47751.exe
      4⤵
      PID:8656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58442.exe
      4⤵
      PID:11284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
      4⤵
      PID:15952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26577.exe
      4⤵
      PID:7396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20820.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20820.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44979.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32509.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64340.exe
        6⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58051.exe
        7⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27027.exe
        8⤵
        
        PID:14672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-685.exe
        8⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45760.exe
        7⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
        7⤵
        
        PID:16064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10550.exe
        7⤵
        
        PID:8932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56773.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64566.exe
        6⤵
        
        PID:12848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10286.exe
        6⤵
        
        PID:16652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22298.exe
        6⤵
        
        PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exe
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7314.exe
        6⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3183.exe
        6⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50943.exe
        6⤵
        
        PID:9444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9055.exe
        6⤵
        
        PID:14656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58683.exe
        6⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65251.exe
        6⤵
        
        PID:11492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
        5⤵
        
        PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7799.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9928.exe
        5⤵
        
        PID:14456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62589.exe
        5⤵
        
        PID:7912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31117.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17517.exe
        5⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57501.exe
        6⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30423.exe
        7⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1650.exe
        8⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34187.exe
        8⤵
        
        PID:15488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        8⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
        7⤵
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58011.exe
        7⤵
        
        PID:15756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60327.exe
        7⤵
        
        PID:7192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23577.exe
        6⤵
        
        PID:7796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36527.exe
        6⤵
        
        PID:12640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55708.exe
        6⤵
        
        PID:16960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
        6⤵
        
        PID:8444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38787.exe
        5⤵
        
        PID:7312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56409.exe
        6⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22750.exe
        6⤵
        
        PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64181.exe
        5⤵
        
        PID:10700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63134.exe
        5⤵
        
        PID:13916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
        5⤵
        
        PID:6040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57271.exe
      4⤵
      PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31819.exe
        5⤵
        
        PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33725.exe
        5⤵
        
        PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        5⤵
        
        PID:13772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
        5⤵
        
        PID:17276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1314.exe
        5⤵
        
        PID:3488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
      4⤵
      PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21599.exe
        5⤵
        
        PID:13316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45802.exe
        5⤵
        
        PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10810.exe
      4⤵
      PID:10752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44844.exe
      4⤵
      PID:7908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65373.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42213.exe
        5⤵
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56193.exe
        6⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1676.exe
        7⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
        7⤵
        
        PID:13604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51187.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64411.exe
        7⤵
        
        PID:7548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45673.exe
        6⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61058.exe
        6⤵
        
        PID:12636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20976.exe
        6⤵
        
        PID:17276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26143.exe
        6⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11159.exe
        6⤵
        
        PID:9572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48388.exe
        5⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32561.exe
        6⤵
        
        PID:8556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18323.exe
        6⤵
        
        PID:12876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13086.exe
        6⤵
        
        PID:16676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1396.exe
        6⤵
        
        PID:11980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10094.exe
        5⤵
        
        PID:8800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
        5⤵
        
        PID:13088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7764.exe
        5⤵
        
        PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3824.exe
        5⤵
        
        PID:9336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39259.exe
      4⤵
      PID:452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46235.exe
        5⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30356.exe
        6⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10871.exe
        6⤵
        
        PID:13620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48387.exe
        6⤵
        
        PID:17300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11390.exe
        6⤵
        
        PID:11152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
        5⤵
        
        PID:8636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4265.exe
        5⤵
        
        PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62393.exe
        5⤵
        
        PID:17032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55718.exe
        5⤵
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60360.exe
        5⤵
        
        PID:7772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32704.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
        5⤵
        
        PID:9696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
        5⤵
        
        PID:15368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24244.exe
        5⤵
        
        PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63519.exe
      4⤵
      PID:10540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37357.exe
      4⤵
      PID:13636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20889.exe
      4⤵
      PID:9552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5296.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5296.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43011.exe
      4⤵
      PID:7080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25387.exe
        5⤵
        
        PID:9784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47810.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52822.exe
        5⤵
        
        PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
      4⤵
      PID:9828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
      4⤵
      PID:12768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4553.exe
      4⤵
      PID:5788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37935.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37935.exe
    3⤵
    PID:5688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11398.exe
      4⤵
      PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
        5⤵
        
        PID:8920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17415.exe
        5⤵
        
        PID:15804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6353.exe
        5⤵
        
        PID:11900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
      4⤵
      PID:10496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6533.exe
      4⤵
      PID:15128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26010.exe
      4⤵
      PID:6136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38961.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38961.exe
    3⤵
    PID:7900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55346.exe
    3⤵
    PID:10604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51267.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51267.exe
    3⤵
    PID:15228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28348.exe
    3⤵
    PID:5404
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35123.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35123.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23277.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8201.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57807.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53313.exe
        6⤵
        Executes dropped EXE
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
        7⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40371.exe
        8⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31971.exe
        8⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
        8⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44024.exe
        7⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15464.exe
        8⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35749.exe
        8⤵
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        8⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16132.exe
        7⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7380.exe
        7⤵
        
        PID:16208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20736.exe
        7⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17661.exe
        6⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3396.exe
        7⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15033.exe
        7⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32162.exe
        7⤵
        
        PID:15740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31739.exe
        7⤵
        
        PID:7536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10094.exe
        6⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
        6⤵
        
        PID:13080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10286.exe
        6⤵
        
        PID:16684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2262.exe
        6⤵
        
        PID:16840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47646.exe
        5⤵
        
        PID:1184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
        6⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64060.exe
        7⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55027.exe
        7⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43866.exe
        7⤵
        
        PID:14684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18413.exe
        7⤵
        
        PID:8692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27495.exe
        6⤵
        
        PID:8116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3304.exe
        6⤵
        
        PID:9700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26954.exe
        6⤵
        
        PID:14436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52653.exe
        6⤵
        
        PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33150.exe
        5⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27325.exe
        6⤵
        
        PID:8456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45760.exe
        6⤵
        
        PID:10716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11550.exe
        6⤵
        
        PID:15792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27655.exe
        6⤵
        
        PID:9720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5653.exe
        5⤵
        
        PID:9028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53187.exe
        5⤵
        
        PID:12456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56766.exe
        5⤵
        
        PID:14588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7843.exe
        5⤵
        
        PID:12344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55761.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8196.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9732.exe
        6⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24637.exe
        7⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        7⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8898.exe
        7⤵
        
        PID:13812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39538.exe
        7⤵
        
        PID:16992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44485.exe
        7⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
        6⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        6⤵
        
        PID:11116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61380.exe
        6⤵
        
        PID:14864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1314.exe
        6⤵
        
        PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43535.exe
        5⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40371.exe
        6⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16617.exe
        7⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34187.exe
        7⤵
        
        PID:15496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29765.exe
        7⤵
        
        PID:11488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46362.exe
        6⤵
        
        PID:10780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14098.exe
        6⤵
        
        PID:14352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55288.exe
        6⤵
        
        PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57759.exe
        5⤵
        
        PID:8020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21997.exe
        5⤵
        
        PID:10492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-390.exe
        5⤵
        
        PID:14648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64213.exe
        5⤵
        
        PID:6540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30153.exe
        5⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
        6⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52797.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
        7⤵
        
        PID:15380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
        6⤵
        
        PID:10232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39625.exe
        6⤵
        
        PID:13824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23010.exe
        6⤵
        
        PID:17364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30094.exe
        6⤵
        
        PID:16396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58261.exe
        6⤵
        
        PID:7588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10696.exe
        5⤵
        
        PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9745.exe
        5⤵
        
        PID:11328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35200.exe
        5⤵
        
        PID:14760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64291.exe
        5⤵
        
        PID:9840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16152.exe
      4⤵
      PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23843.exe
        5⤵
        
        PID:7332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1053.exe
        5⤵
        
        PID:10960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18758.exe
        5⤵
        
        PID:14744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38760.exe
        5⤵
        
        PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38423.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52757.exe
      4⤵
      PID:10268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14200.exe
      4⤵
      PID:14716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65041.exe
      4⤵
      PID:7440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45980.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45980.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61315.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17735.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47475.exe
        6⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49011.exe
        7⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3230.exe
        8⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21473.exe
        8⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        8⤵
        
        PID:13796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
        8⤵
        
        PID:17032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60821.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-661.exe
        7⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
        7⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21115.exe
        7⤵
        
        PID:14396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36093.exe
        7⤵
        
        PID:10028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62394.exe
        6⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14688.exe
        7⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18733.exe
        7⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5136.exe
        7⤵
        
        PID:15176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37577.exe
        7⤵
        
        PID:11968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30322.exe
        6⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2537.exe
        6⤵
        
        PID:12608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7764.exe
        6⤵
        
        PID:16460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64291.exe
        6⤵
        
        PID:11824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13603.exe
        5⤵
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35005.exe
        6⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        7⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63658.exe
        7⤵
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7082.exe
        7⤵
        
        PID:15408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39410.exe
        7⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37007.exe
        6⤵
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58701.exe
        6⤵
        
        PID:12912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18951.exe
        6⤵
        
        PID:16764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26965.exe
        6⤵
        
        PID:11568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62123.exe
        5⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29767.exe
        6⤵
        
        PID:12448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58054.exe
        6⤵
        
        PID:16948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15959.exe
        5⤵
        
        PID:8804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35288.exe
        5⤵
        
        PID:13100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56766.exe
        5⤵
        
        PID:16412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17381.exe
        5⤵
        
        PID:8196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50962.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
        5⤵
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62223.exe
        6⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61183.exe
        7⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18645.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54093.exe
        7⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34183.exe
        7⤵
        
        PID:7272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48082.exe
        6⤵
        
        PID:9072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61223.exe
        6⤵
        
        PID:12452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55708.exe
        6⤵
        
        PID:16952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6353.exe
        6⤵
        
        PID:11652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6717.exe
        5⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47509.exe
        6⤵
        
        PID:13184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51458.exe
        6⤵
        
        PID:16940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26508.exe
        6⤵
        
        PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
        5⤵
        
        PID:9744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63388.exe
        5⤵
        
        PID:13472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13000.exe
        5⤵
        
        PID:17120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17036.exe
        5⤵
        
        PID:12740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13716.exe
      4⤵
      PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4662.exe
        5⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30423.exe
        6⤵
        
        PID:8964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
        6⤵
        
        PID:12016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31204.exe
        6⤵
        
        PID:17000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43302.exe
        6⤵
        
        PID:11480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-443.exe
        5⤵
        
        PID:632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
        5⤵
        
        PID:13112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16429.exe
        5⤵
        
        PID:14640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45824.exe
        5⤵
        
        PID:12684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34486.exe
      4⤵
      PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
        5⤵
        
        PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34659.exe
        5⤵
        
        PID:12964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
        5⤵
        
        PID:16420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28039.exe
        5⤵
        
        PID:9168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16230.exe
      4⤵
      PID:9472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31773.exe
      4⤵
      PID:12568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21506.exe
      4⤵
      PID:16540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42892.exe
      4⤵
      PID:16988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54490.exe
      4⤵
      PID:11376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34764.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34764.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5290.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23355.exe
        5⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10500.exe
        6⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2436.exe
        7⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62401.exe
        7⤵
        
        PID:12320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51240.exe
        7⤵
        
        PID:16092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6353.exe
        7⤵
        
        PID:11472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27390.exe
        6⤵
        
        PID:9264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11473.exe
        6⤵
        
        PID:12868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6586.exe
        6⤵
        
        PID:17168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43294.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28315.exe
        5⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41331.exe
        6⤵
        
        PID:8212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6289.exe
        6⤵
        
        PID:11668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45977.exe
        6⤵
        
        PID:15388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8988.exe
        6⤵
        
        PID:8752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63571.exe
        5⤵
        
        PID:8380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61137.exe
        5⤵
        
        PID:12996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64325.exe
        5⤵
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4304.exe
        5⤵
        
        PID:5836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1927.exe
      4⤵
      PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13214.exe
        5⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        6⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13518.exe
        7⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50332.exe
        7⤵
        
        PID:15332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20642.exe
        7⤵
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
        6⤵
        
        PID:11348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56667.exe
        6⤵
        
        PID:15976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32538.exe
        6⤵
        
        PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30785.exe
        5⤵
        
        PID:8236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4265.exe
        5⤵
        
        PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52192.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61485.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32355.exe
        5⤵
        
        PID:11244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61545.exe
        5⤵
        
        PID:15072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59372.exe
        5⤵
        
        PID:16628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25916.exe
      4⤵
      PID:9816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53353.exe
      4⤵
      PID:13568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
      4⤵
      PID:17308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19519.exe
      4⤵
      PID:9716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45913.exe
      4⤵
      PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6992.exe
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2436.exe
        6⤵
        
        PID:8080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41291.exe
        6⤵
        
        PID:10032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38001.exe
        6⤵
        
        PID:15532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59751.exe
        6⤵
        
        PID:9328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
        5⤵
        
        PID:9108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
        5⤵
        
        PID:12596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16429.exe
        5⤵
        
        PID:16404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27733.exe
        5⤵
        
        PID:9600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28428.exe
      4⤵
      PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20675.exe
        5⤵
        
        PID:13516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59434.exe
        5⤵
        
        PID:17164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25297.exe
        5⤵
        
        PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19501.exe
      4⤵
      PID:10208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36824.exe
      4⤵
      PID:13868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21963.exe
      4⤵
      PID:5552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45727.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45727.exe
    3⤵
    PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26837.exe
      4⤵
      PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7506.exe
        5⤵
        
        PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1053.exe
        5⤵
        
        PID:10992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-284.exe
        5⤵
        
        PID:14692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46928.exe
        5⤵
        
        PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-661.exe
      4⤵
      PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
      4⤵
      PID:9488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18593.exe
      4⤵
      PID:14476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2077.exe
      4⤵
      PID:4872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37297.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37297.exe
    3⤵
    PID:6996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32403.exe
      4⤵
      PID:10008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
      4⤵
      PID:13596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51187.exe
      4⤵
      PID:17324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63233.exe
      4⤵
      PID:5320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45541.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45541.exe
    3⤵
    PID:9396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35668.exe
    3⤵
    PID:12708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35481.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35481.exe
    3⤵
    PID:2024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56148.exe
    3⤵
    PID:4360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5298.exe
    3⤵
    PID:7792
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5470.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5470.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8476.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16199.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65373.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        6⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27761.exe
        7⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57449.exe
        8⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63937.exe
        8⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28904.exe
        8⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21631.exe
        7⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42749.exe
        7⤵
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18951.exe
        7⤵
        
        PID:16772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15289.exe
        7⤵
        
        PID:12048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14885.exe
        6⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        7⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38141.exe
        7⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51955.exe
        7⤵
        
        PID:16704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
        7⤵
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6647.exe
        6⤵
        
        PID:10556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53893.exe
        6⤵
        
        PID:13480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8484.exe
        6⤵
        
        PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52280.exe
        5⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40371.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50446.exe
        6⤵
        
        PID:10692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44825.exe
        6⤵
        
        PID:14340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8683.exe
        6⤵
        
        PID:9484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57759.exe
        5⤵
        
        PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
        5⤵
        
        PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7565.exe
        5⤵
        
        PID:15468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33526.exe
        5⤵
        
        PID:11896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51538.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34429.exe
        5⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
        6⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57343.exe
        7⤵
        
        PID:14480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4354.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
        6⤵
        
        PID:9312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44468.exe
        6⤵
        
        PID:14468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
        6⤵
        
        PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61346.exe
        5⤵
        
        PID:7424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54670.exe
        5⤵
        
        PID:11364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        5⤵
        
        PID:14920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60622.exe
        5⤵
        
        PID:5648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42881.exe
      4⤵
      PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
        5⤵
        
        PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2729.exe
        5⤵
        
        PID:12332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        5⤵
        
        PID:16340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22874.exe
        5⤵
        
        PID:9088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
      4⤵
      PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1650.exe
        5⤵
        
        PID:11816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34187.exe
        5⤵
        
        PID:15504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61483.exe
        5⤵
        
        PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
        5⤵
        
        PID:9448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10810.exe
      4⤵
      PID:10804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58865.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11995.exe
      4⤵
      PID:11940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35227.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35227.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3920.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32483.exe
        5⤵
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39027.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        6⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49739.exe
        6⤵
        
        PID:13928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65476.exe
        6⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24397.exe
        5⤵
        
        PID:7580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        5⤵
        
        PID:11096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61380.exe
        5⤵
        
        PID:14884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52653.exe
        5⤵
        
        PID:100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28648.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33555.exe
        5⤵
        
        PID:10648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
        5⤵
        
        PID:14092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39117.exe
        5⤵
        
        PID:6500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10836.exe
      4⤵
      PID:10192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20289.exe
      4⤵
      PID:13848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23313.exe
      4⤵
      PID:3532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59243.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59243.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50957.exe
      4⤵
      PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5394.exe
        5⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10731.exe
        6⤵
        
        PID:10568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53893.exe
        6⤵
        
        PID:13900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4898.exe
        6⤵
        
        PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
        5⤵
        
        PID:9736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51136.exe
        5⤵
        
        PID:13496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27390.exe
        5⤵
        
        PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5962.exe
        5⤵
        
        PID:7092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53780.exe
      4⤵
      PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6144.exe
        5⤵
        
        PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32459.exe
        5⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33480.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34183.exe
        5⤵
        
        PID:6496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38525.exe
      4⤵
      PID:9880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49766.exe
      4⤵
      PID:13544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48387.exe
      4⤵
      PID:17316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43294.exe
      4⤵
      PID:6332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52079.exe
    3⤵
    PID:6752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
      4⤵
      PID:9684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24291.exe
      4⤵
      PID:14100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65402.exe
      4⤵
      PID:5564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60764.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60764.exe
    3⤵
    PID:8980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
    3⤵
    PID:13224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2114.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2114.exe
    3⤵
    PID:17112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25326.exe
    3⤵
    PID:8136
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34673.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34673.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17351.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20449.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30153.exe
        6⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62763.exe
        7⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21679.exe
        8⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39921.exe
        8⤵
        
        PID:12208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36439.exe
        8⤵
        
        PID:14984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14984 -s 464
        9⤵
        Program crash
        
        PID:17344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19268.exe
        8⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16779.exe
        7⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32058.exe
        7⤵
        
        PID:12936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18951.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33187.exe
        7⤵
        
        PID:10488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42679.exe
        6⤵
        
        PID:972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36579.exe
        6⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58090.exe
        6⤵
        
        PID:13540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17643.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34870.exe
        6⤵
        
        PID:10600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58963.exe
        5⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
        6⤵
        
        PID:8560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41483.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62697.exe
        6⤵
        
        PID:16116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19295.exe
        6⤵
        
        PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54854.exe
        5⤵
        
        PID:8744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12730.exe
        5⤵
        
        PID:13028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59288.exe
        5⤵
        
        PID:16748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57838.exe
        5⤵
        
        PID:6928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31309.exe
      4⤵
      PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
        5⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62737.exe
        6⤵
        
        PID:7276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31971.exe
        6⤵
        
        PID:10668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53150.exe
        6⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48108.exe
        5⤵
        
        PID:8000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55027.exe
        5⤵
        
        PID:10352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51842.exe
        5⤵
        
        PID:15372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39410.exe
        5⤵
        
        PID:9976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
      4⤵
      PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36679.exe
        5⤵
        
        PID:10120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
        5⤵
        
        PID:13684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57985.exe
        5⤵
        
        PID:17376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
        5⤵
        
        PID:6092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52716.exe
      4⤵
      PID:8992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59601.exe
      4⤵
      PID:12312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
      4⤵
      PID:16336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62306.exe
      4⤵
      PID:11736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28787.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33277.exe
      4⤵
      PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
        5⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52431.exe
        6⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26325.exe
        6⤵
        
        PID:11108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        6⤵
        
        PID:14872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2003.exe
        6⤵
        
        PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7075.exe
        5⤵
        
        PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32468.exe
        5⤵
        
        PID:11424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11001.exe
        5⤵
        
        PID:15112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14329.exe
        5⤵
        
        PID:8584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
      4⤵
      PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23843.exe
        5⤵
        
        PID:7356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12843.exe
        5⤵
        
        PID:12404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30322.exe
        5⤵
        
        PID:16436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51271.exe
        5⤵
        
        PID:11888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
      4⤵
      PID:6892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
      4⤵
      PID:9796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9928.exe
      4⤵
      PID:14524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42147.exe
      4⤵
      PID:5228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57873.exe
    3⤵
    PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
        5⤵
        
        PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        5⤵
        
        PID:10588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6533.exe
        5⤵
        
        PID:15152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51079.exe
        5⤵
        
        PID:16508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62306.exe
      4⤵
      PID:8004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
      4⤵
      PID:10820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58335.exe
      4⤵
      PID:15260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7337.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
    3⤵
    PID:5168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61751.exe
      4⤵
      PID:7452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18733.exe
      4⤵
      PID:11440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
      4⤵
      PID:4272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49503.exe
      4⤵
      PID:3568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57493.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62525.exe
    3⤵
    PID:9044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
    3⤵
    PID:12488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8294.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8294.exe
    3⤵
    PID:15820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59825.exe
    3⤵
    PID:10584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19681.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19681.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46489.exe
      4⤵
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42343.exe
        5⤵
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49777.exe
        6⤵
        
        PID:15088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18666.exe
        6⤵
        
        PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30243.exe
        5⤵
        
        PID:9728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57523.exe
        5⤵
        
        PID:13464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21665.exe
        5⤵
        
        PID:17104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12767.exe
        5⤵
        
        PID:9900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3785.exe
      4⤵
      PID:6228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
      4⤵
      PID:9872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30078.exe
      4⤵
      PID:13840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61407.exe
      4⤵
      PID:17076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16652.exe
      4⤵
      PID:11208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50936.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50936.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14693.exe
      4⤵
      PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29231.exe
        5⤵
        
        PID:10368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56667.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
        5⤵
        
        PID:5700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24676.exe
      4⤵
      PID:8360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37924.exe
      4⤵
      PID:12900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10286.exe
      4⤵
      PID:16740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe
      4⤵
      PID:11476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1978.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1978.exe
    3⤵
    PID:7160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32403.exe
      4⤵
      PID:10000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30165.exe
      4⤵
      PID:13552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51187.exe
      4⤵
      PID:17288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48075.exe
      4⤵
      PID:9524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44390.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44390.exe
    3⤵
    PID:9948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27627.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27627.exe
    3⤵
    PID:13492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
    3⤵
    PID:6964
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9181.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9181.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
    3⤵
    PID:1912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43111.exe
      4⤵
      PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9434.exe
        5⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
        5⤵
        
        PID:14484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52822.exe
        5⤵
        
        PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
      4⤵
      PID:9348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49739.exe
      4⤵
      PID:13936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60821.exe
      4⤵
      PID:17076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5923.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5923.exe
    3⤵
    PID:7540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48229.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48229.exe
    3⤵
    PID:11064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55350.exe
    3⤵
    PID:14764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16268.exe
    3⤵
    PID:15412
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21752.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21752.exe
  2⤵
  PID:5344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
    3⤵
    PID:6572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49481.exe
      4⤵
      PID:11680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22703.exe
      4⤵
      PID:14752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35796.exe
      4⤵
      PID:11892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
    3⤵
    PID:9380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44468.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44468.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:14460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50707.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50707.exe
    3⤵
    PID:1008
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51280.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51280.exe
  2⤵
  PID:7416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30961.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30961.exe
  2⤵
  PID:10796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19889.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19889.exe
  2⤵
  PID:14400
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21256.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21256.exe
  2⤵
  PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 8468 -ip 8468
1⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 14984 -ip 14984
1⤵
PID:17076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 16396 -ip 16396
1⤵
PID:16992

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe

Filesize
468KB

MD5
0ecdb00284ec7ff8dceceb6d38a3a782

SHA1
7a97928cf2ec71470141f6b2e021cd07780db8d4

SHA256
a35cd2967e9f148cf9ef00c988c09168ea3919a9aac1838e0fc10fc5c1fcaac9

SHA512
c0101ed1b1156fc5bd7cffb0326e325fd04c713f3c66f39e49863ad14d4d55bc5203029426f44f3e5fba4ecf2e10d99cf09471acbf7859fdd6fcc672a007ab60

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10744.exe

Filesize
468KB

MD5
676d697f4dbd4069d36bcfefce9aedc0

SHA1
6fda781c11d094bbc84fdb407f67b0d3f7076bde

SHA256
f947c62e290a842265fa8ed3b90b3e9b8c45fb73907e3b076d7bf32a443329fd

SHA512
a4cb08a1b4dd59bd6f1042c08a278029b1e7c3c3cf409ea38a6e98159bdd918e4fceb86c81ddc96bb702bfdad80058f2bba5f778ce5e862050e9b26d75275a49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11600.exe

Filesize
468KB

MD5
af13f8d88760bcb28787daaed1408398

SHA1
9b20ec2d68527e5aa76c20d55c744093989a0180

SHA256
4a04fdc9047e449a3770943ba1a5b0f523e0500600346820bd44e2845ce42153

SHA512
6ca0acdcfca00be7140e5f380280726a702cb39c40899dcd29662436a2cd75a0446a6f3247936e103d61dac95ff8bc42713861bf30497ac27ec21631600ad152

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12560.exe

Filesize
468KB

MD5
e98b69237ce3a08ece17dd4562ed08f1

SHA1
0971104f6547968b9495b77bc23a6dac895292b3

SHA256
d00e0758a459837633a87f368383bff41aa6eac2f3577f58533c7fa98f6d781f

SHA512
2e5778369dc51e0422a6f55eb11e66c5fbe27377458927b3cb15d43b43e78ef6337a4923dd20bad0be8efcc67a88092bd512be4f5eac5cae58a288259b4d557a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe

Filesize
468KB

MD5
369ecfe0fbd42983a47e1b036443386c

SHA1
87474952bf1397f1775f720dc2533305ffd1deb8

SHA256
fd355fc7a8c1ac8a69e8933c3c9b91d57a7341c05ccc33ed22edd60353297ccb

SHA512
8e4a84f2b4d07e749571b0b119153b522da4d6db78f957f05df11679a3bb61cc27f19d9b4f6fc000b8990c8f34d11ea1a8e44fd8168fc3227c058d78063bc7d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16199.exe

Filesize
468KB

MD5
533f565fcd730c3a5bb90cbd7c3c1f51

SHA1
1513e39019a67de7c974f12eccaeee7ca1bf7a68

SHA256
0f5d0ba1ddf785f8666929bab98fb9ca5a742e9f5e81f95f62db2619f529c3f0

SHA512
6411aa3d024c57256d5067081c7c8c8bad5293320cf3ed48e10c32b32d4d9764bfa7a2ea85cb8565aa457d2f5f8e52e2ad00c1684569ae73656fae4773bbe632

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20820.exe

Filesize
468KB

MD5
bfb813767c3aacb61bc0f7b0d889cb9b

SHA1
9c5f54b5600e341d9c6a02b6a2203a53e70a8f2e

SHA256
63fa022aa1a59bec3ce6d82285c8ea08d68dd77aeb36ff6df6f5ccafd07fb955

SHA512
5a4519b35159b6fb19ba904d134ff7881158205c13a6e189d3f62d489f2db4bf362bba576b8c003caf22c01626583eee694c3de127fc4dfe9b9604e6209cf037

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23277.exe

Filesize
468KB

MD5
a0d9b5b073effdd065f685fa2566832d

SHA1
0d86c4278d50a9820f91c73e456f69b447e90fbc

SHA256
f04aeabe45156671fb9987df9807b21c0c5674111f197e1a893fc2b6b3b5daa1

SHA512
36a4e9c7c4da2eb97994726b6d37a535890e2e70d1aaec9b164a4fecf2bdbee0926cfacba236f8acae88aa048e7e8f75f7eb8ad0e8af32a19994701ffa576326

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32705.exe

Filesize
468KB

MD5
5668345af3923299a12e38972e68834a

SHA1
f8182940892476d9d54d525e50bb2c827dc55662

SHA256
2e61cfc9cc8e980f801e79dc3150cfb4478eac58ac7425398471149248db8ed8

SHA512
099e114a7befb4b40f144abc57bff1e5b15503bc14929f1ebe0532913b6e4512309a13b0141f8e21ebd64658096babed4c650d67fb51225cdd01b8d9255547b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34673.exe

Filesize
468KB

MD5
c27512172c56ab3980034af337d70aa6

SHA1
c5a755e1c1a787542bb9565c1d06316f2e78c402

SHA256
39b540081d6f9ca2e601cc340a64795828bae8079dd4ed1039ae2a40610ed53f

SHA512
f76db083c05b9091a9547dbae5b1393a56b22274c39dbf0ea429a9489a2462015b1542196865fd12ae82ef3491771d99c71773ba2abc4b38e5c69c60fd57d016

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34764.exe

Filesize
468KB

MD5
2bd3e3859e0c58f0c0333d25b7039d09

SHA1
2e92ecda20b4a99f28031137191ac2ba50d3992b

SHA256
830cd37e8d936a0eb02396a06d91f676e0b6ec81d30aa61a9321835ed001f8e6

SHA512
acd0a511f1fd953c37ab7a2fe5f2a2d0751169b3d8e7f90f9f33f0e15261dd12fb0ca9164188afc2e31706fd75f29f5803473e5d65e4c9f17b15893e6639debb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35123.exe

Filesize
468KB

MD5
09bc8ef30ae2fd779bf75d13e16dfec6

SHA1
fed1ca43652ba7ae3a6160a08508b6261a73164d

SHA256
045acc10676061875009fbd08524d15f6bb4bdd40511b674cbe678fc0b453253

SHA512
3c62d16f003f1de87ad952956d885e4543071840725a385ea72364e91f865bf1e41129152879950898b57c632d0fe9c261212d3473cf298efc253017e8ba3270

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35227.exe

Filesize
468KB

MD5
e731b5cd74de4eb258f6811c268d8ff2

SHA1
c89be6a26c22ace255d7daa333606ffce8cccdea

SHA256
447acdc92ead42ba006db8666d39ef6351ff7294264ddce3cdfe9d16c2461c24

SHA512
4fd86a41a931e6fa0c593751c36f5a5833c530c9dac79e4bfb7b44bd3e212ba1b9edcf3316928df9c64a57d5b935eb8bfd4fd0ad691c69ffdf5455630e86ef79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39203.exe

Filesize
468KB

MD5
b3cc2b1ad63e3607edd824a69dee78ef

SHA1
5a5711fb18b6ecdc7372059fb51099d1d2a4970d

SHA256
8bb3d0e38b394b519d82b8ae865b5611d06026f9eede5ecc822c807a3e56950d

SHA512
638f7626973f99a337f5397aa5c1e63fcbcdebf2072be92d07c6264eb733502e7c7f5ceb3c614e12795d4fbd81883fb2ea7d42e5baf0237336ea7341e9982a67

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40895.exe

Filesize
468KB

MD5
be82c30d069985130f6500b7208abdfb

SHA1
12f03b1b3174e8cbc83caae371c87d0bb0d03353

SHA256
810297fb96b28b5a0ac6730afbf997f92137c3f12cdbda1d20d4754b42d47536

SHA512
b8e68d3724c1003994404cf63e28c4bdc641a84cb51167141651ffa82cf86f7172326c06d769acc34f9454aa1197e6f61762cede625ae633836e7ea7a0f95418

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43.exe

Filesize
468KB

MD5
f0124974ec7c6f9824cc164292e678b3

SHA1
a1174b3d847772b44852aea39b2377ee5c97ca14

SHA256
836bc3b5a1dcfa715182e9885848b64959d75d3e9348626d0764024f9f0b8a56

SHA512
c2bd1b2972bac06baf0d3d37dcafb52a40992624511554586bdfa55e630670aaf1022f36062403ab4cd71c5f81a77a7ecf5447d3ab7dc2439248e2a96d85bf81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43531.exe

Filesize
468KB

MD5
215f5d2311639020611d136edb85222d

SHA1
74b5e52ceaea42e3248bd19bad23ac480af67fcb

SHA256
968828853717b398d183fd93b6901bdd6b1ab6412bd94809f0a89c3814b867e6

SHA512
d47c361a47a58afc8b1c6bd4a4c79d475f4df98bc7c278faa3796001bab8f5a026bff263f5cfcfeff98a5f5ccf07d85e589d5a92fca031c3af14b0f09447d22b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44979.exe

Filesize
468KB

MD5
145523748edf2c983e859d681f940bf2

SHA1
cb89bae3890d1d9e8c9d4c2779255dd72fe46134

SHA256
973cf3f723112d2d1a38f93a5b0123a2ccf9f038bbddede6710aa71e29bd6be8

SHA512
b8468116944bd88c4e9b04bab36981046e7cc8d26995493daea3dca4a57dc88ac7aeb932a81a5545ccd6e474754e45879d33d2535bbabe213555ab39e1e189e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45980.exe

Filesize
468KB

MD5
02c36b7518279354d29165c171c4ecf7

SHA1
774f6f6a61c024960316b6325e4b26384c69a22a

SHA256
1797ed4be7a88cfe53143ba5ba6ecd94978f8718cc4ca907c8feff5f6685d6c0

SHA512
25a8f2c206a7c1e02450aa0819668c335429b19e277c235c9143e326c65aed0e6213188b0dad0dcfe6d486795fc65bb9a1815247736a716dbb1884faae27b98a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50905.exe

Filesize
468KB

MD5
72fc9fdd5a4bc73379d577e1710b675f

SHA1
f68005da864b3d9d403ad41ec5d71c9ca48c5bf0

SHA256
fad7e9655f5a91d902169e60a87adf46f2c20665f0899e77b0c2da055e726843

SHA512
76363f31518955b7a17e39c69ace1e8f8002d53d2509d3da3dd1cc58cb425949f1fdd3781c2665eebbede5d7ae441fbb6ae9183fed990cff37b39cd65cb89ee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5470.exe

Filesize
468KB

MD5
0c4db4235af437a3b095615e4ed81c4c

SHA1
c77f91905e5a34a39a2cc28a3a66b34e2de4711b

SHA256
b674de5689614262b45796b230d4c86d63f6a00e69dd4bc416777b5c46fdcefd

SHA512
d12cf0b3bb9a9bfad300c8f3e2aaf561750f1068295c4c8d8e6ef5e4094807514eb7fb0e51c8c5c8444415f4c5e36cee31c406e0901ad28422e1cce63942da2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55761.exe

Filesize
468KB

MD5
b3901e1cfc6f74127ec98a7ad08a556f

SHA1
481712fbc0f91f22fd847ac72cfd7e7af8ebb7c9

SHA256
39e657327407d8d3e6fab919c595e30801bf86eb97df8a53fcd027a01feca970

SHA512
540b903bf7ce5ef0d618adc20bd70b619693af5c8c21950c0dc2d875a1229c8ff6e1fb91da9ef719e8a2c932549250a490f2702612e41201a5e72da42b820790

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56416.exe

Filesize
468KB

MD5
f539ada3cd6f682855c5095748bcbaad

SHA1
d069f7d4dc0471d4444078028e4839518f3eaacd

SHA256
7366e9276f84b7231b0d833c3aded5cd08bec54b73caeefa9c785d5daabf25ee

SHA512
31c66ccd6a056881922bf060748effb7d611c10b286045b24a4a243cc348d15e624f93dc7f1ac38f9cf30d10d465beb9179aec612092bfe57dc50753a1f4f335

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57807.exe

Filesize
468KB

MD5
a68537308758ace4318c534057b15ed3

SHA1
af4f3384f71ae0fdff25355edf4ab887a704e0b8

SHA256
57661dd30750e8584797cd783e99abf306a8a2262d7acf112ac4e3b537e526da

SHA512
3022703dee873685c5a04544be1d019a08289e0ffe981bcb543b78ae3f827bf8d2f13d47c77ead191548271fd0784517f00932a37dea9feaf2733436f347c2f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe

Filesize
468KB

MD5
c3a23a66f25bf9e4de5f5f7728450f1b

SHA1
a0ce1ffb447047b02bf272243a3769eb920305ff

SHA256
0331a4b99f733826eb09aeba9f4db2defc0eb2a5f1a056b52f938341f616a4c8

SHA512
07497d4b62c9444e3880e25c4c08bbff2a3d89177da13e9e55e8c5df5c9d4dbe1466dcd1364dc4f0c1bbdff57e33d611e96e40d92c6f64fbd499aace8caa8172

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61315.exe

Filesize
468KB

MD5
15ebc8a6e4be40f6c01524a70ca62206

SHA1
c2750cf841334d774675a4b17af792e7e144fc0a

SHA256
03971e561577deb327430bb3e2e302639d371a8b3e3f70c86fd05210b4cad17b

SHA512
895cf304b9db6b3b32eb70b7352367683e46a3b9763d27715c18a2815d2c53e18a044a0c007b7d4addc1a8c004eef317bd0ece48a5aa29a7547d29567715c633

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61356.exe

Filesize
468KB

MD5
8b3a9fa38865a11b2301b9c1dc84c6cb

SHA1
4191ba5d59f7af243903fcab37737350615d0b93

SHA256
bdb204d4e4182b4b15cd42fec4d20ddb3be2dd894b59eb83fa8a253b43fd8e95

SHA512
5dae145a66c6f51d5571893977c59666dc8bc6fab88faaf0ab9eb59aa8e64303bf6902b7e4bb7d60be3019db090c3db64850264d035e6787454c94f4421b42df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61870.exe

Filesize
468KB

MD5
b80f84f4961f96f5038ca190e2badefe

SHA1
4bba03bf4e944e54ee35946afe8ad4c1bd1e04b6

SHA256
9f8a2c8a14d3012104378d6f3fe0bc4d989da1e03f3fb1e2d5d0e5ff67da711b

SHA512
d028628c8cc6535e9718e9016a4d0f0301f89a9e8130a31cd22a470dc155b363bfcf1a3edd580125b15245a2006d66348382e9578d0073e4298636486837df4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62316.exe

Filesize
468KB

MD5
7abfc6d34e173cc2339959226a9cb4ec

SHA1
455b61c29d70d52aef09f55a647116bf4c6f5af7

SHA256
1dd3ef795312c3166a2534b1a0f9e10198a111903ac7cfae08e332158d95178a

SHA512
33ad99d80619ef790e04d8c9b1b2b710f7e81a6b2efa335a430b1105413eb4661eb96b929f6780ce50e04e02989f8e2c644efd100f58488d40506ad7140dcb19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62763.exe

Filesize
468KB

MD5
de6fcfd1573b5a3c6e1453d69aaa0cdb

SHA1
f959339fda761b6d7cb0c0bb04b4bc4e3dd362a1

SHA256
4e047f06e3d5e8d5e68db4eae3dd420bb692802e91924410babaa78b8b84d450

SHA512
2e92301680020ec08bf044c0283f7999e59435a84ab6e1b1613cf5c2ea64b1090e2d70386ca7c35d9de614b4f6350a9212b3c6699ae427f05d085f1f5c040037

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7646.exe

Filesize
468KB

MD5
94c181dd827157c4b6bb7df8020b789a

SHA1
c0a5226f65600d5d68eec0df11764f9bb4595db3

SHA256
6208be437366397a6a75327da251ab927cd212a0a753f9b0d7e9a49df366ecb9

SHA512
ab0aad306db82ad56d8ef75bc3470a6ba26a54c6fbcab05fde2cff0d1391ee3c0c98136aa1927e8ed19c95ffdd6226cbe504e4c9d393a106265667d332fb5a09

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8201.exe

Filesize
468KB

MD5
8cd2f8362efae68a801217929b9c3251

SHA1
18174b68c1eb2cab796935bba4da9c4790ba28c5

SHA256
9f4cceae8929120eff71a8abde6099549b8d47926ce847cc37c25134280347f1

SHA512
e7b2ff70877fd340ed9b92b82ae35864b2e8a3251dcad8c97c250eced09a17f45ee19dc6ab2c3f063a67ce889f499bd92e272122b834355ffdfa63d011dccb73

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8476.exe

Filesize
468KB

MD5
90a9a833908c5e9b37f2d45617507cf3

SHA1
ae4aaac4744d660beeba897abc82aad6d58ff967

SHA256
c15d9901ecff1d696d19f6accfe3340238a90fea86086a5ce629935a2a22dbf0

SHA512
7f4463f8a62e2b0aed759d4c124a9b60255cb20ad2ffa0a1a531836f8c6f4085eda18da842fc5214ce6e593a330db5dab3bc44972ed1eb82775ae42d6a644850

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads