2c8df7588cd74207221953d94b1f43d8e17425a9015d278f27d6ddb19f8b98a4

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 19:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c8df7588cd74207221953d94b1f43d8e17425a9015d278f27d6ddb19f8b98a4.exe
Size

468KB
MD5

64657d20db8f58a566436b7a5aaa5361
SHA1

26c750d370ab221de9df1de8b95dc2c5891862b0
SHA256

2c8df7588cd74207221953d94b1f43d8e17425a9015d278f27d6ddb19f8b98a4
SHA512

7dc3e841d7bf9456e9f14a38a5fb32e33cffa8e15f06e0f22c6740fdeeec620f0b4c5498b20ac5ba378271d7eca62182011ecebcb25af3f9b2dc898275dd9d4b
SSDEEP

3072:vnC6ov2uU35/MbYsPgt5wf8/E5ilLVXnlmHd8SjodvugofHuM7lp:vnbooJ/MfPM5wfY1MYdvD2HuM

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3536	Unicorn-4532.exe
116	Unicorn-40495.exe
2524	Unicorn-24713.exe
1176	Unicorn-21767.exe
996	Unicorn-21767.exe
4916	Unicorn-50447.exe
3556	Unicorn-36711.exe
1316	Unicorn-26811.exe
5116	Unicorn-29503.exe
4520	Unicorn-18643.exe
4632	Unicorn-30895.exe
4344	Unicorn-24764.exe
4460	Unicorn-39063.exe
2520	Unicorn-30630.exe
3284	Unicorn-11029.exe
3468	Unicorn-51097.exe
4004	Unicorn-55736.exe
1068	Unicorn-32623.exe
4492	Unicorn-50997.exe
3252	Unicorn-59073.exe
1416	Unicorn-20179.exe
4800	Unicorn-19913.exe
1772	Unicorn-51460.exe
3716	Unicorn-37069.exe
5072	Unicorn-5788.exe
1972	Unicorn-17278.exe
392	Unicorn-6343.exe
1744	Unicorn-24162.exe
4252	Unicorn-11024.exe
3776	Unicorn-38221.exe
3304	Unicorn-38221.exe
2908	Unicorn-38221.exe
4500	Unicorn-46390.exe
4776	Unicorn-54579.exe
428	Unicorn-44273.exe
3184	Unicorn-34058.exe
2904	Unicorn-44828.exe
1440	Unicorn-7324.exe
5104	Unicorn-31829.exe
5112	Unicorn-54387.exe
1728	Unicorn-43816.exe
3552	Unicorn-46774.exe
2712	Unicorn-1102.exe
2940	Unicorn-4921.exe
3828	Unicorn-52255.exe
4840	Unicorn-61185.exe
2600	Unicorn-2425.exe
3120	Unicorn-34543.exe
1700	Unicorn-7900.exe
3832	Unicorn-7900.exe
4568	Unicorn-7900.exe
4132	Unicorn-31013.exe
1360	Unicorn-50879.exe
4448	Unicorn-29497.exe
3348	Unicorn-48833.exe
3240	Unicorn-18106.exe
4420	Unicorn-3716.exe
3232	Unicorn-24429.exe
2472	Unicorn-16815.exe
980	Unicorn-29089.exe
4552	Unicorn-10614.exe
2388	Unicorn-8568.exe
220	Unicorn-14698.exe
768	Unicorn-35211.exe

Program crash 5 IoCs

pid	pid_target	Process	procid_target
5836	980	WerFault.exe	153
6124	768	WerFault.exe	157
6636	5336	WerFault.exe	183
7512	5924	WerFault.exe	207
11704	7020	WerFault.exe	269

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7506.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65344.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40657.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31589.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15740.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45077.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28708.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24240.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44548.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53875.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24240.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5616.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52265.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13295.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52994.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6394.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14405.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29066.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13053.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40139.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33381.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16104.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49613.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15574.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32066.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54579.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43861.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29668.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19389.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10671.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4965.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18374.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	1888	dwm.exe
Token: SeChangeNotifyPrivilege	1888	dwm.exe
Token: 33	1888	dwm.exe
Token: SeIncBasePriorityPrivilege	1888	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2952	2c8df7588cd74207221953d94b1f43d8e17425a9015d278f27d6ddb19f8b98a4.exe
3536	Unicorn-4532.exe
2524	Unicorn-24713.exe
116	Unicorn-40495.exe
996	Unicorn-21767.exe
4916	Unicorn-50447.exe
3556	Unicorn-36711.exe
1176	Unicorn-21767.exe
1316	Unicorn-26811.exe
5116	Unicorn-29503.exe
4632	Unicorn-30895.exe
4344	Unicorn-24764.exe
4460	Unicorn-39063.exe
3284	Unicorn-11029.exe
4520	Unicorn-18643.exe
2520	Unicorn-30630.exe
3468	Unicorn-51097.exe
4004	Unicorn-55736.exe
1068	Unicorn-32623.exe
4492	Unicorn-50997.exe
3252	Unicorn-59073.exe
1416	Unicorn-20179.exe
4800	Unicorn-19913.exe
1744	Unicorn-24162.exe
5072	Unicorn-5788.exe
3716	Unicorn-37069.exe
392	Unicorn-6343.exe
1972	Unicorn-17278.exe
4252	Unicorn-11024.exe
2908	Unicorn-38221.exe
3776	Unicorn-38221.exe
3304	Unicorn-38221.exe
4500	Unicorn-46390.exe
428	Unicorn-44273.exe
4776	Unicorn-54579.exe
2904	Unicorn-44828.exe
3184	Unicorn-34058.exe
1440	Unicorn-7324.exe
5104	Unicorn-31829.exe
3552	Unicorn-46774.exe
1728	Unicorn-43816.exe
2940	Unicorn-4921.exe
5112	Unicorn-54387.exe
2712	Unicorn-1102.exe
4840	Unicorn-61185.exe
3828	Unicorn-52255.exe
2600	Unicorn-2425.exe
3120	Unicorn-34543.exe
4420	Unicorn-3716.exe
1700	Unicorn-7900.exe
4132	Unicorn-31013.exe
3832	Unicorn-7900.exe
4448	Unicorn-29497.exe
4568	Unicorn-7900.exe
1360	Unicorn-50879.exe
3240	Unicorn-18106.exe
3348	Unicorn-48833.exe
3232	Unicorn-24429.exe
2472	Unicorn-16815.exe
980	Unicorn-29089.exe
4552	Unicorn-10614.exe
2388	Unicorn-8568.exe
220	Unicorn-14698.exe
4452	Unicorn-26951.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 3536	2952	2c8df7588cd74207221953d94b1f43d8e17425a9015d278f27d6ddb19f8b98a4.exe	91
PID 2952 wrote to memory of 3536	2952	2c8df7588cd74207221953d94b1f43d8e17425a9015d278f27d6ddb19f8b98a4.exe	91
PID 2952 wrote to memory of 3536	2952	2c8df7588cd74207221953d94b1f43d8e17425a9015d278f27d6ddb19f8b98a4.exe	91
PID 3536 wrote to memory of 116	3536	Unicorn-4532.exe	93
PID 3536 wrote to memory of 116	3536	Unicorn-4532.exe	93
PID 3536 wrote to memory of 116	3536	Unicorn-4532.exe	93
PID 2952 wrote to memory of 2524	2952	2c8df7588cd74207221953d94b1f43d8e17425a9015d278f27d6ddb19f8b98a4.exe	94
PID 2952 wrote to memory of 2524	2952	2c8df7588cd74207221953d94b1f43d8e17425a9015d278f27d6ddb19f8b98a4.exe	94
PID 2952 wrote to memory of 2524	2952	2c8df7588cd74207221953d94b1f43d8e17425a9015d278f27d6ddb19f8b98a4.exe	94
PID 116 wrote to memory of 1176	116	Unicorn-40495.exe	96
PID 116 wrote to memory of 1176	116	Unicorn-40495.exe	96
PID 116 wrote to memory of 1176	116	Unicorn-40495.exe	96
PID 2524 wrote to memory of 996	2524	Unicorn-24713.exe	97
PID 2524 wrote to memory of 996	2524	Unicorn-24713.exe	97
PID 2524 wrote to memory of 996	2524	Unicorn-24713.exe	97
PID 2952 wrote to memory of 4916	2952	2c8df7588cd74207221953d94b1f43d8e17425a9015d278f27d6ddb19f8b98a4.exe	98
PID 2952 wrote to memory of 4916	2952	2c8df7588cd74207221953d94b1f43d8e17425a9015d278f27d6ddb19f8b98a4.exe	98
PID 2952 wrote to memory of 4916	2952	2c8df7588cd74207221953d94b1f43d8e17425a9015d278f27d6ddb19f8b98a4.exe	98
PID 3536 wrote to memory of 3556	3536	Unicorn-4532.exe	99
PID 3536 wrote to memory of 3556	3536	Unicorn-4532.exe	99
PID 3536 wrote to memory of 3556	3536	Unicorn-4532.exe	99
PID 996 wrote to memory of 1316	996	Unicorn-21767.exe	101
PID 996 wrote to memory of 1316	996	Unicorn-21767.exe	101
PID 996 wrote to memory of 1316	996	Unicorn-21767.exe	101
PID 2524 wrote to memory of 5116	2524	Unicorn-24713.exe	102
PID 2524 wrote to memory of 5116	2524	Unicorn-24713.exe	102
PID 2524 wrote to memory of 5116	2524	Unicorn-24713.exe	102
PID 4916 wrote to memory of 4520	4916	Unicorn-50447.exe	103
PID 4916 wrote to memory of 4520	4916	Unicorn-50447.exe	103
PID 4916 wrote to memory of 4520	4916	Unicorn-50447.exe	103
PID 3536 wrote to memory of 4344	3536	Unicorn-4532.exe	104
PID 3536 wrote to memory of 4344	3536	Unicorn-4532.exe	104
PID 3536 wrote to memory of 4344	3536	Unicorn-4532.exe	104
PID 1176 wrote to memory of 4632	1176	Unicorn-21767.exe	105
PID 1176 wrote to memory of 4632	1176	Unicorn-21767.exe	105
PID 1176 wrote to memory of 4632	1176	Unicorn-21767.exe	105
PID 3556 wrote to memory of 4460	3556	Unicorn-36711.exe	106
PID 3556 wrote to memory of 4460	3556	Unicorn-36711.exe	106
PID 3556 wrote to memory of 4460	3556	Unicorn-36711.exe	106
PID 2952 wrote to memory of 2520	2952	2c8df7588cd74207221953d94b1f43d8e17425a9015d278f27d6ddb19f8b98a4.exe	107
PID 2952 wrote to memory of 2520	2952	2c8df7588cd74207221953d94b1f43d8e17425a9015d278f27d6ddb19f8b98a4.exe	107
PID 2952 wrote to memory of 2520	2952	2c8df7588cd74207221953d94b1f43d8e17425a9015d278f27d6ddb19f8b98a4.exe	107
PID 116 wrote to memory of 3284	116	Unicorn-40495.exe	108
PID 116 wrote to memory of 3284	116	Unicorn-40495.exe	108
PID 116 wrote to memory of 3284	116	Unicorn-40495.exe	108
PID 1316 wrote to memory of 3468	1316	Unicorn-26811.exe	109
PID 1316 wrote to memory of 3468	1316	Unicorn-26811.exe	109
PID 1316 wrote to memory of 3468	1316	Unicorn-26811.exe	109
PID 996 wrote to memory of 4004	996	Unicorn-21767.exe	110
PID 996 wrote to memory of 4004	996	Unicorn-21767.exe	110
PID 996 wrote to memory of 4004	996	Unicorn-21767.exe	110
PID 5116 wrote to memory of 1068	5116	Unicorn-29503.exe	111
PID 5116 wrote to memory of 1068	5116	Unicorn-29503.exe	111
PID 5116 wrote to memory of 1068	5116	Unicorn-29503.exe	111
PID 2524 wrote to memory of 4492	2524	Unicorn-24713.exe	112
PID 2524 wrote to memory of 4492	2524	Unicorn-24713.exe	112
PID 2524 wrote to memory of 4492	2524	Unicorn-24713.exe	112
PID 4344 wrote to memory of 3252	4344	Unicorn-24764.exe	113
PID 4344 wrote to memory of 3252	4344	Unicorn-24764.exe	113
PID 4344 wrote to memory of 3252	4344	Unicorn-24764.exe	113
PID 3536 wrote to memory of 4800	3536	Unicorn-4532.exe	114
PID 3536 wrote to memory of 4800	3536	Unicorn-4532.exe	114
PID 3536 wrote to memory of 4800	3536	Unicorn-4532.exe	114
PID 4632 wrote to memory of 1416	4632	Unicorn-30895.exe	115

C:\Users\Admin\AppData\Local\Temp\2c8df7588cd74207221953d94b1f43d8e17425a9015d278f27d6ddb19f8b98a4.exe
"C:\Users\Admin\AppData\Local\Temp\2c8df7588cd74207221953d94b1f43d8e17425a9015d278f27d6ddb19f8b98a4.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4532.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4532.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40495.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40495.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21767.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30895.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20179.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61185.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9400.exe
        8⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56245.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56349.exe
        10⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        10⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        10⤵
        
        PID:15660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe
        10⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        9⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50585.exe
        9⤵
        
        PID:12788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        9⤵
        
        PID:14936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56006.exe
        8⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57620.exe
        9⤵
        
        PID:11296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41981.exe
        9⤵
        
        PID:14968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28672.exe
        9⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
        8⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41266.exe
        8⤵
        
        PID:13500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        8⤵
        
        PID:17184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
        8⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
        7⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40267.exe
        8⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
        9⤵
        
        PID:12752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1323.exe
        9⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33333.exe
        8⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12320.exe
        8⤵
        
        PID:15240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48395.exe
        8⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12730.exe
        7⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
        7⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52803.exe
        7⤵
        
        PID:14612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5160.exe
        7⤵
        
        PID:8948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2425.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5124.exe
        7⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
        8⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24253.exe
        9⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55516.exe
        9⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        9⤵
        
        PID:15620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
        9⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4771.exe
        8⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62837.exe
        8⤵
        
        PID:12880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        8⤵
        
        PID:15336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38070.exe
        8⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14973.exe
        7⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16801.exe
        8⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6455.exe
        8⤵
        
        PID:15848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
        8⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
        7⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41266.exe
        7⤵
        
        PID:13476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        7⤵
        
        PID:17008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15313.exe
        7⤵
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28158.exe
        6⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2166.exe
        7⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18171.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60342.exe
        8⤵
        
        PID:14680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43045.exe
        8⤵
        
        PID:18376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55698.exe
        8⤵
        
        PID:18136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
        7⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53875.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53212.exe
        7⤵
        
        PID:17176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39042.exe
        6⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6712.exe
        7⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61904.exe
        7⤵
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8138.exe
        7⤵
        
        PID:17496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        6⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8857.exe
        6⤵
        
        PID:13332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16872.exe
        6⤵
        
        PID:16928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54812.exe
        6⤵
        
        PID:7332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51460.exe
        5⤵
        Executes dropped EXE
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7900.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62685.exe
        7⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19297.exe
        8⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17661.exe
        9⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14370.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23351.exe
        9⤵
        
        PID:16932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24210.exe
        9⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        8⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52299.exe
        9⤵
        
        PID:16948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58272.exe
        9⤵
        
        PID:17812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5818.exe
        8⤵
        
        PID:11896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35786.exe
        8⤵
        
        PID:15628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
        8⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53868.exe
        7⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50677.exe
        8⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47347.exe
        8⤵
        
        PID:17144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6881.exe
        8⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13628.exe
        7⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51572.exe
        7⤵
        
        PID:13556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        7⤵
        
        PID:17128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26413.exe
        7⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50796.exe
        6⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53697.exe
        7⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45581.exe
        8⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25889.exe
        8⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61509.exe
        8⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31003.exe
        7⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5634.exe
        7⤵
        
        PID:13464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25008.exe
        7⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        7⤵
        
        PID:8060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        6⤵
        
        PID:7748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29774.exe
        6⤵
        
        PID:11168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55133.exe
        6⤵
        
        PID:15124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6146.exe
        6⤵
        
        PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48833.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37557.exe
        6⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17455.exe
        7⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        7⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13295.exe
        7⤵
        
        PID:9744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1978.exe
        6⤵
        
        PID:8328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28054.exe
        6⤵
        
        PID:12432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
        6⤵
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47409.exe
        6⤵
        
        PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34024.exe
        5⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57542.exe
        6⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3020.exe
        7⤵
        
        PID:14152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25251.exe
        7⤵
        
        PID:16712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56055.exe
        7⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-774.exe
        6⤵
        
        PID:11008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63798.exe
        6⤵
        
        PID:15144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19807.exe
        6⤵
        
        PID:17872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15192.exe
        5⤵
        
        PID:7704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46975.exe
        5⤵
        
        PID:10976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55663.exe
        5⤵
        
        PID:15136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51423.exe
        5⤵
        
        PID:9072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10614.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        7⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34045.exe
        8⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6354.exe
        9⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
        9⤵
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        9⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48682.exe
        9⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2031.exe
        8⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10896.exe
        8⤵
        
        PID:13356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53212.exe
        8⤵
        
        PID:17044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40017.exe
        8⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11247.exe
        7⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57457.exe
        8⤵
        
        PID:14652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10643.exe
        8⤵
        
        PID:17960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
        8⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61049.exe
        7⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49792.exe
        7⤵
        
        PID:15100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46257.exe
        7⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39503.exe
        6⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1564.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61993.exe
        8⤵
        
        PID:18364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        7⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27206.exe
        7⤵
        
        PID:15196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44511.exe
        7⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62123.exe
        6⤵
        
        PID:8440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12067.exe
        6⤵
        
        PID:11620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35480.exe
        6⤵
        
        PID:15524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35211.exe
        5⤵
        Executes dropped EXE
        
        PID:768
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 720
        6⤵
        Program crash
        
        PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20977.exe
        5⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
        6⤵
        
        PID:8904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        6⤵
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59206.exe
        6⤵
        
        PID:7216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64715.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27357.exe
        5⤵
        
        PID:12448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16104.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7324.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25197.exe
        6⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48269.exe
        7⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56795.exe
        8⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14888.exe
        9⤵
        
        PID:13840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35749.exe
        9⤵
        
        PID:16916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34648.exe
        9⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2005.exe
        8⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57933.exe
        8⤵
        
        PID:15060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48595.exe
        8⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52472.exe
        7⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41013.exe
        7⤵
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43047.exe
        7⤵
        
        PID:16268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13585.exe
        7⤵
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19249.exe
        6⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29297.exe
        7⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23035.exe
        7⤵
        
        PID:13160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52993.exe
        7⤵
        
        PID:16748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59206.exe
        7⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
        6⤵
        
        PID:9524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50996.exe
        6⤵
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        6⤵
        
        PID:17168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26413.exe
        6⤵
        
        PID:8732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53126.exe
        5⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56245.exe
        6⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45503.exe
        7⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23306.exe
        7⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        7⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63753.exe
        7⤵
        
        PID:8824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43089.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52339.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5206.exe
        6⤵
        
        PID:8368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
        6⤵
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8837.exe
        6⤵
        
        PID:13044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        6⤵
        
        PID:15544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10965.exe
        6⤵
        
        PID:9324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
        5⤵
        
        PID:10532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
        5⤵
        
        PID:17584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
        5⤵
        
        PID:32
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43816.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23791.exe
        5⤵
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
        6⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26775.exe
        7⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
        7⤵
        
        PID:12860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        7⤵
        
        PID:14532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29824.exe
        7⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60962.exe
        6⤵
        
        PID:9312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59713.exe
        6⤵
        
        PID:13024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18785.exe
        6⤵
        
        PID:17548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42949.exe
        6⤵
        
        PID:17412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1543.exe
        5⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7506.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36553.exe
        6⤵
        
        PID:10216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11001.exe
        6⤵
        
        PID:17728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56346.exe
        6⤵
        
        PID:10080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55237.exe
        5⤵
        
        PID:9272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11307.exe
        5⤵
        
        PID:13964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36762.exe
        5⤵
        
        PID:17640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59278.exe
        5⤵
        
        PID:1188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63869.exe
      4⤵
      PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33469.exe
        5⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39393.exe
        6⤵
        
        PID:13920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35749.exe
        6⤵
        
        PID:16908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62853.exe
        6⤵
        
        PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        5⤵
        
        PID:10700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        5⤵
        
        PID:14660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19807.exe
        5⤵
        
        PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9155.exe
      4⤵
      PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14888.exe
        5⤵
        
        PID:13848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35749.exe
        5⤵
        
        PID:16840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28426.exe
        5⤵
        
        PID:6488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36413.exe
      4⤵
      PID:11856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6120.exe
      4⤵
      PID:15636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46415.exe
      4⤵
      PID:16444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36711.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36711.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39063.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14698.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9976.exe
        7⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49613.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23057.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25251.exe
        9⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58385.exe
        9⤵
        
        PID:17076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10391.exe
        8⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63003.exe
        8⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25008.exe
        8⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27380.exe
        8⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26923.exe
        8⤵
        
        PID:14988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10938.exe
        8⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34214.exe
        7⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63798.exe
        7⤵
        
        PID:15092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7555.exe
        7⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
        6⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
        7⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26893.exe
        7⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20985.exe
        7⤵
        
        PID:16292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12798.exe
        7⤵
        
        PID:9576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
        6⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11141.exe
        6⤵
        
        PID:11812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
        6⤵
        
        PID:15648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20820.exe
        5⤵
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65399.exe
        6⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27029.exe
        7⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43477.exe
        8⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3077.exe
        8⤵
        
        PID:16704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
        8⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23306.exe
        7⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        7⤵
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22669.exe
        6⤵
        
        PID:9148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1987.exe
        6⤵
        
        PID:13192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6036.exe
        6⤵
        
        PID:17624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20593.exe
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46681.exe
        6⤵
        
        PID:7768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        6⤵
        
        PID:11144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27206.exe
        6⤵
        
        PID:14108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44511.exe
        6⤵
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        5⤵
        
        PID:7904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        6⤵
        
        PID:14244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
        6⤵
        
        PID:18332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29038.exe
        6⤵
        
        PID:17576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
        5⤵
        
        PID:11768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5092.exe
        5⤵
        
        PID:15600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
        5⤵
        
        PID:780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42073.exe
        6⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11678.exe
        7⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        7⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14405.exe
        7⤵
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40245.exe
        7⤵
        
        PID:17544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21753.exe
        7⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58502.exe
        6⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38683.exe
        6⤵
        
        PID:10812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        6⤵
        
        PID:14668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40227.exe
        6⤵
        
        PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16561.exe
        5⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        6⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
        7⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23724.exe
        7⤵
        
        PID:13764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8287.exe
        7⤵
        
        PID:16720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5206.exe
        7⤵
        
        PID:9292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59784.exe
        6⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17310.exe
        6⤵
        
        PID:14128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-887.exe
        6⤵
        
        PID:18276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55019.exe
        6⤵
        
        PID:17052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29511.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        5⤵
        
        PID:7672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29774.exe
        5⤵
        
        PID:11160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24406.exe
        5⤵
        
        PID:15280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18974.exe
        5⤵
        
        PID:8504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3716.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5124.exe
        5⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11678.exe
        6⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
        7⤵
        
        PID:14904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44607.exe
        7⤵
        
        PID:18108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
        7⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        6⤵
        
        PID:10724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        6⤵
        
        PID:14552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48395.exe
        6⤵
        
        PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36405.exe
        5⤵
        
        PID:9160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56061.exe
        6⤵
        
        PID:15348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63316.exe
        6⤵
        
        PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58204.exe
        5⤵
        
        PID:11800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
        5⤵
        
        PID:16348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61800.exe
        5⤵
        
        PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34024.exe
      4⤵
      PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60111.exe
        5⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31391.exe
        6⤵
        
        PID:14992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16584.exe
        6⤵
        
        PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        5⤵
        
        PID:10732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2153.exe
        5⤵
        
        PID:14400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
        5⤵
        
        PID:18324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19807.exe
        5⤵
        
        PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52333.exe
      4⤵
      PID:8180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19347.exe
      4⤵
      PID:10832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53333.exe
      4⤵
      PID:14288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54054.exe
      4⤵
      PID:18420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46545.exe
      4⤵
      PID:18192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24764.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24764.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59073.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54387.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55923.exe
        6⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50023.exe
        7⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20260.exe
        8⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34084.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
        8⤵
        
        PID:16356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9091.exe
        8⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48004.exe
        7⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24100.exe
        7⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8759.exe
        7⤵
        
        PID:15368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10094.exe
        7⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21753.exe
        7⤵
        
        PID:1284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41615.exe
        6⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41165.exe
        7⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
        7⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        7⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21463.exe
        7⤵
        
        PID:9684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
        6⤵
        
        PID:9816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3026.exe
        6⤵
        
        PID:14348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51338.exe
        6⤵
        
        PID:17820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57495.exe
        6⤵
        
        PID:18276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52934.exe
        5⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39717.exe
        6⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7506.exe
        7⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12843.exe
        7⤵
        
        PID:15412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42173.exe
        7⤵
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27905.exe
        6⤵
        
        PID:9064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        6⤵
        
        PID:13032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        6⤵
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27764.exe
        6⤵
        
        PID:9844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
        5⤵
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60023.exe
        6⤵
        
        PID:7516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23035.exe
        6⤵
        
        PID:13136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        6⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58028.exe
        6⤵
        
        PID:9256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56250.exe
        5⤵
        
        PID:10192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53597.exe
        5⤵
        
        PID:14064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19651.exe
        5⤵
        
        PID:16872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46774.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48295.exe
        5⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13266.exe
        6⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56349.exe
        7⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        7⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        7⤵
        
        PID:16288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10965.exe
        7⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        6⤵
        
        PID:8780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50585.exe
        6⤵
        
        PID:12764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        6⤵
        
        PID:15192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64521.exe
        6⤵
        
        PID:18296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60090.exe
        5⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19245.exe
        6⤵
        
        PID:8144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60142.exe
        6⤵
        
        PID:11592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38281.exe
        6⤵
        
        PID:15516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46736.exe
        6⤵
        
        PID:18256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32320.exe
        5⤵
        
        PID:9184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58204.exe
        5⤵
        
        PID:11788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
        5⤵
        
        PID:15292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32827.exe
        5⤵
        
        PID:9328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50141.exe
      4⤵
      PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
        5⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31191.exe
        6⤵
        
        PID:12160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
        6⤵
        
        PID:15716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53533.exe
        6⤵
        
        PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33333.exe
        5⤵
        
        PID:9440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11472.exe
        5⤵
        
        PID:14320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13139.exe
        5⤵
        
        PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54618.exe
        5⤵
        
        PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18019.exe
      4⤵
      PID:8108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14694.exe
      4⤵
      PID:10588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36267.exe
      4⤵
      PID:14592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6380.exe
      4⤵
      PID:5960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19913.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1102.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29581.exe
        5⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
        6⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57501.exe
        7⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
        7⤵
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        7⤵
        
        PID:15552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21002.exe
        6⤵
        
        PID:10496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5661.exe
        6⤵
        
        PID:14120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12176.exe
        6⤵
        
        PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40551.exe
        5⤵
        
        PID:7616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12384.exe
        6⤵
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
        6⤵
        
        PID:12812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        6⤵
        
        PID:15164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59206.exe
        6⤵
        
        PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
        5⤵
        
        PID:10508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45997.exe
        5⤵
        
        PID:14000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47983.exe
        5⤵
        
        PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6691.exe
        5⤵
        
        PID:9540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22207.exe
      4⤵
      PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38155.exe
        5⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28337.exe
        6⤵
        
        PID:8888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
        6⤵
        
        PID:12820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        6⤵
        
        PID:14472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18941.exe
        6⤵
        
        PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54548.exe
        5⤵
        
        PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        5⤵
        
        PID:13100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5765.exe
        5⤵
        
        PID:15924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53063.exe
        5⤵
        
        PID:7940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33176.exe
      4⤵
      PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38207.exe
        5⤵
        
        PID:9796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44198.exe
        5⤵
        
        PID:15168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63482.exe
        5⤵
        
        PID:5552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48466.exe
      4⤵
      PID:9648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25392.exe
      4⤵
      PID:13316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65344.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36463.exe
      4⤵
      PID:9232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25737.exe
      4⤵
      PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
        5⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        6⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        6⤵
        
        PID:11152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27206.exe
        6⤵
        
        PID:15184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13784.exe
        6⤵
        
        PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19799.exe
        5⤵
        
        PID:7208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35885.exe
        6⤵
        
        PID:13860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
        6⤵
        
        PID:17500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55863.exe
        6⤵
        
        PID:18384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47235.exe
        5⤵
        
        PID:11628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44146.exe
        5⤵
        
        PID:15532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34396.exe
        5⤵
        
        PID:15408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25279.exe
      4⤵
      PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33381.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23035.exe
        5⤵
        
        PID:13152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4176.exe
        5⤵
        
        PID:548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe
        5⤵
        
        PID:6340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
      4⤵
      PID:9808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29668.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51338.exe
      4⤵
      PID:17716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49166.exe
      4⤵
      PID:7140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41111.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41111.exe
    3⤵
    PID:5336
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 480
      4⤵
      Program crash
      PID:6636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61249.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61249.exe
    3⤵
    PID:7020
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 724
      4⤵
      Program crash
      PID:11704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57502.exe
    3⤵
    PID:9748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47297.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47297.exe
    3⤵
    PID:13364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22411.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22411.exe
    3⤵
    PID:17216
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24713.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24713.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21767.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21767.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51097.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11024.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24429.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65015.exe
        8⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17133.exe
        9⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13728.exe
        10⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40139.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47347.exe
        10⤵
        
        PID:17112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64250.exe
        10⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33333.exe
        9⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52505.exe
        9⤵
        
        PID:13428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37068.exe
        9⤵
        
        PID:18092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10276.exe
        9⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63956.exe
        8⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34598.exe
        8⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14405.exe
        8⤵
        
        PID:14764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9518.exe
        8⤵
        
        PID:16260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36719.exe
        8⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63432.exe
        7⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 720
        8⤵
        Program crash
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8070.exe
        7⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8090.exe
        8⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17083.exe
        8⤵
        
        PID:14832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56055.exe
        8⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40464.exe
        7⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10400.exe
        7⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59623.exe
        7⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16815.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34289.exe
        7⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10718.exe
        8⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33381.exe
        9⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23035.exe
        9⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        9⤵
        
        PID:14548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41309.exe
        8⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17310.exe
        8⤵
        
        PID:14136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12755.exe
        8⤵
        
        PID:16832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8714.exe
        8⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe
        7⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15740.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33072.exe
        7⤵
        
        PID:15232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
        7⤵
        
        PID:18352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53632.exe
        7⤵
        
        PID:9876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11630.exe
        6⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7594.exe
        7⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23031.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30871.exe
        8⤵
        
        PID:18104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45749.exe
        8⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46930.exe
        7⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33236.exe
        7⤵
        
        PID:15224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17868.exe
        7⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exe
        6⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18563.exe
        7⤵
        
        PID:14748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
        7⤵
        
        PID:17996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
        7⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30428.exe
        6⤵
        
        PID:11428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45077.exe
        6⤵
        
        PID:17020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35352.exe
        6⤵
        
        PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46390.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26951.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
        7⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62379.exe
        8⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        8⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        8⤵
        
        PID:15176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
        8⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53972.exe
        7⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50585.exe
        7⤵
        
        PID:12796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        7⤵
        
        PID:15308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64671.exe
        6⤵
        
        PID:7304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41258.exe
        6⤵
        
        PID:10384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        6⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47028.exe
        6⤵
        
        PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51547.exe
        5⤵
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61315.exe
        6⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60111.exe
        7⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14888.exe
        8⤵
        
        PID:13876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35749.exe
        8⤵
        
        PID:16848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1784.exe
        8⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31963.exe
        7⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25862.exe
        7⤵
        
        PID:13424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
        7⤵
        
        PID:18160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10276.exe
        7⤵
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41397.exe
        6⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3872.exe
        6⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2153.exe
        6⤵
        
        PID:14208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62786.exe
        6⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53266.exe
        5⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27278.exe
        6⤵
        
        PID:9356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56913.exe
        6⤵
        
        PID:12956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6029.exe
        6⤵
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65051.exe
        6⤵
        
        PID:8716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        5⤵
        
        PID:7632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
        5⤵
        
        PID:11372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
        5⤵
        
        PID:15916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40048.exe
        5⤵
        
        PID:17832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55736.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54579.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4392.exe
        6⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55093.exe
        7⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
        8⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
        9⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32739.exe
        9⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39563.exe
        9⤵
        
        PID:17840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40514.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
        8⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20627.exe
        8⤵
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
        8⤵
        
        PID:18312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42173.exe
        8⤵
        
        PID:18124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26815.exe
        7⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26842.exe
        7⤵
        
        PID:12172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29066.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3471.exe
        7⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27635.exe
        6⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24123.exe
        7⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe
        7⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4072.exe
        7⤵
        
        PID:14836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54817.exe
        7⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60177.exe
        6⤵
        
        PID:8276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45316.exe
        6⤵
        
        PID:12116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14676.exe
        6⤵
        
        PID:15740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
        6⤵
        
        PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37771.exe
        6⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33381.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23035.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52993.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29440.exe
        7⤵
        
        PID:372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        6⤵
        
        PID:8864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
        6⤵
        
        PID:13008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4011.exe
        6⤵
        
        PID:17268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49363.exe
        6⤵
        
        PID:9340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63519.exe
        5⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18013.exe
        6⤵
        
        PID:12528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4639.exe
        6⤵
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5100.exe
        6⤵
        
        PID:9288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21631.exe
        5⤵
        
        PID:9828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8096.exe
        5⤵
        
        PID:13372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28011.exe
        5⤵
        
        PID:17152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34058.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37065.exe
        5⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7044.exe
        6⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
        7⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
        7⤵
        
        PID:12564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        7⤵
        
        PID:14588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46736.exe
        7⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        6⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
        6⤵
        
        PID:13000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36876.exe
        6⤵
        
        PID:16876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4630.exe
        6⤵
        
        PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49784.exe
        5⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57501.exe
        6⤵
        
        PID:8220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
        6⤵
        
        PID:12836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        6⤵
        
        PID:16280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
        5⤵
        
        PID:9728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16761.exe
        5⤵
        
        PID:13396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        5⤵
        
        PID:17160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15531.exe
        5⤵
        
        PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35238.exe
      4⤵
      PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62275.exe
        5⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58933.exe
        6⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3430.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4639.exe
        7⤵
        
        PID:14540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31934.exe
        7⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        6⤵
        
        PID:11136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57933.exe
        6⤵
        
        PID:15052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50472.exe
        6⤵
        
        PID:18072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6192.exe
        6⤵
        
        PID:7860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17277.exe
        5⤵
        
        PID:7660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34406.exe
        5⤵
        
        PID:11380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39486.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52480.exe
        5⤵
        
        PID:5040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
      4⤵
      PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6499.exe
        5⤵
        
        PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52121.exe
        5⤵
        
        PID:14096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44852.exe
        5⤵
        
        PID:16732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59830.exe
      4⤵
      PID:9972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43437.exe
      4⤵
      PID:13380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23546.exe
      4⤵
      PID:17088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29503.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29503.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32623.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31611.exe
        6⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26313.exe
        7⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32051.exe
        8⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27478.exe
        8⤵
        
        PID:12312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43517.exe
        8⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54687.exe
        7⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33508.exe
        7⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
        7⤵
        
        PID:15588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29511.exe
        7⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46681.exe
        7⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49068.exe
        7⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57933.exe
        7⤵
        
        PID:15068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50472.exe
        7⤵
        
        PID:18128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
        7⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33534.exe
        6⤵
        
        PID:8196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6421.exe
        6⤵
        
        PID:12152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49487.exe
        6⤵
        
        PID:15756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64732.exe
        6⤵
        
        PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19913.exe
        5⤵
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29795.exe
        6⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46681.exe
        7⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36815.exe
        7⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27206.exe
        7⤵
        
        PID:15248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23883.exe
        6⤵
        
        PID:8224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34982.exe
        6⤵
        
        PID:11868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13227.exe
        6⤵
        
        PID:15592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7754.exe
        6⤵
        
        PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19389.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52047.exe
        6⤵
        
        PID:9484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33533.exe
        6⤵
        
        PID:12892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64067.exe
        6⤵
        
        PID:17800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48682.exe
        6⤵
        
        PID:10596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4606.exe
        5⤵
        
        PID:10024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16065.exe
        5⤵
        
        PID:13484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45077.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44828.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35695.exe
        5⤵
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
        6⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
        7⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62698.exe
        7⤵
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47347.exe
        7⤵
        
        PID:17060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
        6⤵
        
        PID:10036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41266.exe
        6⤵
        
        PID:13600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        6⤵
        
        PID:17096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
        6⤵
        
        PID:10684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64174.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49857.exe
        6⤵
        
        PID:12136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4639.exe
        6⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        6⤵
        
        PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
        5⤵
        
        PID:10060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41266.exe
        5⤵
        
        PID:13508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        5⤵
        
        PID:16996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64183.exe
      4⤵
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
        5⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52265.exe
        6⤵
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        6⤵
        
        PID:10432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        6⤵
        
        PID:15344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33551.exe
        5⤵
        
        PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50585.exe
        5⤵
        
        PID:12772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        5⤵
        
        PID:15484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
        5⤵
        
        PID:7152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
      4⤵
      PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27517.exe
        5⤵
        
        PID:10884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55874.exe
        5⤵
        
        PID:14872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55122.exe
        5⤵
        
        PID:7136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12966.exe
      4⤵
      PID:9756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57098.exe
      4⤵
      PID:13388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45077.exe
      4⤵
      PID:17120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50997.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50997.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31829.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21113.exe
        5⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50023.exe
        6⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52265.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        7⤵
        
        PID:11048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        7⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59206.exe
        7⤵
        
        PID:7468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2825.exe
        6⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50585.exe
        6⤵
        
        PID:12740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
        5⤵
        
        PID:7344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2636.exe
        6⤵
        
        PID:13708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33611.exe
        6⤵
        
        PID:17204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7430.exe
        6⤵
        
        PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41258.exe
        5⤵
        
        PID:10392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47149.exe
        5⤵
        
        PID:15028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57293.exe
        5⤵
        
        PID:6424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42819.exe
      4⤵
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15404.exe
        5⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46043.exe
        6⤵
        
        PID:9044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        6⤵
        
        PID:10688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        6⤵
        
        PID:14600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6881.exe
        6⤵
        
        PID:9376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        5⤵
        
        PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50585.exe
        5⤵
        
        PID:12780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        5⤵
        
        PID:14584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49363.exe
        5⤵
        
        PID:9344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12372.exe
      4⤵
      PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4216.exe
        5⤵
        
        PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
        5⤵
        
        PID:12844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        5⤵
        
        PID:16380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
      4⤵
      PID:10516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45997.exe
      4⤵
      PID:14268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
      4⤵
      PID:17592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37900.exe
      4⤵
      PID:4544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4921.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4921.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56224.exe
      4⤵
      PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20260.exe
        5⤵
        
        PID:8772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9579.exe
        5⤵
        
        PID:12412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
        5⤵
        
        PID:16376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47985.exe
        5⤵
        
        PID:18000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31012.exe
      4⤵
      PID:7576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21495.exe
        5⤵
        
        PID:13896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40025.exe
        5⤵
        
        PID:18112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42817.exe
        5⤵
        
        PID:10736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
      4⤵
      PID:11388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-94.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-94.exe
      4⤵
      PID:15396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64475.exe
      4⤵
      PID:6416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57647.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
      4⤵
      PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        5⤵
        
        PID:7820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
        6⤵
        
        PID:13804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35749.exe
        6⤵
        
        PID:16856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45749.exe
        6⤵
        
        PID:18120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        5⤵
        
        PID:8808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55603.exe
        5⤵
        
        PID:14648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13784.exe
        5⤵
        
        PID:5292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44304.exe
      4⤵
      PID:8744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23441.exe
        5⤵
        
        PID:14200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19797.exe
        5⤵
        
        PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11514.exe
        5⤵
        
        PID:17988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6394.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45490.exe
      4⤵
      PID:14688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32066.exe
      4⤵
      PID:5308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60520.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60520.exe
    3⤵
    PID:7108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44455.exe
      4⤵
      PID:9636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15635.exe
      4⤵
      PID:12392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47347.exe
      4⤵
      PID:17136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13295.exe
      4⤵
      PID:9364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11358.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11358.exe
    3⤵
    PID:10140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32596.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32596.exe
    3⤵
    PID:13820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20349.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20349.exe
    3⤵
    PID:16864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50447.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50447.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18643.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18643.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29089.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:980
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 720
        6⤵
        Program crash
        
        PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55840.exe
        5⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22971.exe
        6⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31003.exe
        6⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5634.exe
        6⤵
        
        PID:13516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25008.exe
        6⤵
        
        PID:17460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32066.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        5⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19797.exe
        6⤵
        
        PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21605.exe
        5⤵
        
        PID:11208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55133.exe
        5⤵
        
        PID:15152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28513.exe
        5⤵
        
        PID:1824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8568.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32727.exe
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29385.exe
        6⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58474.exe
        7⤵
        
        PID:17580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29825.exe
        6⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6018.exe
        6⤵
        
        PID:14260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13139.exe
        6⤵
        
        PID:432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46257.exe
        6⤵
        
        PID:18144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10671.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38683.exe
        5⤵
        
        PID:10792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2153.exe
        5⤵
        
        PID:14380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13585.exe
        5⤵
        
        PID:2200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
      4⤵
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        5⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2005.exe
        5⤵
        
        PID:11216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27206.exe
        5⤵
        
        PID:15208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
        5⤵
        
        PID:5764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51155.exe
      4⤵
      PID:8332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62527.exe
        5⤵
        
        PID:14056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33803.exe
        5⤵
        
        PID:18216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47146.exe
        5⤵
        
        PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
      4⤵
      PID:11608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36011.exe
      4⤵
      PID:15500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37069.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37069.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7900.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1040.exe
        5⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
        6⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30641.exe
        7⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
        7⤵
        
        PID:13856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39563.exe
        7⤵
        
        PID:17652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33333.exe
        6⤵
        
        PID:9492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11472.exe
        6⤵
        
        PID:14008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13139.exe
        6⤵
        
        PID:16992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42173.exe
        6⤵
        
        PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63956.exe
        5⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2776.exe
        6⤵
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63316.exe
        6⤵
        
        PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17494.exe
        5⤵
        
        PID:10448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14405.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29921.exe
        5⤵
        
        PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62175.exe
      4⤵
      PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        5⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
        6⤵
        
        PID:13736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33611.exe
        6⤵
        
        PID:17196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56055.exe
        6⤵
        
        PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15627.exe
        5⤵
        
        PID:11056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57933.exe
        5⤵
        
        PID:15076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54817.exe
        5⤵
        
        PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-505.exe
      4⤵
      PID:8284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21876.exe
      4⤵
      PID:11584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20289.exe
      4⤵
      PID:15380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18106.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18106.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37557.exe
      4⤵
      PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        5⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30641.exe
        6⤵
        
        PID:8968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
        6⤵
        
        PID:13988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39563.exe
        6⤵
        
        PID:17676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10965.exe
        6⤵
        
        PID:9228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe
        5⤵
        
        PID:10864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4072.exe
        5⤵
        
        PID:14852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5616.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37619.exe
      4⤵
      PID:8232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45316.exe
      4⤵
      PID:12060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55709.exe
      4⤵
      PID:15688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15723.exe
      4⤵
      PID:2488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34024.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34024.exe
    3⤵
    PID:5796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58741.exe
      4⤵
      PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25405.exe
        5⤵
        
        PID:9504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
        5⤵
        
        PID:12080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10782.exe
        5⤵
        
        PID:17980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6883.exe
      4⤵
      PID:9848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48613.exe
      4⤵
      PID:13348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25008.exe
      4⤵
      PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5206.exe
      4⤵
      PID:17572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40657.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40657.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-873.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:10916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53333.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53333.exe
    3⤵
    PID:14716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30427.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30427.exe
    3⤵
    PID:6516
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30630.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30630.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5788.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5788.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34543.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56271.exe
        5⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17133.exe
        6⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49507.exe
        7⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
        7⤵
        
        PID:17692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6691.exe
        6⤵
        
        PID:9928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3304.exe
        6⤵
        
        PID:14220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4971.exe
        6⤵
        
        PID:18356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42173.exe
        6⤵
        
        PID:18316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exe
        5⤵
        
        PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34598.exe
        5⤵
        
        PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        5⤵
        
        PID:14636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50534.exe
        5⤵
        
        PID:6192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47288.exe
      4⤵
      PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33469.exe
        5⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28119.exe
        6⤵
        
        PID:9548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
        6⤵
        
        PID:10908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23226.exe
        6⤵
        
        PID:17536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58028.exe
        6⤵
        
        PID:9348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33333.exe
        5⤵
        
        PID:9724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        5⤵
        
        PID:13420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13139.exe
        5⤵
        
        PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40227.exe
        5⤵
        
        PID:6412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55133.exe
      4⤵
      PID:5836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44548.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5740.exe
      4⤵
      PID:14604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59239.exe
      4⤵
      PID:5004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31013.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31013.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5124.exe
      4⤵
      PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6826.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61585.exe
        6⤵
        
        PID:980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
        6⤵
        
        PID:12828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        6⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13295.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21002.exe
        5⤵
        
        PID:10524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5661.exe
        5⤵
        
        PID:14184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47453.exe
        5⤵
        
        PID:17456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12176.exe
        5⤵
        
        PID:7088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53650.exe
      4⤵
      PID:8148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3872.exe
      4⤵
      PID:11548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12320.exe
      4⤵
      PID:16300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
      4⤵
      PID:7424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61023.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61023.exe
    3⤵
    PID:5692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10718.exe
      4⤵
      PID:6876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41117.exe
      4⤵
      PID:9948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63003.exe
      4⤵
      PID:13456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25008.exe
      4⤵
      PID:17416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32066.exe
      4⤵
      PID:9956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23858.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23858.exe
    3⤵
    PID:7696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63511.exe
    3⤵
    PID:10996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7871.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7871.exe
    3⤵
    PID:15264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15342.exe
    3⤵
    PID:5968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17278.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17278.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7900.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9208.exe
      4⤵
      PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5456.exe
        5⤵
        
        PID:7244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18781.exe
        6⤵
        
        PID:12636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54608.exe
        6⤵
        
        PID:17512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42817.exe
        6⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21657.exe
        5⤵
        
        PID:10424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10102.exe
        5⤵
        
        PID:13344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56118.exe
        5⤵
        
        PID:17580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54618.exe
        5⤵
        
        PID:17712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
      4⤵
      PID:4040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38683.exe
      4⤵
      PID:10776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
      4⤵
      PID:14632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
      4⤵
      PID:6644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62175.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62175.exe
    3⤵
    PID:5432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20260.exe
      4⤵
      PID:8784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24624.exe
      4⤵
      PID:12596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28011.exe
      4⤵
      PID:17028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61958.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61958.exe
    3⤵
    PID:8252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1456.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1456.exe
    3⤵
    PID:11692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10777.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10777.exe
    3⤵
    PID:15560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32254.exe
    3⤵
    PID:18292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29497.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29497.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7838.exe
    3⤵
    PID:5584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
      4⤵
      PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
        5⤵
        
        PID:9712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36553.exe
        5⤵
        
        PID:14228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11001.exe
        5⤵
        
        PID:17636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51494.exe
        5⤵
        
        PID:17620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10775.exe
      4⤵
      PID:9224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5442.exe
      4⤵
      PID:13976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45428.exe
      4⤵
      PID:17664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26815.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26815.exe
    3⤵
    PID:7916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50551.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50551.exe
    3⤵
    PID:5148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33072.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33072.exe
    3⤵
    PID:15324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11447.exe
    3⤵
    PID:7404
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44363.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44363.exe
  2⤵
  PID:5744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
    3⤵
    PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47195.exe
      4⤵
      PID:7900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
      4⤵
      PID:12852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
      4⤵
      PID:15584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13103.exe
      4⤵
      PID:17532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51040.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51040.exe
    3⤵
    PID:10084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35401.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35401.exe
    3⤵
    PID:13468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53212.exe
    3⤵
    PID:17080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42949.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42949.exe
    3⤵
    PID:8756
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
  2⤵
  PID:7664
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37175.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37175.exe
  2⤵
  PID:10984
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
  2⤵
  PID:15300
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
  2⤵
  PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 980 -ip 980
1⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 768 -ip 768
1⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 5336 -ip 5336
1⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5924 -ip 5924
1⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 7020 -ip 7020
1⤵
PID:10908

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11024.exe

Filesize
468KB

MD5
68bb326be521fcbf3a1d38646d50eaa4

SHA1
2a31813e3370365674e83b25e35993ed057f0749

SHA256
0834cd542ab4151fcf6d83ffd7208bc73cc015231faf286c6e301959d2ba5e52

SHA512
b6bdf1df25e9ed040e6fb3f4b8c0f3f7384300f5c4c3cffdb917a2b6e6fc471d88e754ccd154279cd680fa2ae15d1c3a61b7e6f46cf4b0e5a655bcfb70038a3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe

Filesize
468KB

MD5
a4cc0ccaad810851173a470269953268

SHA1
ecd8e88cee48a9acb850859e34b216199ecfad55

SHA256
5582b8a7e9cbc1ac20edd91a5964191e0f0269e8b8307e21953e6eea55590143

SHA512
acf9efb5f46f956d192f4fa8a7a927240be546605a419fc8daf7adbf6d43417e9fd2c3832cb8a6bd73a720325de56abc2c1c3b80f93c5619bc1f68e96dbc9d6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17278.exe

Filesize
468KB

MD5
0e052aca5fc2197905b02721d410b444

SHA1
b5445b8b86bbe0c30fcab2c054894c559d8a9e1f

SHA256
9bd1815a450c0fb0372bf668c8c114331b5e5fd32afb6481a8aa9ad29e551ef1

SHA512
0231f64e2c5865e4deb0fa4115d4905da6c7350e5db75bbb3a84685cc89e376c448054b9924d13e70bdd4fb65bf9860249a0924fd988e401b9731c7b38ce87b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18643.exe

Filesize
468KB

MD5
97390893dc64799ab9a08db6adcc5d09

SHA1
6ecde39fcb854390eb73244a79f860e2ea36e201

SHA256
4e0044e55ed53c639b8b8106532c760ea65fe06e5a1337f226f92288554bd41c

SHA512
7551e8317870f46b9d4fd03dc6ddb77c6020788a826ecdae131619ba21dc7a28053e273ab5ae98f288e0dd4c578a30a3aa8b029c190e02ebccdd033d89f34ddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19913.exe

Filesize
468KB

MD5
af433ab2d0a4725c916288aeae343e4a

SHA1
669be64f6bac2fa53e9ab48943c42d9e3678f933

SHA256
d5cdc76883ab41eb207c206f1820a4552ed58c337922d31ce15e88fed40a1898

SHA512
44cb6e2b0a93c482149327201be1bb0a9acd6bb05219adfeb9c5db3af1ef7bc23711d48ae8bcc62ee960c26a2c1d9719bbca8d9169d4f04b17ecce7281032c5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20179.exe

Filesize
468KB

MD5
543a3d000a24fff36b6aa129a2a027c6

SHA1
a169111121437d38b620e9553dcd611cb92fab34

SHA256
bd65411f873d77bee7878540f7690fa9ee4f0bcde27b57ac006880d23c0a7db1

SHA512
5d6fd030b23539ba3dd0424640da75df221be50c02320f7ef3d1ef421c435a4d7e50fd8cd08198ca07c7b453a637a3174936e7ccf28f28a772d05c2b9df335af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21767.exe

Filesize
468KB

MD5
54bfb5b66f53614edac845548dc75ba1

SHA1
25fabf04514f7ac4f0a4a586e321db71296b6204

SHA256
ca2c993f58d573d271f631213f753f5459b6236145f734415036a512c4030f0b

SHA512
34e4547ce212a4d52af5a7386b59ee36f5bf47bac167bd9aa4146e0f3e733cb6e5afef1f3088790bdc52bbc54e45a5f96e0ac5f79c4760138887aebb713fc7ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe

Filesize
468KB

MD5
b98d40b15faa97cafe93b257bc0c5809

SHA1
d80ff1b015029d045b9c87ffcc09983bdd9142fd

SHA256
045f5bbac7f1f6d873e6ad06c4bab97566ad8201e0955ed871ca177d778baf35

SHA512
03406b38ebb767a5aba2ef14174bd0e6e5f8fee484c1c58d5c9827ad90c61777548cc8920ed1d550c2a6345dc1e81f3d56c54080a47989e73f4c1a4ab09d484b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24713.exe

Filesize
468KB

MD5
5adfffd17f1b93e5c0b5b74b3abd43a4

SHA1
6e71a24173610716c9f9909f277a9b02b6748bb4

SHA256
2b6f3fe6875f93c2cab6baee49257064e929f9673a5f1c3ca257dea48a4cea09

SHA512
c508e8a7e8eb144ba37c186b4b83114b531cc04e55768ac9b82fe75ff3042edf8228158b354fa63a3c1402db8a55f6b456ece49965d610cdc9ed80a3185bf42c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24764.exe

Filesize
468KB

MD5
75e89683b742837e5db0c69dcb130885

SHA1
086ec4c7dbdb87ecba948f6a5b275b04de3b087e

SHA256
3eaa57297c516095a94537c2c98977aac8da337e08726b0a9d7304e53d129a53

SHA512
a0f332f96bdb99c95fb3b983b601d80f3049e448c7a2a0fbaacb1b5f7955edced4ec51ba43dbd8c0dbeb9cb81256f40fa9c7017c6fbf56fd4fde3932953db671

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe

Filesize
468KB

MD5
424591c7d2b1aff7206d6f8ce3c0ab97

SHA1
cadcce7d3d96664f09e7e7c40ea19ec010b98916

SHA256
fb54c66e2027e7c4ef87084f64619e9444e98a5bb37a09007435adfe315174f6

SHA512
8f84faf2fa85b84fceb3ed1b11e61b22e0ca3a53b6d7eb5d5f74caff0c205353e3dfa6dfac01605d1307566c2e6d447858372c46ca072eb228d6fb6aa4d7c4d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29503.exe

Filesize
468KB

MD5
c1f2cc6da05895d8f38b3c02e01f1288

SHA1
5feb180a1229a1022dfaded0420c53a791a72113

SHA256
0527a90c0005bfc25c73bb0f5c53109fff0097a7960be09bd680bcde5fd6fc07

SHA512
d8d14fd8b8d155034ccc0af310dc77d77aace82a7a95b6dc9a0f6b37062e3149569dc8a523c523b624a5cd6f2eb98c404148c5e1b79ade80c5127968b5d57b51

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30630.exe

Filesize
468KB

MD5
873d22b554d20961a018d1823b831a2d

SHA1
e8cd01add8e411bd720cbdb0728d0d349841eca5

SHA256
2fafd98f7a574d6b6c3312677b0bac385bdffd1c5e4a31a8625c7ed8441b4cbe

SHA512
0bf53ef31b40e2ecc17025b3f677137d2cde464da85304c4286b10a7d2cd01f6f38c5ee4ae2283996187eafdb20d5bfd561511906df1b73203d0a61faa7f0bfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30895.exe

Filesize
468KB

MD5
0821a15e456546d12cdc9ac477c499e9

SHA1
1766b9dfbabfe73155e5fa8f7297af86df2fd676

SHA256
6319de30073fd83d546e9ae3a8bae676100e32ee340f1a346e3f30a8efaf8758

SHA512
a591833c47cc639b39387c776921dcc5c89b6a0bb819c26d2866b5f1eb0b0afb4356b7111ef45059dedb5f5e0448a0baf1190d5291242ab6df35d2af2f659223

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe

Filesize
468KB

MD5
da9b61cdc72113105162dc7c9618552e

SHA1
cba1ca291c9524689288d2a77b28f7fb2ede9cf7

SHA256
ff03d162698d3097750bf598ff636573f5941a0003d5dcc0052098f54f37afbb

SHA512
2d4807bdd16b7dd32a656cf0e262d60f115d50a519c3775d30e8997abac5530174a70c10d99394b5200ee179eecd1b7424de6e31e7f1b70fbcb2beec1c940c31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32623.exe

Filesize
468KB

MD5
22d6cff37addfbfc69354dbde407787b

SHA1
509a2d89ce84f70b72bfe825353d95bf8588a651

SHA256
279f647b0540e8f3739dc8d12620ad333b4a7a654e06c4528f85397c6feaff88

SHA512
52073361734fc73b16d649398c6b0c8bbfcaafa59f7e0d81549efdca244d5d8d9b11b57fc66abe21cb118b281b161cbd111f33d9881a94aa914873f3ca1b5d3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36711.exe

Filesize
468KB

MD5
60baad229e603e33bae44767e9c4d1a6

SHA1
06a22b4c6eb68422ddb57b675e61a56418bc1d22

SHA256
b6ade9d4a56ca2023c29e7a379e2e8b9651cd191aaeb6bf82f6327e45ba7a7dd

SHA512
559c04488cf4eb7392cf4a5d635990fd5870d529b1ba10268579776b423d57c82ac114a1b20447299dbc6dac00b8bbb60ba34023581ffda5c4d2125dab225254

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37069.exe

Filesize
468KB

MD5
803b9bfd39814e76015e6e3b61d50b16

SHA1
4e1a6a26957586e377dea1f91027469032b0dad7

SHA256
686e49b2ecdb8e5b6de7ff1f7c832a1446fd751c0ce7375ad1354d7e27c7ad0b

SHA512
a2d9e9b4e093b4af7a9ee16c747e8a81f0b75280b3d5e1d5067a51dd1e0ab37e1f39d7104fcf093f84cc021a8a7f66e0ce3e384ffdc00e48d17a8bd64cc847c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe

Filesize
468KB

MD5
1d735cc63307bfefcebce6e86b58f153

SHA1
73b720e69054376df72dfc260ac2c5f3d4dda1b7

SHA256
6a801dcba08ad9ac2fd984b9e3c6f97ca366fc11480031ed706c008895f643af

SHA512
3a5ff3dc68308c3c08e6a2e941a89bbb3ae0317cfe844dd155b441bb1c4d08dc33ba837c073bd0ed0a9b3624c916478c0528ea13171b94f783364c292a31c7a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39063.exe

Filesize
468KB

MD5
75eab781ded7b20ee87c23094edfec8c

SHA1
b9f2195e6906640d8f99eed54e3e1d5eb518ce08

SHA256
71ac71cf246f4102caf02cd202bf32fd04479f5a16ff898bbb151c893146dfe1

SHA512
53b1200dea65dbed071d7bef07d23b4d3fdead23ff6d5d4b9eb8e48ff1fe65e8266f27a15a4eaf46bc7a2bac1c91f41fbccd684ce9e349160d159018b5edbb26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40495.exe

Filesize
468KB

MD5
610bf8a39b4d0dc03fc50c9562ae29b6

SHA1
13418532ae98411e19d088b92d36eb6e8c9ef3b9

SHA256
39723770c00511f96dccdca9c6ea78b9b931d1888ee6a5a3f5a8b6201469b366

SHA512
0356f0d5a77050add7f73f199a9831bef1fec5bbf960304b5634a36d429b3631a72e168d65f4266b15ef3e6f6380467d497287aa821a66f36cda549468e6f40e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4532.exe

Filesize
468KB

MD5
c6191ba0284a4f37b1da241af9cb99bd

SHA1
4758d6fc56fbc6e47a73cc4b620fb5af65564957

SHA256
839a570419fdd820731bed288233bfe23d186aad8222a51b99a2aaacf78253a3

SHA512
910b9438543910e3027953cb4817e0545e0720dc07621e527c0232c8223ca5045c83c732c6aec52bf24f776d952b824595d1fe2c47033c05b64bdab7ecd2277f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46390.exe

Filesize
468KB

MD5
81c1334a6016973cdbf8c8590d82806f

SHA1
11dcfe1909fc5b7ab309c3a5db37d9cd0a48ba81

SHA256
35ba3a30c112db33e65c95290172734ac2f936cf184959114fced261b041220d

SHA512
341dbdf2df48df4a3201d53265fd26b5eb8d0a0b6f0431e93c2cbedad1963a700f05e760fdfc82100939572c5d4ad02b1a782a2a4f2e0b0d472bceebc17960e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50447.exe

Filesize
468KB

MD5
2c15affc444a6fbcc6e815aef50d3322

SHA1
8efd58431dc98ba493d98f3b457b4b36c8902899

SHA256
be53398dde1108cf14b5ef4067d43462fdeb97e4cdc4ec5f2561d0aef53767f7

SHA512
850c26b1697813546c66cc79544297d32b75ca17329ba8414e19372432fa3dcc188df38523acdb9321e002aa35b95779f1a42beb9da5165e9e765ddd43c87669

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50997.exe

Filesize
468KB

MD5
8a5805cbc0bf8e86118ece645833a2f4

SHA1
901508302c877407b49fdaef52fca9e16d607826

SHA256
e3f9c5a8e77078cdb6d48ebda5bcb72fc6551dacb45291ab4322a157842c8439

SHA512
8a8bbdb4e079a40b81ab68b428e407b0f5a13687e8597b93669bc3f2685feb96ac4fc740a7222b7bccab2cb1e601ee65c5fbcbd1282b4228609a24e3ec707384

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51097.exe

Filesize
468KB

MD5
07b06307ee7a3e606725ba91cf2066de

SHA1
493cef4845bcdb2ba842de107e58ba7fb5756c28

SHA256
73bc8deaad17958ec6f3720bf59972d6e677b2d3287a941a75250d8f7990ebcb

SHA512
20e90953121e4a358894c2754d8df840cd30e5e0148cb650ada91268837502ce8ed8ae7c0dc64d7e6cf294e00d54ef1c0b545877102c1f34e812d4e28dabfc86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51460.exe

Filesize
468KB

MD5
cfb9fb5d4c54130559f155b1e616d723

SHA1
1f2305de13e2244abd04e922e0f6a2e586daf04e

SHA256
426e1b6af4c66d1a6003585d2053ce5ca00aadb43032054f0777958a8bad1368

SHA512
4d5942d43eae60ddc3f12422d3054acd6d10e9857495a0fa9cd05a0d33baf56c1e63a98fa8643e6a6c19beb1350fd246e8d48fb1e98012882ba66ebdb2e8ddb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55736.exe

Filesize
468KB

MD5
bdb8534db6f6a41d2a010caa752a9e7e

SHA1
30f3ec2f00fd491e174c79e4b5246319e8df5552

SHA256
ca26949ff555f340dc284d57ef3739bc5a86caf0e19782968da4e9855e53da32

SHA512
06befaba4dad2ea28fea734f0fecdcc801faab34d2d54ee0cd1136bbb37552ec0280cbba40deb3d522f6f13edba427da589ae083e63f234368d957ecd36745a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5788.exe

Filesize
468KB

MD5
ef829a4877b68143ea11c30db90cdbe4

SHA1
fbd59747817e5f8ddf109735a81bc1743c07c24b

SHA256
c4fe0d39a3b8ba211da62f5ce3066abdafd240bccb19ff0a39a57745791bcc99

SHA512
dd636843e1c3f995719e5d955be25d6d3ece94c90e42482f332cd76052212ce9c0ab963a6b989b04e80629ee369c3ab0ec6dcd73dd27a983257273b130e701b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59073.exe

Filesize
468KB

MD5
73e59571bee2a243c131c8de90717f3f

SHA1
bc049cf3c1523779497c4cb5f2bc2b3d230215c9

SHA256
34979fb157e67edf5c07721b584d65b9647de1836666572cb3cdbdf151a0ef69

SHA512
7a221c96dbf1e5e4942da020902b6d6a8b3de9f2f564b7f203f67d404f59b0157a93bc80f82e3eceb16b0b135b646314614a8926a4eef6362dde30123ce6e78c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe

Filesize
468KB

MD5
07eb491b98e377e66df2fbfcfdc9b3d2

SHA1
1b0865a7cb03e24178cc3bca5b37d21d18967ad1

SHA256
13f5127a228b18b044711e06da7d27fac800e30f6cd01ddb3f3d2d69aa19438c

SHA512
09cefec9091f4973d0ca1dd8bcbc8c9511bc377e13faa0256a5a79877253f1c34325387c92cdf9141ad2291488d98e87f6919aa79e69d4e7c436a41ea10b25a1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads