a2210d3b5027a32bf758b6511b209ba0d44ae20606faeeb24d444cf8b3cf8280

Analysis

max time kernel
119s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 01:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a2210d3b5027a32bf758b6511b209ba0d44ae20606faeeb24d444cf8b3cf8280N.exe
Size

468KB
MD5

b68dec7e33c0ccc0478c893f7b619e70
SHA1

7d838aa794567a4fdc8cd3da6d0ad37736f522d9
SHA256

a2210d3b5027a32bf758b6511b209ba0d44ae20606faeeb24d444cf8b3cf8280
SHA512

bfa9259e26064a09b90311c5a84512fc6e8446b97f1934bd218d8bbdaa52522cfb690728e93bd97d142e5e5aa8ef760200d6b18d59ef33a651d6284387edaf05
SSDEEP

3072:EYgtogIyb45B9bYtPzqjQf8/ECObZnpsnmHhQEhA97gMMnaIHdkN:EYqok4B9iP+jQfhphQ97h+aIH

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1112	Unicorn-60939.exe
820	Unicorn-23601.exe
1100	Unicorn-43467.exe
2504	Unicorn-5517.exe
2116	Unicorn-3441.exe
2060	Unicorn-8039.exe
2164	Unicorn-347.exe
748	Unicorn-12941.exe
4672	Unicorn-58805.exe
2780	Unicorn-60715.exe
772	Unicorn-10829.exe
2656	Unicorn-57269.exe
1472	Unicorn-11597.exe
652	Unicorn-5467.exe
1256	Unicorn-11332.exe
1148	Unicorn-37867.exe
1636	Unicorn-53902.exe
4900	Unicorn-18577.exe
4564	Unicorn-32504.exe
1516	Unicorn-18350.exe
1840	Unicorn-60457.exe
3848	Unicorn-3850.exe
1872	Unicorn-49714.exe
2352	Unicorn-52366.exe
1532	Unicorn-52558.exe
4188	Unicorn-37099.exe
2764	Unicorn-37099.exe
1400	Unicorn-3092.exe
4424	Unicorn-36340.exe
1656	Unicorn-55941.exe
4572	Unicorn-50076.exe
2684	Unicorn-53329.exe
532	Unicorn-31735.exe
1984	Unicorn-64232.exe
4476	Unicorn-38777.exe
4316	Unicorn-62696.exe
716	Unicorn-62696.exe
2672	Unicorn-49250.exe
1016	Unicorn-49515.exe
3056	Unicorn-49515.exe
3104	Unicorn-57880.exe
2704	Unicorn-32520.exe
3276	Unicorn-32520.exe
2304	Unicorn-58648.exe
1508	Unicorn-32712.exe
5000	Unicorn-46417.exe
2044	Unicorn-53048.exe
212	Unicorn-231.exe
1604	Unicorn-57128.exe
1116	Unicorn-57320.exe
3452	Unicorn-20433.exe
4624	Unicorn-40299.exe
740	Unicorn-40299.exe
4048	Unicorn-40299.exe
4708	Unicorn-48966.exe
4252	Unicorn-38030.exe
432	Unicorn-48664.exe
5052	Unicorn-2862.exe
3956	Unicorn-16375.exe
516	Unicorn-30110.exe
2608	Unicorn-35976.exe
3536	Unicorn-35665.exe
4128	Unicorn-65135.exe
2820	Unicorn-20424.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
8096	5068	WerFault.exe	239
12804	6516	WerFault.exe	251
9184	4448	Process not Found	1108

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36519.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9711.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19563.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64744.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60453.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23761.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37378.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40380.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1407.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44508.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3946.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1407.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61936.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31409.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19534.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58844.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60493.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9903.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19191.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8334.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65023.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55091.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14736.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36945.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15454.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1238.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37570.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57651.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38138.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49007.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47155.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16664	dwm.exe
Token: SeChangeNotifyPrivilege	16664	dwm.exe
Token: 33	16664	dwm.exe
Token: SeIncBasePriorityPrivilege	16664	dwm.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
5704	sihost.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3256	a2210d3b5027a32bf758b6511b209ba0d44ae20606faeeb24d444cf8b3cf8280N.exe
1112	Unicorn-60939.exe
1100	Unicorn-43467.exe
820	Unicorn-23601.exe
2504	Unicorn-5517.exe
2116	Unicorn-3441.exe
2060	Unicorn-8039.exe
2164	Unicorn-347.exe
748	Unicorn-12941.exe
4672	Unicorn-58805.exe
2780	Unicorn-60715.exe
1256	Unicorn-11332.exe
2656	Unicorn-57269.exe
1472	Unicorn-11597.exe
772	Unicorn-10829.exe
652	Unicorn-5467.exe
1148	Unicorn-37867.exe
4900	Unicorn-18577.exe
1636	Unicorn-53902.exe
4564	Unicorn-32504.exe
1516	Unicorn-18350.exe
1872	Unicorn-49714.exe
1656	Unicorn-55941.exe
3848	Unicorn-3850.exe
1840	Unicorn-60457.exe
2352	Unicorn-52366.exe
1400	Unicorn-3092.exe
4424	Unicorn-36340.exe
2764	Unicorn-37099.exe
4188	Unicorn-37099.exe
1532	Unicorn-52558.exe
4572	Unicorn-50076.exe
2684	Unicorn-53329.exe
532	Unicorn-31735.exe
1984	Unicorn-64232.exe
4476	Unicorn-38777.exe
4316	Unicorn-62696.exe
716	Unicorn-62696.exe
1016	Unicorn-49515.exe
3056	Unicorn-49515.exe
2672	Unicorn-49250.exe
3104	Unicorn-57880.exe
2704	Unicorn-32520.exe
2044	Unicorn-53048.exe
1508	Unicorn-32712.exe
5000	Unicorn-46417.exe
1604	Unicorn-57128.exe
3276	Unicorn-32520.exe
2304	Unicorn-58648.exe
212	Unicorn-231.exe
3452	Unicorn-20433.exe
1116	Unicorn-57320.exe
4048	Unicorn-40299.exe
740	Unicorn-40299.exe
2608	Unicorn-35976.exe
432	Unicorn-48664.exe
4624	Unicorn-40299.exe
4252	Unicorn-38030.exe
516	Unicorn-30110.exe
3956	Unicorn-16375.exe
5052	Unicorn-2862.exe
4708	Unicorn-48966.exe
4128	Unicorn-65135.exe
3536	Unicorn-35665.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3256 wrote to memory of 1112	3256	a2210d3b5027a32bf758b6511b209ba0d44ae20606faeeb24d444cf8b3cf8280N.exe	82
PID 3256 wrote to memory of 1112	3256	a2210d3b5027a32bf758b6511b209ba0d44ae20606faeeb24d444cf8b3cf8280N.exe	82
PID 3256 wrote to memory of 1112	3256	a2210d3b5027a32bf758b6511b209ba0d44ae20606faeeb24d444cf8b3cf8280N.exe	82
PID 3256 wrote to memory of 820	3256	a2210d3b5027a32bf758b6511b209ba0d44ae20606faeeb24d444cf8b3cf8280N.exe	84
PID 3256 wrote to memory of 820	3256	a2210d3b5027a32bf758b6511b209ba0d44ae20606faeeb24d444cf8b3cf8280N.exe	84
PID 3256 wrote to memory of 820	3256	a2210d3b5027a32bf758b6511b209ba0d44ae20606faeeb24d444cf8b3cf8280N.exe	84
PID 1112 wrote to memory of 1100	1112	Unicorn-60939.exe	83
PID 1112 wrote to memory of 1100	1112	Unicorn-60939.exe	83
PID 1112 wrote to memory of 1100	1112	Unicorn-60939.exe	83
PID 1100 wrote to memory of 2504	1100	Unicorn-43467.exe	85
PID 1100 wrote to memory of 2504	1100	Unicorn-43467.exe	85
PID 1100 wrote to memory of 2504	1100	Unicorn-43467.exe	85
PID 1112 wrote to memory of 2116	1112	Unicorn-60939.exe	86
PID 1112 wrote to memory of 2116	1112	Unicorn-60939.exe	86
PID 1112 wrote to memory of 2116	1112	Unicorn-60939.exe	86
PID 820 wrote to memory of 2060	820	Unicorn-23601.exe	87
PID 820 wrote to memory of 2060	820	Unicorn-23601.exe	87
PID 820 wrote to memory of 2060	820	Unicorn-23601.exe	87
PID 3256 wrote to memory of 2164	3256	a2210d3b5027a32bf758b6511b209ba0d44ae20606faeeb24d444cf8b3cf8280N.exe	88
PID 3256 wrote to memory of 2164	3256	a2210d3b5027a32bf758b6511b209ba0d44ae20606faeeb24d444cf8b3cf8280N.exe	88
PID 3256 wrote to memory of 2164	3256	a2210d3b5027a32bf758b6511b209ba0d44ae20606faeeb24d444cf8b3cf8280N.exe	88
PID 2504 wrote to memory of 748	2504	Unicorn-5517.exe	93
PID 2504 wrote to memory of 748	2504	Unicorn-5517.exe	93
PID 2504 wrote to memory of 748	2504	Unicorn-5517.exe	93
PID 1100 wrote to memory of 4672	1100	Unicorn-43467.exe	94
PID 1100 wrote to memory of 4672	1100	Unicorn-43467.exe	94
PID 1100 wrote to memory of 4672	1100	Unicorn-43467.exe	94
PID 2116 wrote to memory of 2780	2116	Unicorn-3441.exe	95
PID 2116 wrote to memory of 2780	2116	Unicorn-3441.exe	95
PID 2116 wrote to memory of 2780	2116	Unicorn-3441.exe	95
PID 2060 wrote to memory of 772	2060	Unicorn-8039.exe	96
PID 2060 wrote to memory of 772	2060	Unicorn-8039.exe	96
PID 2060 wrote to memory of 772	2060	Unicorn-8039.exe	96
PID 820 wrote to memory of 2656	820	Unicorn-23601.exe	97
PID 820 wrote to memory of 2656	820	Unicorn-23601.exe	97
PID 820 wrote to memory of 2656	820	Unicorn-23601.exe	97
PID 2164 wrote to memory of 1472	2164	Unicorn-347.exe	98
PID 2164 wrote to memory of 1472	2164	Unicorn-347.exe	98
PID 2164 wrote to memory of 1472	2164	Unicorn-347.exe	98
PID 1112 wrote to memory of 652	1112	Unicorn-60939.exe	99
PID 1112 wrote to memory of 652	1112	Unicorn-60939.exe	99
PID 1112 wrote to memory of 652	1112	Unicorn-60939.exe	99
PID 3256 wrote to memory of 1256	3256	a2210d3b5027a32bf758b6511b209ba0d44ae20606faeeb24d444cf8b3cf8280N.exe	100
PID 3256 wrote to memory of 1256	3256	a2210d3b5027a32bf758b6511b209ba0d44ae20606faeeb24d444cf8b3cf8280N.exe	100
PID 3256 wrote to memory of 1256	3256	a2210d3b5027a32bf758b6511b209ba0d44ae20606faeeb24d444cf8b3cf8280N.exe	100
PID 748 wrote to memory of 1148	748	Unicorn-12941.exe	102
PID 748 wrote to memory of 1148	748	Unicorn-12941.exe	102
PID 748 wrote to memory of 1148	748	Unicorn-12941.exe	102
PID 4672 wrote to memory of 1636	4672	Unicorn-58805.exe	103
PID 4672 wrote to memory of 1636	4672	Unicorn-58805.exe	103
PID 4672 wrote to memory of 1636	4672	Unicorn-58805.exe	103
PID 2504 wrote to memory of 4900	2504	Unicorn-5517.exe	104
PID 2504 wrote to memory of 4900	2504	Unicorn-5517.exe	104
PID 2504 wrote to memory of 4900	2504	Unicorn-5517.exe	104
PID 1100 wrote to memory of 4564	1100	Unicorn-43467.exe	105
PID 1100 wrote to memory of 4564	1100	Unicorn-43467.exe	105
PID 1100 wrote to memory of 4564	1100	Unicorn-43467.exe	105
PID 1256 wrote to memory of 1516	1256	Unicorn-11332.exe	106
PID 1256 wrote to memory of 1516	1256	Unicorn-11332.exe	106
PID 1256 wrote to memory of 1516	1256	Unicorn-11332.exe	106
PID 3256 wrote to memory of 1840	3256	a2210d3b5027a32bf758b6511b209ba0d44ae20606faeeb24d444cf8b3cf8280N.exe	107
PID 3256 wrote to memory of 1840	3256	a2210d3b5027a32bf758b6511b209ba0d44ae20606faeeb24d444cf8b3cf8280N.exe	107
PID 3256 wrote to memory of 1840	3256	a2210d3b5027a32bf758b6511b209ba0d44ae20606faeeb24d444cf8b3cf8280N.exe	107
PID 2780 wrote to memory of 3848	2780	Unicorn-60715.exe	108

C:\Users\Admin\AppData\Local\Temp\a2210d3b5027a32bf758b6511b209ba0d44ae20606faeeb24d444cf8b3cf8280N.exe
"C:\Users\Admin\AppData\Local\Temp\a2210d3b5027a32bf758b6511b209ba0d44ae20606faeeb24d444cf8b3cf8280N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60939.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60939.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43467.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12941.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37867.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53329.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35665.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        9⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40712.exe
        10⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28954.exe
        10⤵
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        10⤵
        
        PID:16544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64377.exe
        9⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10779.exe
        9⤵
        
        PID:12392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15170.exe
        9⤵
        
        PID:16896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3861.exe
        8⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
        9⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58466.exe
        10⤵
        
        PID:14952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46944.exe
        10⤵
        
        PID:17024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
        9⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54676.exe
        10⤵
        
        PID:17204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24764.exe
        10⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
        9⤵
        
        PID:15892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
        9⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27103.exe
        8⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40544.exe
        8⤵
        
        PID:12676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        8⤵
        
        PID:17160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12072.exe
        8⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65135.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57832.exe
        8⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50376.exe
        9⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16133.exe
        10⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31341.exe
        10⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
        10⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37744.exe
        9⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10427.exe
        9⤵
        
        PID:13264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17209.exe
        9⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12174.exe
        8⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11270.exe
        9⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26529.exe
        8⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exe
        8⤵
        
        PID:15304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56118.exe
        7⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30641.exe
        8⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42065.exe
        9⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13099.exe
        9⤵
        
        PID:13808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59981.exe
        9⤵
        
        PID:15644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7726.exe
        8⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63586.exe
        8⤵
        
        PID:14040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4886.exe
        8⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31775.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32369.exe
        7⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
        7⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59468.exe
        7⤵
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31735.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
        7⤵
        Executes dropped EXE
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39057.exe
        8⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
        9⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
        10⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38138.exe
        10⤵
        
        PID:15336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54116.exe
        10⤵
        
        PID:16712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63512.exe
        9⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2465.exe
        9⤵
        
        PID:13556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44508.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:16704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5303.exe
        8⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
        9⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
        9⤵
        
        PID:14024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9903.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34891.exe
        8⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12252.exe
        8⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
        7⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33713.exe
        8⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35336.exe
        9⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47810.exe
        9⤵
        
        PID:13076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
        9⤵
        
        PID:17060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37497.exe
        8⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32700.exe
        8⤵
        
        PID:13828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48754.exe
        8⤵
        
        PID:16024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
        8⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38966.exe
        7⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49701.exe
        8⤵
        
        PID:14840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13887.exe
        8⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39522.exe
        7⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        7⤵
        
        PID:15012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28255.exe
        7⤵
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29560.exe
        6⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19534.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42094.exe
        8⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
        8⤵
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48562.exe
        8⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
        8⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1886.exe
        7⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        7⤵
        
        PID:12628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51584.exe
        7⤵
        
        PID:17124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61603.exe
        7⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27583.exe
        6⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53960.exe
        7⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21035.exe
        7⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47155.exe
        7⤵
        
        PID:16352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
        7⤵
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37230.exe
        6⤵
        
        PID:8520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23354.exe
        6⤵
        
        PID:10408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44932.exe
        6⤵
        
        PID:16648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18577.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64232.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
        7⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43089.exe
        8⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-80.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-80.exe
        9⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
        10⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35211.exe
        10⤵
        
        PID:14828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3846.exe
        10⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12652.exe
        10⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42318.exe
        9⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3695.exe
        9⤵
        
        PID:14000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        9⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15438.exe
        8⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40421.exe
        9⤵
        
        PID:16832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        9⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6787.exe
        9⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24440.exe
        8⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57739.exe
        8⤵
        
        PID:15328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30929.exe
        8⤵
        
        PID:16004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61679.exe
        8⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53784.exe
        7⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50376.exe
        8⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
        9⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31371.exe
        9⤵
        
        PID:14756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54116.exe
        9⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25808.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45391.exe
        8⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13010.exe
        8⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9711.exe
        8⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6750.exe
        7⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51397.exe
        8⤵
        
        PID:16392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32395.exe
        7⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55779.exe
        7⤵
        
        PID:14948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56687.exe
        6⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8112.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41448.exe
        8⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4449.exe
        9⤵
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54304.exe
        9⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48391.exe
        9⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29025.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14680.exe
        8⤵
        
        PID:15840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        7⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12426.exe
        7⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
        7⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        6⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2055.exe
        7⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
        8⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22783.exe
        8⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29070.exe
        7⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51874.exe
        7⤵
        
        PID:15352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47760.exe
        7⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53463.exe
        7⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
        6⤵
        
        PID:7272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8523.exe
        6⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4916.exe
        6⤵
        
        PID:15940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26359.exe
        6⤵
        
        PID:8700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38777.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15816.exe
        6⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19976.exe
        7⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30696.exe
        8⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24328.exe
        9⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38138.exe
        9⤵
        
        PID:15296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36519.exe
        9⤵
        
        PID:17200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
        8⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48226.exe
        8⤵
        
        PID:15020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42829.exe
        8⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38391.exe
        7⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38850.exe
        7⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27307.exe
        7⤵
        
        PID:16432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50199.exe
        7⤵
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14583.exe
        6⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
        7⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17003.exe
        7⤵
        
        PID:11860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11794.exe
        7⤵
        
        PID:16348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59981.exe
        7⤵
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25365.exe
        6⤵
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12120.exe
        6⤵
        
        PID:12328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44402.exe
        6⤵
        
        PID:16612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
        5⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32913.exe
        6⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-874.exe
        7⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18935.exe
        7⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23233.exe
        7⤵
        
        PID:14700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9711.exe
        7⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45615.exe
        6⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55272.exe
        7⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40011.exe
        7⤵
        
        PID:13804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52720.exe
        7⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29048.exe
        6⤵
        
        PID:10820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7355.exe
        6⤵
        
        PID:15168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26457.exe
        6⤵
        
        PID:16664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47366.exe
        5⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52232.exe
        6⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27418.exe
        6⤵
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
        6⤵
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8334.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53077.exe
        5⤵
        
        PID:12464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32119.exe
        5⤵
        
        PID:16940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
        5⤵
        
        PID:5884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58805.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48872.exe
        7⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52264.exe
        8⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2704.exe
        9⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43749.exe
        10⤵
        
        PID:14992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21035.exe
        9⤵
        
        PID:12108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58530.exe
        9⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        9⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29943.exe
        8⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61411.exe
        8⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40727.exe
        7⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43560.exe
        8⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
        9⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        9⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36519.exe
        9⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61936.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18994.exe
        8⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
        8⤵
        
        PID:15576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17461.exe
        7⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
        7⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59619.exe
        7⤵
        
        PID:15668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62496.exe
        7⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1233.exe
        6⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36945.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32456.exe
        8⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17003.exe
        8⤵
        
        PID:11852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11794.exe
        8⤵
        
        PID:16364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59981.exe
        8⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30929.exe
        7⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22290.exe
        7⤵
        
        PID:12420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61785.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16341.exe
        6⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27281.exe
        7⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
        8⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47355.exe
        8⤵
        
        PID:15000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64519.exe
        8⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36750.exe
        7⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61090.exe
        7⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29805.exe
        7⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49320.exe
        6⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55269.exe
        7⤵
        
        PID:14936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59488.exe
        7⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32355.exe
        7⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
        6⤵
        
        PID:11492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6545.exe
        6⤵
        
        PID:15852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32457.exe
        6⤵
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57880.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24171.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
        7⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17640.exe
        8⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21035.exe
        8⤵
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47155.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60493.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48719.exe
        7⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55347.exe
        7⤵
        
        PID:12456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55947.exe
        7⤵
        
        PID:16980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21139.exe
        7⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20302.exe
        6⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64180.exe
        7⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        7⤵
        
        PID:16444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16629.exe
        6⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14619.exe
        6⤵
        
        PID:12408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4770.exe
        6⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13832.exe
        6⤵
        
        PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62742.exe
        5⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
        6⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31316.exe
        7⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13131.exe
        7⤵
        
        PID:15488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49226.exe
        7⤵
        
        PID:11528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63512.exe
        6⤵
        
        PID:9976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        6⤵
        
        PID:14464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21305.exe
        6⤵
        
        PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24904.exe
        5⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exe
        6⤵
        
        PID:14460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47904.exe
        6⤵
        
        PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30856.exe
        5⤵
        
        PID:10380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
        5⤵
        
        PID:14900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        5⤵
        
        PID:1204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        5⤵
        
        PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59313.exe
        6⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
        7⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53960.exe
        8⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
        9⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31371.exe
        9⤵
        
        PID:14748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3846.exe
        9⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        8⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26866.exe
        8⤵
        
        PID:15416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48272.exe
        8⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27089.exe
        7⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6255.exe
        7⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53067.exe
        7⤵
        
        PID:16592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22675.exe
        7⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36430.exe
        6⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25009.exe
        7⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60667.exe
        7⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
        7⤵
        
        PID:15712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44665.exe
        6⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28156.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53120.exe
        6⤵
        
        PID:16948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12796.exe
        6⤵
        
        PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1233.exe
        5⤵
        
        PID:692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22472.exe
        6⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32456.exe
        7⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5682.exe
        7⤵
        
        PID:12664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23836.exe
        7⤵
        
        PID:17016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40308.exe
        7⤵
        
        PID:7192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60696.exe
        6⤵
        
        PID:9004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55539.exe
        6⤵
        
        PID:12520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61785.exe
        6⤵
        
        PID:16924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12382.exe
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
        6⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22895.exe
        6⤵
        
        PID:12496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23836.exe
        6⤵
        
        PID:16880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34806.exe
        6⤵
        
        PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46527.exe
        5⤵
        
        PID:8540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5954.exe
        5⤵
        
        PID:12356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        5⤵
        
        PID:184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49250.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19563.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40168.exe
        6⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64744.exe
        7⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58057.exe
        7⤵
        
        PID:12368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
        7⤵
        
        PID:16576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
        7⤵
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50642.exe
        6⤵
        
        PID:8368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58844.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34780.exe
        6⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4517.exe
        6⤵
        
        PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34158.exe
        5⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48785.exe
        6⤵
        
        PID:9796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
        6⤵
        
        PID:13504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        6⤵
        
        PID:16640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13420.exe
        6⤵
        
        PID:8924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        5⤵
        
        PID:9852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18776.exe
        5⤵
        
        PID:13712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
        5⤵
        
        PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50752.exe
        5⤵
        
        PID:9180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56294.exe
      4⤵
      PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32791.exe
        5⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40453.exe
        6⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51786.exe
        6⤵
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12821.exe
        5⤵
        
        PID:10772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57739.exe
        5⤵
        
        PID:13788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
        5⤵
        
        PID:15980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
        5⤵
        
        PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31689.exe
        5⤵
        
        PID:8308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56024.exe
      4⤵
      PID:7444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5380.exe
        5⤵
        
        PID:16276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27836.exe
        5⤵
        
        PID:7700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22170.exe
      4⤵
      PID:10668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
      4⤵
      PID:14292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37879.exe
      4⤵
      PID:6352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3441.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60715.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32520.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53937.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44584.exe
        8⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65512.exe
        9⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28954.exe
        9⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47010.exe
        9⤵
        
        PID:16568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23827.exe
        9⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
        8⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25793.exe
        8⤵
        
        PID:11952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37378.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35391.exe
        8⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6286.exe
        7⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55493.exe
        8⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36519.exe
        9⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48684.exe
        8⤵
        
        PID:15656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33190.exe
        8⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        7⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45995.exe
        7⤵
        
        PID:13684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
        7⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65443.exe
        7⤵
        
        PID:3364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15454.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53960.exe
        7⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1683.exe
        8⤵
        
        PID:15088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21035.exe
        7⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47155.exe
        7⤵
        
        PID:16376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25107.exe
        7⤵
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35071.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3455.exe
        6⤵
        
        PID:12320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27866.exe
        6⤵
        
        PID:16660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20433.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14736.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe
        7⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
        7⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exe
        7⤵
        
        PID:15376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        6⤵
        
        PID:8232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12426.exe
        6⤵
        
        PID:11008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
        6⤵
        
        PID:17344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52278.exe
        5⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
        6⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24520.exe
        7⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38138.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51530.exe
        7⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10030.exe
        6⤵
        
        PID:9572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55091.exe
        6⤵
        
        PID:13548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:60
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31967.exe
        5⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39653.exe
        6⤵
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33978.exe
        6⤵
        
        PID:16828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13122.exe
        5⤵
        
        PID:10696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39819.exe
        5⤵
        
        PID:15392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3915.exe
        5⤵
        
        PID:8756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49714.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40299.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
        6⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-80.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-80.exe
        7⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
        8⤵
        
        PID:13596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        8⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52760.exe
        7⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3695.exe
        7⤵
        
        PID:13984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6358.exe
        7⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61624.exe
        6⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        6⤵
        
        PID:11724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
        6⤵
        
        PID:15864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1768.exe
        6⤵
        
        PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19191.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54728.exe
        6⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27418.exe
        6⤵
        
        PID:10244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
        6⤵
        
        PID:15956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33813.exe
        5⤵
        
        PID:8420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36604.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59264.exe
        5⤵
        
        PID:15928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34780.exe
        5⤵
        
        PID:16656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43800.exe
        5⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-551.exe
        6⤵
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62395.exe
        6⤵
        
        PID:11164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
        6⤵
        
        PID:16560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe
        5⤵
        
        PID:8496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
        5⤵
        
        PID:13068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5416.exe
        5⤵
        
        PID:4752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61983.exe
      4⤵
      PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64107.exe
        5⤵
        
        PID:7040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63380.exe
        6⤵
        
        PID:14216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5762.exe
        6⤵
        
        PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23761.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26834.exe
        5⤵
        
        PID:13796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1238.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3976.exe
      4⤵
      PID:7892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5860.exe
        5⤵
        
        PID:13140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38050.exe
        5⤵
        
        PID:3656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8177.exe
      4⤵
      PID:10916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23947.exe
        5⤵
        
        PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39268.exe
        5⤵
        
        PID:6264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
      4⤵
      PID:15256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44849.exe
      4⤵
      PID:3352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37099.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        6⤵
        
        PID:244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10759.exe
        7⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47048.exe
        8⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28534.exe
        9⤵
        
        PID:17216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
        8⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
        8⤵
        
        PID:15876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9711.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21783.exe
        7⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
        7⤵
        
        PID:13104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34780.exe
        7⤵
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1870.exe
        6⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35336.exe
        7⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8555.exe
        7⤵
        
        PID:12488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55920.exe
        7⤵
        
        PID:16968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42384.exe
        7⤵
        
        PID:16276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        6⤵
        
        PID:9356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41148.exe
        6⤵
        
        PID:12316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39095.exe
        6⤵
        
        PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1783.exe
        5⤵
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3946.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17492.exe
        7⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63596.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31441.exe
        6⤵
        
        PID:10124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40130.exe
        6⤵
        
        PID:13696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65239.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
        5⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
        6⤵
        
        PID:9524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        6⤵
        
        PID:14692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54116.exe
        6⤵
        
        PID:512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47903.exe
        5⤵
        
        PID:10736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49074.exe
        5⤵
        
        PID:15308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37570.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58648.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22635.exe
        5⤵
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40168.exe
        6⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64744.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8555.exe
        7⤵
        
        PID:12712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
        7⤵
        
        PID:17336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43548.exe
        7⤵
        
        PID:16468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
        7⤵
        
        PID:8696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25793.exe
        6⤵
        
        PID:12672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50048.exe
        6⤵
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37998.exe
        5⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9703.exe
        6⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
        6⤵
        
        PID:13512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        6⤵
        
        PID:16540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
        6⤵
        
        PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11710.exe
        5⤵
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18776.exe
        5⤵
        
        PID:13676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
        5⤵
        
        PID:17104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53757.exe
        5⤵
        
        PID:7516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8606.exe
      4⤵
      PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17896.exe
        5⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41323.exe
        6⤵
        
        PID:10224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35211.exe
        6⤵
        
        PID:14816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51786.exe
        6⤵
        
        PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21457.exe
        5⤵
        
        PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48947.exe
        5⤵
        
        PID:14960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25363.exe
        5⤵
        
        PID:5616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65023.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34533.exe
        5⤵
        
        PID:13460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7732.exe
      4⤵
      PID:13180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64707.exe
      4⤵
      PID:6028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55941.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55941.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32520.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24939.exe
        5⤵
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63240.exe
        6⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47048.exe
        7⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48357.exe
        8⤵
        
        PID:15136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37794.exe
        8⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
        7⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
        7⤵
        
        PID:15916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34256.exe
        7⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-590.exe
        6⤵
        
        PID:8660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
        6⤵
        
        PID:13056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-162.exe
        6⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57903.exe
        5⤵
        
        PID:7416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3559.exe
        6⤵
        
        PID:10068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26394.exe
        6⤵
        
        PID:13664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47714.exe
        6⤵
        
        PID:16672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25363.exe
        6⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17142.exe
        6⤵
        
        PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        5⤵
        
        PID:11716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
        5⤵
        
        PID:15884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19307.exe
        5⤵
        
        PID:16728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34569.exe
        5⤵
        
        PID:1332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61394.exe
      4⤵
      PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25230.exe
        5⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63595.exe
        6⤵
        
        PID:9496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21547.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26243.exe
        6⤵
        
        PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54518.exe
        5⤵
        
        PID:9332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34475.exe
        5⤵
        
        PID:14280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17183.exe
        5⤵
        
        PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
      4⤵
      PID:7208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-339.exe
        5⤵
        
        PID:15108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19455.exe
        5⤵
        
        PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26225.exe
      4⤵
      PID:11460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55017.exe
      4⤵
      PID:15932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
      4⤵
      PID:16852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48966.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7344.exe
      4⤵
      PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41393.exe
        5⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47816.exe
        6⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27490.exe
        7⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2123.exe
        7⤵
        
        PID:17200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54116.exe
        7⤵
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
        6⤵
        
        PID:10996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
        6⤵
        
        PID:15860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60467.exe
        6⤵
        
        PID:7868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7310.exe
        5⤵
        
        PID:9096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25554.exe
        5⤵
        
        PID:12656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60249.exe
        5⤵
        
        PID:17188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
      4⤵
      PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60453.exe
        5⤵
        
        PID:14260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        5⤵
        
        PID:16620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32670.exe
      4⤵
      PID:9540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
      4⤵
      PID:14684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21305.exe
      4⤵
      PID:5972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32942.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32942.exe
    3⤵
    PID:5508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe
      4⤵
      PID:6424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
        5⤵
        
        PID:12516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55648.exe
        5⤵
        
        PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2158.exe
      4⤵
      PID:9808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
      4⤵
      PID:13764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42384.exe
      4⤵
      PID:4868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37345.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37345.exe
    3⤵
    PID:6616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2729.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2729.exe
    3⤵
    PID:8384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29443.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29443.exe
    3⤵
    PID:14296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
    3⤵
    PID:8764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23601.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23601.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8039.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8039.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10829.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37099.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46417.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7367.exe
        7⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63432.exe
        8⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56683.exe
        9⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12139.exe
        9⤵
        
        PID:13488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        9⤵
        
        PID:16584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43664.exe
        9⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17518.exe
        8⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12911.exe
        8⤵
        
        PID:13632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        8⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57903.exe
        7⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43013.exe
        8⤵
        
        PID:12268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4971.exe
        8⤵
        
        PID:15436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51786.exe
        8⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
        7⤵
        
        PID:15920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
        7⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49007.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50952.exe
        7⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
        8⤵
        
        PID:15192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23202.exe
        8⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38478.exe
        7⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23233.exe
        7⤵
        
        PID:14676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59981.exe
        7⤵
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59158.exe
        6⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9476.exe
        7⤵
        
        PID:16632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21787.exe
        6⤵
        
        PID:10912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55779.exe
        6⤵
        
        PID:12804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26751.exe
        6⤵
        
        PID:8208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48664.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14736.exe
        6⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6800.exe
        7⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61224.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46924.exe
        8⤵
        
        PID:13960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59981.exe
        8⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51927.exe
        8⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31441.exe
        7⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8033.exe
        7⤵
        
        PID:13756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64601.exe
        7⤵
        
        PID:17044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30390.exe
        7⤵
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57903.exe
        6⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34891.exe
        6⤵
        
        PID:11500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49984.exe
        6⤵
        
        PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39903.exe
        5⤵
        
        PID:5068
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 488
        6⤵
        Program crash
        
        PID:8096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45350.exe
        5⤵
        
        PID:9188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6458.exe
        5⤵
        
        PID:9708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2996.exe
        5⤵
        
        PID:4952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36340.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57128.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21073.exe
        6⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63432.exe
        7⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-551.exe
        8⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10283.exe
        8⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47010.exe
        8⤵
        
        PID:16552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
        7⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35283.exe
        7⤵
        
        PID:13328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42384.exe
        7⤵
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53206.exe
        6⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        6⤵
        
        PID:11544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        6⤵
        
        PID:15736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13646.exe
        5⤵
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25233.exe
        6⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17640.exe
        7⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-97.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-97.exe
        8⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21035.exe
        7⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47155.exe
        7⤵
        
        PID:16340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48986.exe
        7⤵
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15470.exe
        6⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53675.exe
        6⤵
        
        PID:13124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30079.exe
        6⤵
        
        PID:17116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
        6⤵
        
        PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51734.exe
        5⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19749.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56994.exe
        6⤵
        
        PID:16316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
        5⤵
        
        PID:9904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
        5⤵
        
        PID:13640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
        5⤵
        
        PID:16824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55686.exe
        5⤵
        
        PID:8
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17543.exe
      4⤵
      PID:840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21611.exe
        5⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53960.exe
        6⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21346.exe
        7⤵
        
        PID:12968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44221.exe
        7⤵
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21035.exe
        6⤵
        
        PID:12080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47155.exe
        6⤵
        
        PID:13652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25267.exe
        6⤵
        
        PID:7952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
        6⤵
        
        PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59769.exe
        5⤵
        
        PID:9432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25689.exe
        5⤵
        
        PID:13344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34780.exe
        5⤵
        
        PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59785.exe
      4⤵
      PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40811.exe
        5⤵
        
        PID:10924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48226.exe
        5⤵
        
        PID:15028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
        5⤵
        
        PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11918.exe
      4⤵
      PID:9872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
      4⤵
      PID:13616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23913.exe
      4⤵
      PID:16844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30868.exe
      4⤵
      PID:7016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47793.exe
        6⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51144.exe
        7⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19921.exe
        7⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61090.exe
        7⤵
        
        PID:14848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63821.exe
        7⤵
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45615.exe
        6⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46309.exe
        7⤵
        
        PID:17388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47019.exe
        6⤵
        
        PID:10300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13486.exe
        6⤵
        
        PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9326.exe
        5⤵
        
        PID:5548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17896.exe
        6⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60869.exe
        7⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
        7⤵
        
        PID:14924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21457.exe
        6⤵
        
        PID:9812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48947.exe
        6⤵
        
        PID:14872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59981.exe
        6⤵
        
        PID:16324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55648.exe
        6⤵
        
        PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25058.exe
        5⤵
        
        PID:10692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53388.exe
        5⤵
        
        PID:15848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45353.exe
        5⤵
        
        PID:7940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2862.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        5⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50795.exe
        6⤵
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51650.exe
        6⤵
        
        PID:13168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22492.exe
        6⤵
        
        PID:17220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        6⤵
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14133.exe
        5⤵
        
        PID:8848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15291.exe
        5⤵
        
        PID:13036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53132.exe
        5⤵
        
        PID:17200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36230.exe
        5⤵
        
        PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3518.exe
      4⤵
      PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50376.exe
        5⤵
        
        PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37744.exe
        5⤵
        
        PID:11052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37634.exe
        5⤵
        
        PID:16172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
        5⤵
        
        PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31775.exe
      4⤵
      PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe
        5⤵
        
        PID:4052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32369.exe
      4⤵
      PID:11188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
      4⤵
      PID:15368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50076.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50076.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40299.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31784.exe
        5⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2960.exe
        6⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40453.exe
        7⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3846.exe
        7⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51952.exe
        7⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63512.exe
        6⤵
        
        PID:10000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11542.exe
        6⤵
        
        PID:636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        5⤵
        
        PID:7276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40337.exe
        6⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55497.exe
        6⤵
        
        PID:13992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55091.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34891.exe
        5⤵
        
        PID:11468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        5⤵
        
        PID:15744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49984.exe
        5⤵
        
        PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20151.exe
      4⤵
      PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
        5⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50001.exe
        6⤵
        
        PID:8964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41611.exe
        6⤵
        
        PID:12472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21305.exe
        6⤵
        
        PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35374.exe
        5⤵
        
        PID:8312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4914.exe
        5⤵
        
        PID:12892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23836.exe
        5⤵
        
        PID:16856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7993.exe
        5⤵
        
        PID:7728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42687.exe
      4⤵
      PID:7492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30306.exe
      4⤵
      PID:10676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49074.exe
      4⤵
      PID:13552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
      4⤵
      PID:6416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35976.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49329.exe
      4⤵
      PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50376.exe
        5⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24328.exe
        6⤵
        
        PID:10556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57139.exe
        6⤵
        
        PID:15908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51132.exe
        6⤵
        
        PID:16460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34806.exe
        6⤵
        
        PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45391.exe
        5⤵
        
        PID:9536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        5⤵
        
        PID:14420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9711.exe
        5⤵
        
        PID:5376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7477.exe
      4⤵
      PID:8108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        5⤵
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14655.exe
        5⤵
        
        PID:8472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12426.exe
      4⤵
      PID:6256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4386.exe
      4⤵
      PID:16048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
      4⤵
      PID:7008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49478.exe
    3⤵
    PID:5524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
      4⤵
      PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39569.exe
        5⤵
        
        PID:9912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35211.exe
        5⤵
        
        PID:14804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36519.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        5⤵
        
        PID:8084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
      4⤵
      PID:10084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40130.exe
      4⤵
      PID:13720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38134.exe
      4⤵
      PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60000.exe
      4⤵
      PID:7016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56600.exe
    3⤵
    PID:7528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50981.exe
      4⤵
      PID:16336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39768.exe
    3⤵
    PID:10728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
    3⤵
    PID:15276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55359.exe
    3⤵
    PID:9192
- C:\Users\Admin\AppData\Local\Temp\Unicorn-347.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-347.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11597.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11597.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52366.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-231.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31016.exe
        6⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61896.exe
        7⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62184.exe
        8⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 636
        8⤵
        Program crash
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37559.exe
        7⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2465.exe
        7⤵
        
        PID:13564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42780.exe
        7⤵
        
        PID:16976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7993.exe
        7⤵
        
        PID:7816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36631.exe
        6⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1330.exe
        7⤵
        
        PID:11988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53020.exe
        7⤵
        
        PID:15252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32670.exe
        6⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
        6⤵
        
        PID:14652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21305.exe
        6⤵
        
        PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37966.exe
        5⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
        6⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15556.exe
        7⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10998.exe
        7⤵
        
        PID:9124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63512.exe
        6⤵
        
        PID:9888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12911.exe
        6⤵
        
        PID:13704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48986.exe
        6⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48546.exe
        6⤵
        
        PID:8396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6101.exe
        5⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
        6⤵
        
        PID:13448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        6⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25510.exe
        6⤵
        
        PID:16848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14906.exe
        5⤵
        
        PID:12264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41045.exe
        5⤵
        
        PID:16248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16302.exe
        5⤵
        
        PID:7884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38030.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
        5⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51144.exe
        6⤵
        
        PID:7196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19921.exe
        6⤵
        
        PID:10800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exe
        6⤵
        
        PID:15144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21266.exe
        6⤵
        
        PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60882.exe
        5⤵
        
        PID:7172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40453.exe
        6⤵
        
        PID:12448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38050.exe
        6⤵
        
        PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15922.exe
        5⤵
        
        PID:10320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34268.exe
        5⤵
        
        PID:14944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12601.exe
        5⤵
        
        PID:1304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51702.exe
      4⤵
      PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57864.exe
        5⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35080.exe
        6⤵
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
        6⤵
        
        PID:13524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        6⤵
        
        PID:16656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12652.exe
        6⤵
        
        PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63512.exe
        5⤵
        
        PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12911.exe
        5⤵
        
        PID:13728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14331.exe
        5⤵
        
        PID:15860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11966.exe
      4⤵
      PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49189.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64307.exe
        5⤵
        
        PID:17396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
      4⤵
      PID:11480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30583.exe
      4⤵
      PID:17108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
      4⤵
      PID:17256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3092.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3092.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40299.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11664.exe
        5⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2960.exe
        6⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29806.exe
        7⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35283.exe
        7⤵
        
        PID:13324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9711.exe
        7⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37497.exe
        6⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32700.exe
        6⤵
        
        PID:13820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34780.exe
        6⤵
        
        PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29719.exe
        5⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56616.exe
        6⤵
        
        PID:10260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47355.exe
        6⤵
        
        PID:15032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
        6⤵
        
        PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25208.exe
        5⤵
        
        PID:10524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1610.exe
        5⤵
        
        PID:14864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4886.exe
        5⤵
        
        PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35391.exe
        5⤵
        
        PID:8352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15454.exe
      4⤵
      PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
        5⤵
        
        PID:7004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58363.exe
        5⤵
        
        PID:8008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
        5⤵
        
        PID:15768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61119.exe
      4⤵
      PID:8712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6626.exe
      4⤵
      PID:13048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12718.exe
      4⤵
      PID:1664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17543.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
      4⤵
      PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
        5⤵
        
        PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
        5⤵
        
        PID:10816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36418.exe
        5⤵
        
        PID:17372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15967.exe
        5⤵
        
        PID:7748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20247.exe
      4⤵
      PID:9072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25362.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60249.exe
      4⤵
      PID:17132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44751.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44751.exe
    3⤵
    PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25009.exe
      4⤵
      PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48724.exe
        5⤵
        
        PID:15816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33978.exe
        5⤵
        
        PID:16936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51786.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60667.exe
      4⤵
      PID:10664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34780.exe
      4⤵
      PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22472.exe
      4⤵
      PID:8468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9294.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9294.exe
    3⤵
    PID:9032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24820.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24820.exe
    3⤵
    PID:12556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
    3⤵
    PID:17000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50935.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50935.exe
    3⤵
    PID:1520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11332.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11332.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18350.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57320.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe
        5⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17861.exe
        7⤵
        
        PID:13016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59981.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
        6⤵
        
        PID:11212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exe
        6⤵
        
        PID:15320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25590.exe
        6⤵
        
        PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25879.exe
        5⤵
        
        PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47019.exe
        5⤵
        
        PID:10276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
        5⤵
        
        PID:16064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34780.exe
        5⤵
        
        PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19102.exe
      4⤵
      PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50795.exe
        5⤵
        
        PID:8896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51650.exe
        5⤵
        
        PID:9624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22492.exe
        5⤵
        
        PID:17320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        5⤵
        
        PID:5172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22495.exe
      4⤵
      PID:7712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5954.exe
      4⤵
      PID:12444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34249.exe
      4⤵
      PID:12756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32462.exe
      4⤵
      PID:8020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16375.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14736.exe
      4⤵
      PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53256.exe
        5⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35336.exe
        6⤵
        
        PID:8808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51650.exe
        6⤵
        
        PID:13156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22492.exe
        6⤵
        
        PID:17268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48986.exe
        6⤵
        
        PID:1384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26926.exe
        5⤵
        
        PID:8852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
        5⤵
        
        PID:14252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45952.exe
        5⤵
        
        PID:17260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11458.exe
        5⤵
        
        PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28951.exe
      4⤵
      PID:7664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12821.exe
      4⤵
      PID:10780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57739.exe
      4⤵
      PID:15288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
      4⤵
      PID:15988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1576.exe
      4⤵
      PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6225.exe
      4⤵
      PID:5556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3518.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3518.exe
    3⤵
    PID:5580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32791.exe
      4⤵
      PID:7552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
      4⤵
      PID:15896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
      4⤵
      PID:2716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38111.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38111.exe
    3⤵
    PID:7720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4784.exe
      4⤵
      PID:10460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38138.exe
      4⤵
      PID:15260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43270.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43270.exe
    3⤵
    PID:10884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28890.exe
    3⤵
    PID:15116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45545.exe
    3⤵
    PID:3596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60457.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60457.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
      4⤵
      PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14599.exe
        5⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35336.exe
        6⤵
        
        PID:8800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51650.exe
        6⤵
        
        PID:13092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22675.exe
        6⤵
        
        PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60696.exe
        5⤵
        
        PID:9012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55539.exe
        5⤵
        
        PID:12528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61785.exe
        5⤵
        
        PID:16908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11703.exe
      4⤵
      PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40337.exe
        5⤵
        
        PID:9344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
        5⤵
        
        PID:14236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
        5⤵
        
        PID:16640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55062.exe
      4⤵
      PID:8488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59723.exe
      4⤵
      PID:13144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52358.exe
      4⤵
      PID:8828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21902.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21902.exe
    3⤵
    PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20049.exe
      4⤵
      PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53960.exe
        5⤵
        
        PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21035.exe
        5⤵
        
        PID:12044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47155.exe
        5⤵
        
        PID:16368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21266.exe
        5⤵
        
        PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
      4⤵
      PID:9480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64896.exe
      4⤵
      PID:14320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31497.exe
      4⤵
      PID:8300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61599.exe
    3⤵
    PID:6772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
      4⤵
      PID:9292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58252.exe
      4⤵
      PID:9476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20466.exe
      4⤵
      PID:17360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9711.exe
      4⤵
      PID:5560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
    3⤵
    PID:13536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33998.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33998.exe
    3⤵
    PID:8272
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
    3⤵
    PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54792.exe
      4⤵
      PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
        5⤵
        
        PID:6984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58363.exe
        5⤵
        
        PID:11648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52578.exe
        5⤵
        
        PID:16276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41518.exe
      4⤵
      PID:8508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
      4⤵
      PID:11260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30684.exe
      4⤵
      PID:8400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29719.exe
    3⤵
    PID:7296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60453.exe
      4⤵
      PID:14328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38050.exe
      4⤵
      PID:2096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
    3⤵
    PID:10356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
    3⤵
    PID:14856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
    3⤵
    PID:4840
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31617.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31617.exe
  2⤵
  PID:5324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe
    3⤵
    PID:6688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60453.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18994.exe
    3⤵
    PID:11328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48523.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48523.exe
    3⤵
    PID:15632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32502.exe
    3⤵
    PID:3740
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2301.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2301.exe
  2⤵
  PID:6524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59688.exe
    3⤵
    PID:9324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14874.exe
    3⤵
    PID:14272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13551.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13551.exe
    3⤵
    PID:3416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2194.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2194.exe
  2⤵
  PID:11004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3499.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3499.exe
  2⤵
  PID:11312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55604.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55604.exe
  2⤵
  PID:15772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5068 -ip 5068
1⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 6516 -ip 6516
1⤵
PID:13288

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16664

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
- Suspicious use of FindShellTrayWindow
PID:5704

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:7936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10829.exe

Filesize
468KB

MD5
96384126d7489ab2116d8f64ee2f4585

SHA1
12df2a5b3b6f2b14de2960d020bc869ba0c27ce0

SHA256
7c83553dd675fe643647a7e7e3ad62c449bc089fb41d147e4d322ee672ab503e

SHA512
c029c5994f460b3ddee7d531cb15f497a72b27f9dceca7e7278860064d31a6e78c7ad760bb04c33625d1ec83503efbce20131e84038597ba60d2393cbbdb4aba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11332.exe

Filesize
468KB

MD5
27ea65aa13a670e893acd5db78b6a2dc

SHA1
dbb1337260bf642149f162bd99ca643c3d3e2c52

SHA256
70f54f625439ef4590256f2bd045cbee94902402cde942e622d871d8bac7894a

SHA512
6176221025efcf13851f8bd723098cd431285b965522f00b6d741a2b040795be00dcb54daf936b9f233b7f051faf48480b8d36cb961f8176f82ad9f6713eeee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11597.exe

Filesize
468KB

MD5
6e95739fd1f8301767b6357f3ac98251

SHA1
605cd9c09c6179b6bc55d4a2cb3c8c4a6bc3ffe9

SHA256
b7f7f82d64edb4dd8191597da5a7d746a4692397d0691128a5688292ca65cfe1

SHA512
be9d730b756dcc3b97b31b4cabd06e9be290f19e040a8ff1a134764d69a97b4fb6142b36ea258da62056724bbb8aab9710fb0fc31ea6c46e5696d3d6e6ae081e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12941.exe

Filesize
468KB

MD5
e2a3959afe4c3a0e1e7d3d924feb475d

SHA1
7731815ca47b470c8db97b1b35cb68d49306bd3f

SHA256
fa3c1376a8089bb0403129fbf0127e0f0443c6d5e92c86ede6577ba244d2293a

SHA512
4ee3188e662e0e9b7b66c08417b97daeca8a613f528e2b693c2be4d26dc7ddab8d1d3be4666d7fa94b4c608e25527baa040cd0886316d40cbb716c9a772ae625

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18350.exe

Filesize
468KB

MD5
d28ba89a90f917f8bf328656074fb7b9

SHA1
e8878e5620de56ba35f2c314c3ccec2e1afade6e

SHA256
624f853709cb5244c5525623a8edec553a1746e9be164f775535bc1562bf0d09

SHA512
4c5c094a835e0284f8ed14b597eda809d42844da0b68c7b020f621dddee70f0643a8eec56939712a6916c90b82e9b8645ec70c1adb376452a9ad901b4895047d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18577.exe

Filesize
468KB

MD5
fcca69ed2316e18024a4eccdd475e5d0

SHA1
4cd42d0dceb9e150bbc8c68e902d2a00129fddf8

SHA256
e4e2342d0c95a7112392c45de1c332ee0ef0e105c7242f59590d115a4cb80134

SHA512
9ab19de4f758b6f6d6042796590bba8d44ea2742e1d7341d171ee9504b188792acbb32916c16b605a720509f265f5ab162354c0614040712e23d3f8f36c8f184

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23601.exe

Filesize
468KB

MD5
010585639065ca2f149e65829b46e57c

SHA1
3b864b718afda294ab1756a7674c93b5e254eaae

SHA256
7f88659ee630dce7fc5b119d37b35915869e8560799ac8085db0be48fde9a82e

SHA512
c532abba7fd0ff5fc64108d3be64d3ed5c9b4aba5df1efa9cfb16eb1fb9dcf35d40db9896dc79b30e9dd444c12c0806f8d9cea28d6f3f36a487123dc8a612869

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3092.exe

Filesize
468KB

MD5
054212da5e92bced00d063b0588ce110

SHA1
e4e7bbb914db8923a6f38498d80adb651e406c1e

SHA256
476001699b71d42ca6e1d6fac4e30488b887351f75e2ef93ddb9de61f69c2d51

SHA512
67edd28146f31742da71a96c5a50b8b8103b2f30339855dbffe1fb9c2df2e86ad815bd6e1110f5da1f393ac4994711c61603287627a3ca45a96f533382825bb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe

Filesize
468KB

MD5
3f40ec104a19e59b6d6b2a35e4558643

SHA1
d4c4562aa6fe48c7472345f0201cc97f1264ca54

SHA256
729cc6374e6baff29792ae0b3d99c7010df921a2f08aea9b8147cfb59fdc2852

SHA512
4ea19184ff5296704bca1071c2f771a19cf807a09b6457e40576ef451d9dc457f0efd8287dfa97512dc03c01c3f63d40afd75d1466dafe6e82c00225832ea41e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3441.exe

Filesize
468KB

MD5
b93da19d9d38fce5fe2f53adb7d83b96

SHA1
dfc152ec897fccf5d924086c033927d8610402d2

SHA256
1dd32381f7f54d837e17bcbd7cce4b8c55163eb0c75a7da4a62ec3d407697a81

SHA512
8c1e67f9b38878ba83262fb9dc1659f35a64a206cbc25fed813e50268ebe0083e94aac479ef1fd9d45beebcdfe198765d1a65de19abf8dbd55880cd0504b1f9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-347.exe

Filesize
468KB

MD5
0f811e9e5d0de763f6c71f9d6f6e4264

SHA1
96bf768220ddc82de597595c6849de9683e8ef37

SHA256
2cf0fe7711c914c8d2908acc1eebe4939153f2f8b67211cd9de9605158ed5f16

SHA512
cc14fbfea9ee9e4b674606354b98bd228e83606f559b71ee14cc49670ebd5e8646cdfdf91e11b803f8eff0c0ce0e04fd968fe683e6c88e6f5450ef3572eaa318

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36340.exe

Filesize
468KB

MD5
67d52295c0814b23f64b80c592654e25

SHA1
5c008e7cdf2a6d6a7f31f30bb17d7096a4b4b3f1

SHA256
2180dcd5476c01ceaa62e82adc0740aaa9213937d0a7e2e08f36c8f83243fe1a

SHA512
b9e81d4aeb5579dd972b8667420caccb6730c5f1fe78086418e650665cf9348f6eb097b67be3a7832c6871c62d444c05551a2375c76653bab99a436d3703bbca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37099.exe

Filesize
468KB

MD5
e003d4b718eff1fcc93ae78d2c3bbd99

SHA1
3660048530dc153b578cdbabb5fdbac63bf4c565

SHA256
31573f5b6f3ab28df26e1e3dec65cac6ddbdbef988627ae412187e194523c4f9

SHA512
d99ccb647665dcbf932e863f5f316e0b4c55406556b95ab198ebecc00066507d4561d375ac1c3de452c26f457c9088e459493aebe9812c8072f49fff0353d9d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37867.exe

Filesize
468KB

MD5
5a641c3e4a080aeb7125b6759ddab6f3

SHA1
f34b98b2a6285ca3af82787271dd0294bdfa4222

SHA256
2d49efe06a30354a70aa3f164ab7863fd4b6808a09a42f18ae718d832edd52a6

SHA512
803763123f1377a719165f66b0e2377658f33423b72d5ba340654435af2a83bffdce4b9f70ed6adee91007afbe37a6895c6bccf9d9e0d072e037d1e4cfe71b8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe

Filesize
468KB

MD5
04a12c8f0072642a4c55e3160fffdb12

SHA1
8c5db79129ccc4ea28b497f65dd4efe2ac54d6e0

SHA256
eea6431a0b8188415bccf226b9a460e45a2a7037e82c0fc61c34bb5e1fb297c3

SHA512
33a996dbe509dfc877cf228b34d20403ae4d75157c61502f564f974c4c11070811d88091de4c9857a430924b9ad5a75b5f5ac4553f8838eadf9d096d275345e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43467.exe

Filesize
468KB

MD5
74f0a16d0ab02334a7ce2385f78263a5

SHA1
1c2e022ced430a4e316528db269d935579bd1f26

SHA256
b3c8131fbb718d6927a914dc6582b3aabd42063f2a91597d63ca98b51bf7d70b

SHA512
a2e681f7ca4fcfe650040218283ea4c0d5f6d163552133448a072d3df1dd3cc3a350facac6582d7417775e08a7efeeeac6c08a66e79b003bd4b44ace1a357f48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49714.exe

Filesize
468KB

MD5
305c154f8c6658989172d3ccc6797248

SHA1
a9175ee9a14828f7a4678b9a7753bc0c2655e73a

SHA256
90e0b39058b7f8e9e36941da4626a4cc2f0f1ad03ecf421fc2af6017621e05a2

SHA512
2d9b863911bd3d86d29d329419894e83d4311a772fa9c1ae8b163ff1696eb691335082b34394edceec98bf53d7e873a82cdd7bf44ce3be695a24dc06b3416390

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50076.exe

Filesize
468KB

MD5
3d8399f6c34d80cbef81971c13753b7a

SHA1
d2658a802e779fa9410a0c630fd1a30ab3a1a9e5

SHA256
ee3aa7e078cf46ed0dac6d00144847301ffe72f44ea228226ceebf9982b13108

SHA512
7f6ac32116930b2fe11b0ad6c099e904a2ca4a0c839d84ce27158ebdc73a5a618e99c979e04257f49852fe7be249bdc03d2802ff3b5d2bc2e2b76442d1ab26f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52366.exe

Filesize
468KB

MD5
83492a8888d24633809ce0e73a4cc4c5

SHA1
ea17bf3550a61a97ddd1a13620460f9292b5cfc5

SHA256
07654b07fa26d7dc063ebc7a0e661e8ef5763bd49379623b775861e4e973ee78

SHA512
035a1de2c287f9321157b025290ba707524e69dbabf00fee6df77be9ec556e76b9c5809971414aaffd1d8b468d1d6de3cc52882ec26d7a62f11904b1f23986aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe

Filesize
468KB

MD5
f84ee6941e1bb15e9b8362b1d1cf631a

SHA1
09c6a42b0255d878ae265d33091d97a9ef7cb27c

SHA256
143ba59824613c6099dd3ef357b30e2654dea637bd24fc30cc94e811929af819

SHA512
d8d56a2f59b25558248ff8736e73c371bbad1c72694cb20272c07bf013d21903268914d721d5ffd75969a3b901ff448b44b455f7511f7cfec8e6e02f0863ffee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53329.exe

Filesize
468KB

MD5
2c90eb7b9334ebfb1e61297f23cc772b

SHA1
6b2a13bbb9db415f75d4def3357fb192f204efb8

SHA256
12877f9e81c41772c5dc8322ef5f9f133573eaf77e1495247125309528c18e18

SHA512
4054b42e499ef2e188793880ac5d479bc85e983264425946f39b27c03d70cc6b78d5ef3fb1bdb235a55775a87b25e41b9426d72ecc3f7069e01d54e7db4bdbfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe

Filesize
468KB

MD5
c16167a9e34afc2a014d1b1da595dbf1

SHA1
e4056513c2686979396b3d43cfee7a570dc22979

SHA256
95af39798b6ddc23f061d58eabf7e0becb05382efd80bd9fcd64fed8f0394857

SHA512
c45259398c46af596bffd8a05f2468a02fbfa56ee3b909415de1f229c92131b219567339f59ecd763e1ea69f44d9153cf5e5c36b221187742bebfca7bce29dbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe

Filesize
468KB

MD5
d45d8617c6329e1195a82912408e1b0e

SHA1
f211afb15a00e744a93952f1c7dd0d5f42b53f2c

SHA256
19516d631e6d326778d7819f1dba0e3bfc6b07bf66e8053140889c5ebda99acf

SHA512
e2ba1c4479f7b0acbe396e36647146c19aaf9c5189e6a348bd72870075f139f62ac15b2c63bd15f5c4c597caf2081521148c3aeb57e1e78816d3202596abc852

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe

Filesize
468KB

MD5
bf71388aa085bebbe9f6541e6e211cca

SHA1
40604f91b24e69f4a06d951237e9e976e4761778

SHA256
6e739f406d80799accd40b08c312d7e1b9e5e4de428a57be4881abd054a650d2

SHA512
40612097d4d98954aca1126b3640cb55027d500638833ec892edcb2e6a3f068cfb6ce805ad891600fd656a012c672f5bfa6e5866e69e4129913bebf563dcbf1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55941.exe

Filesize
468KB

MD5
cc4ca7601e64ffc238168a293d34667f

SHA1
36459e5c07c7259f30b74e0d47173d897b06541a

SHA256
d7792d40b10c77d75708c8854dd0a2c531b25a1a0b96afd7dd31af6e51f15eb4

SHA512
a8db9b9a17201cd34e1fae385bfc918ece40f645c78fc9c935f1446bcadfc72deda4d5b15077dba3c52e0c9d382c5620af7f5cf3d433a5ceb3903edca57cd600

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe

Filesize
468KB

MD5
bdc522c4bb7abaa53616abf2f5a39231

SHA1
f3ae5d53bbf3774b9c54605c506048cbccf65866

SHA256
1b56dfbbd1f23a6857b2398c655db3dda18bdfc9dd29b83259d4bf6cf6bb3cb4

SHA512
f32215e1ce14c74b221640b3075d086da5cc242d0a77dec22d42c78ec6c9d8fc7c7a27147748ff4842dc0f6d1155bff55fc9462121f6a2c3542f3ca58e59bc9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58805.exe

Filesize
468KB

MD5
ea59a2b2e14044694d0feb4c5c3a7a75

SHA1
32e6b8936215a07a81ce45b96f2a98c551e21361

SHA256
329defd0156061c5bb2ce46b953bbb7dfac74d404de531dc0f5368ee5e873a2d

SHA512
2944eec628180d6f4241d807ab1d284749cb0920fd97c2305e67b0ef7efaae28c31ae5657aebf7507af3b80e3fe93d3bc90d80580b5d2582e627db5c01d3e030

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60457.exe

Filesize
468KB

MD5
f2c489ef208018fb2edc8a9c378daf1d

SHA1
90ac66f27689bcf0388326c4c77c3b42dd2bd76e

SHA256
017bf65f77b2014ead20ca848eb959b38d7620587649229812eb4ed7b4543e28

SHA512
6adfd619b0b4dbdf1909306491aaf2bb482e696179b210eb79921b09291569549a3a424f0ddfb87d38320e15bcac7788ad0d527c624ddd9542cf96a568f2319b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60715.exe

Filesize
468KB

MD5
49c1bd8ada3c8c0ea77fab3654079c78

SHA1
2e667e27f0f2e404611ce814bb679ceaf2b4c433

SHA256
72e60b8d8bc13ae510bd027e380605e1c6bb8a69213317796a0bc06e6a75d269

SHA512
1555316af72e65476afba84da0b75b520ece7d4d3108af4b331d7cf152ad946dcaba0a6fe56ae368d6ea72a20fcc5abe1a251cbf0fc311f6b533d7224d3e0fad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60939.exe

Filesize
468KB

MD5
6d96d99f172ef65c906089dfff1a1b55

SHA1
70d7d5066bc8220e0ef0d9d4a5f7eec1cb56bd0e

SHA256
6e61f21d1b15f73e4002bbd815962eb9c6e731cce88d6a1eeade32443382a826

SHA512
fcf65577d8f6e30415d9d0f39e0ee2f05fada1d302c1927e9169d39c26f7ec800609448146ad0ec2193e49a213dea2361031325ed4fcbfcad67dac9dbc37d004

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8039.exe

Filesize
468KB

MD5
edca292b0d8c1239a93b849465ca8c6a

SHA1
c95ae329219990bf6e3ad3a4a9df085e28627283

SHA256
09fc0ebe28a55536d89ed1cb28522c4bd87d853b50400cb2c261e687d4a4b010

SHA512
aab0dbb649fdeb96603ce30dcd50bf393b01995a8b806a12d222edbb9ab2f755e7d32cbb9b1190800531a6f10e149bd13c9060a4a4500e7b31f038f0bd22845e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads