86175300fbb2ca2f7f6e5c4c1ca33194b45a7226ef984b44b3e0fe8b6080e138

Analysis

max time kernel
119s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 05:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

86175300fbb2ca2f7f6e5c4c1ca33194b45a7226ef984b44b3e0fe8b6080e138N.exe
Size

468KB
MD5

39184384623785ad5ede8526e22ba5c0
SHA1

4613bfe8e987784bfff5fe4f1046ef02dd4a5526
SHA256

86175300fbb2ca2f7f6e5c4c1ca33194b45a7226ef984b44b3e0fe8b6080e138
SHA512

8afed6c7bfbd9b7edc6702f4fbb65692bd6f29248a6b88b01fe593f0d346f34ad05396c3612dc5e143e5c24bcf3e92f652e63d4681fac35aa55c9c0fa84e30bd
SSDEEP

3072:WudSogdEIcAAHbYbzfjcff8wWaJBHpnLJEHCgdSDbjDLoDFD+AfZ:WuUoE1AHwzrcffZBx3bjHyFD+

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1380	Unicorn-42075.exe
2692	Unicorn-33435.exe
4628	Unicorn-29905.exe
208	Unicorn-25070.exe
1548	Unicorn-50643.exe
312	Unicorn-30777.exe
1632	Unicorn-60849.exe
3740	Unicorn-45459.exe
1776	Unicorn-61795.exe
4332	Unicorn-897.exe
4020	Unicorn-62764.exe
4756	Unicorn-2900.exe
1668	Unicorn-48837.exe
4652	Unicorn-3165.exe
3060	Unicorn-21649.exe
3432	Unicorn-40939.exe
880	Unicorn-52677.exe
1604	Unicorn-55267.exe
1168	Unicorn-14234.exe
5116	Unicorn-32608.exe
4232	Unicorn-30379.exe
2612	Unicorn-32608.exe
2900	Unicorn-30955.exe
2288	Unicorn-4805.exe
4212	Unicorn-39123.exe
1924	Unicorn-42884.exe
4764	Unicorn-22522.exe
2028	Unicorn-12787.exe
1008	Unicorn-60098.exe
1764	Unicorn-24707.exe
1372	Unicorn-34912.exe
3840	Unicorn-35179.exe
3704	Unicorn-64322.exe
4316	Unicorn-17582.exe
1264	Unicorn-19227.exe
4428	Unicorn-61228.exe
3852	Unicorn-6460.exe
820	Unicorn-19035.exe
32	Unicorn-63746.exe
3148	Unicorn-9255.exe
2736	Unicorn-5015.exe
3380	Unicorn-13448.exe
5036	Unicorn-51174.exe
4000	Unicorn-30361.exe
3892	Unicorn-13256.exe
3588	Unicorn-16582.exe
808	Unicorn-8679.exe
2156	Unicorn-59504.exe
2832	Unicorn-21809.exe
4872	Unicorn-13832.exe
336	Unicorn-35296.exe
3412	Unicorn-59800.exe
1496	Unicorn-53256.exe
620	Unicorn-55824.exe
720	Unicorn-8487.exe
1780	Unicorn-64631.exe
3596	Unicorn-1669.exe
4012	Unicorn-61424.exe
3808	Unicorn-15678.exe
4168	Unicorn-18384.exe
3520	Unicorn-59224.exe
2620	Unicorn-39358.exe
2196	Unicorn-9758.exe
4100	Unicorn-34201.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
6320	5168	WerFault.exe	189
11652	5460	WerFault.exe	243

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50303.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-822.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13319.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47573.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45625.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58839.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5950.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11574.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32608.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2814.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58798.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6550.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15832.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58814.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42866.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57896.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37022.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42866.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57759.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39134.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11238.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10469.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22012.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16582.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56494.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54848.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4520	dwm.exe
Token: SeChangeNotifyPrivilege	4520	dwm.exe
Token: 33	4520	dwm.exe
Token: SeIncBasePriorityPrivilege	4520	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3772	86175300fbb2ca2f7f6e5c4c1ca33194b45a7226ef984b44b3e0fe8b6080e138N.exe
1380	Unicorn-42075.exe
2692	Unicorn-33435.exe
4628	Unicorn-29905.exe
208	Unicorn-25070.exe
312	Unicorn-30777.exe
1632	Unicorn-60849.exe
1548	Unicorn-50643.exe
3740	Unicorn-45459.exe
4332	Unicorn-897.exe
1776	Unicorn-61795.exe
4020	Unicorn-62764.exe
1668	Unicorn-48837.exe
4756	Unicorn-2900.exe
4652	Unicorn-3165.exe
3060	Unicorn-21649.exe
3432	Unicorn-40939.exe
880	Unicorn-52677.exe
1168	Unicorn-14234.exe
1604	Unicorn-55267.exe
5116	Unicorn-32608.exe
4764	Unicorn-22522.exe
2900	Unicorn-30955.exe
4232	Unicorn-30379.exe
2612	Unicorn-32608.exe
2288	Unicorn-4805.exe
1008	Unicorn-60098.exe
1924	Unicorn-42884.exe
2028	Unicorn-12787.exe
4212	Unicorn-39123.exe
1764	Unicorn-24707.exe
1372	Unicorn-34912.exe
3840	Unicorn-35179.exe
3704	Unicorn-64322.exe
4316	Unicorn-17582.exe
3852	Unicorn-6460.exe
4428	Unicorn-61228.exe
1264	Unicorn-19227.exe
32	Unicorn-63746.exe
820	Unicorn-19035.exe
3148	Unicorn-9255.exe
2736	Unicorn-5015.exe
5036	Unicorn-51174.exe
3380	Unicorn-13448.exe
3892	Unicorn-13256.exe
4000	Unicorn-30361.exe
3588	Unicorn-16582.exe
336	Unicorn-35296.exe
620	Unicorn-55824.exe
2156	Unicorn-59504.exe
3412	Unicorn-59800.exe
1496	Unicorn-53256.exe
808	Unicorn-8679.exe
4012	Unicorn-61424.exe
4872	Unicorn-13832.exe
3808	Unicorn-15678.exe
720	Unicorn-8487.exe
3596	Unicorn-1669.exe
1780	Unicorn-64631.exe
2832	Unicorn-21809.exe
4168	Unicorn-18384.exe
3520	Unicorn-59224.exe
2620	Unicorn-39358.exe
2196	Unicorn-9758.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3772 wrote to memory of 1380	3772	86175300fbb2ca2f7f6e5c4c1ca33194b45a7226ef984b44b3e0fe8b6080e138N.exe	82
PID 3772 wrote to memory of 1380	3772	86175300fbb2ca2f7f6e5c4c1ca33194b45a7226ef984b44b3e0fe8b6080e138N.exe	82
PID 3772 wrote to memory of 1380	3772	86175300fbb2ca2f7f6e5c4c1ca33194b45a7226ef984b44b3e0fe8b6080e138N.exe	82
PID 1380 wrote to memory of 2692	1380	Unicorn-42075.exe	85
PID 1380 wrote to memory of 2692	1380	Unicorn-42075.exe	85
PID 1380 wrote to memory of 2692	1380	Unicorn-42075.exe	85
PID 3772 wrote to memory of 4628	3772	86175300fbb2ca2f7f6e5c4c1ca33194b45a7226ef984b44b3e0fe8b6080e138N.exe	86
PID 3772 wrote to memory of 4628	3772	86175300fbb2ca2f7f6e5c4c1ca33194b45a7226ef984b44b3e0fe8b6080e138N.exe	86
PID 3772 wrote to memory of 4628	3772	86175300fbb2ca2f7f6e5c4c1ca33194b45a7226ef984b44b3e0fe8b6080e138N.exe	86
PID 2692 wrote to memory of 208	2692	Unicorn-33435.exe	89
PID 2692 wrote to memory of 208	2692	Unicorn-33435.exe	89
PID 2692 wrote to memory of 208	2692	Unicorn-33435.exe	89
PID 4628 wrote to memory of 1548	4628	Unicorn-29905.exe	91
PID 4628 wrote to memory of 1548	4628	Unicorn-29905.exe	91
PID 4628 wrote to memory of 1548	4628	Unicorn-29905.exe	91
PID 1380 wrote to memory of 312	1380	Unicorn-42075.exe	90
PID 1380 wrote to memory of 312	1380	Unicorn-42075.exe	90
PID 1380 wrote to memory of 312	1380	Unicorn-42075.exe	90
PID 3772 wrote to memory of 1632	3772	86175300fbb2ca2f7f6e5c4c1ca33194b45a7226ef984b44b3e0fe8b6080e138N.exe	92
PID 3772 wrote to memory of 1632	3772	86175300fbb2ca2f7f6e5c4c1ca33194b45a7226ef984b44b3e0fe8b6080e138N.exe	92
PID 3772 wrote to memory of 1632	3772	86175300fbb2ca2f7f6e5c4c1ca33194b45a7226ef984b44b3e0fe8b6080e138N.exe	92
PID 208 wrote to memory of 3740	208	Unicorn-25070.exe	94
PID 208 wrote to memory of 3740	208	Unicorn-25070.exe	94
PID 208 wrote to memory of 3740	208	Unicorn-25070.exe	94
PID 312 wrote to memory of 1776	312	Unicorn-30777.exe	95
PID 312 wrote to memory of 1776	312	Unicorn-30777.exe	95
PID 312 wrote to memory of 1776	312	Unicorn-30777.exe	95
PID 2692 wrote to memory of 4332	2692	Unicorn-33435.exe	96
PID 2692 wrote to memory of 4332	2692	Unicorn-33435.exe	96
PID 2692 wrote to memory of 4332	2692	Unicorn-33435.exe	96
PID 1380 wrote to memory of 4020	1380	Unicorn-42075.exe	97
PID 1380 wrote to memory of 4020	1380	Unicorn-42075.exe	97
PID 1380 wrote to memory of 4020	1380	Unicorn-42075.exe	97
PID 3772 wrote to memory of 4756	3772	86175300fbb2ca2f7f6e5c4c1ca33194b45a7226ef984b44b3e0fe8b6080e138N.exe	98
PID 3772 wrote to memory of 4756	3772	86175300fbb2ca2f7f6e5c4c1ca33194b45a7226ef984b44b3e0fe8b6080e138N.exe	98
PID 3772 wrote to memory of 4756	3772	86175300fbb2ca2f7f6e5c4c1ca33194b45a7226ef984b44b3e0fe8b6080e138N.exe	98
PID 4628 wrote to memory of 1668	4628	Unicorn-29905.exe	100
PID 4628 wrote to memory of 1668	4628	Unicorn-29905.exe	100
PID 4628 wrote to memory of 1668	4628	Unicorn-29905.exe	100
PID 1632 wrote to memory of 4652	1632	Unicorn-60849.exe	99
PID 1632 wrote to memory of 4652	1632	Unicorn-60849.exe	99
PID 1632 wrote to memory of 4652	1632	Unicorn-60849.exe	99
PID 1548 wrote to memory of 3060	1548	Unicorn-50643.exe	103
PID 1548 wrote to memory of 3060	1548	Unicorn-50643.exe	103
PID 1548 wrote to memory of 3060	1548	Unicorn-50643.exe	103
PID 3740 wrote to memory of 3432	3740	Unicorn-45459.exe	104
PID 3740 wrote to memory of 3432	3740	Unicorn-45459.exe	104
PID 3740 wrote to memory of 3432	3740	Unicorn-45459.exe	104
PID 208 wrote to memory of 880	208	Unicorn-25070.exe	105
PID 208 wrote to memory of 880	208	Unicorn-25070.exe	105
PID 208 wrote to memory of 880	208	Unicorn-25070.exe	105
PID 4332 wrote to memory of 1604	4332	Unicorn-897.exe	106
PID 4332 wrote to memory of 1604	4332	Unicorn-897.exe	106
PID 4332 wrote to memory of 1604	4332	Unicorn-897.exe	106
PID 1668 wrote to memory of 1168	1668	Unicorn-48837.exe	107
PID 1668 wrote to memory of 1168	1668	Unicorn-48837.exe	107
PID 1668 wrote to memory of 1168	1668	Unicorn-48837.exe	107
PID 4628 wrote to memory of 5116	4628	Unicorn-29905.exe	109
PID 4628 wrote to memory of 5116	4628	Unicorn-29905.exe	109
PID 4628 wrote to memory of 5116	4628	Unicorn-29905.exe	109
PID 2692 wrote to memory of 2612	2692	Unicorn-33435.exe	108
PID 2692 wrote to memory of 2612	2692	Unicorn-33435.exe	108
PID 2692 wrote to memory of 2612	2692	Unicorn-33435.exe	108
PID 4020 wrote to memory of 4232	4020	Unicorn-62764.exe	110

C:\Users\Admin\AppData\Local\Temp\86175300fbb2ca2f7f6e5c4c1ca33194b45a7226ef984b44b3e0fe8b6080e138N.exe
"C:\Users\Admin\AppData\Local\Temp\86175300fbb2ca2f7f6e5c4c1ca33194b45a7226ef984b44b3e0fe8b6080e138N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42075.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42075.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25070.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45459.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40939.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35179.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34201.exe
        8⤵
        Executes dropped EXE
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40199.exe
        9⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26095.exe
        10⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
        10⤵
        
        PID:14320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51126.exe
        10⤵
        
        PID:17308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5492.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25061.exe
        9⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53535.exe
        9⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54398.exe
        9⤵
        
        PID:17368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44373.exe
        9⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
        8⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        9⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47966.exe
        9⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10093.exe
        9⤵
        
        PID:17896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14236.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
        8⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24190.exe
        8⤵
        
        PID:16844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2016.exe
        8⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53537.exe
        9⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24472.exe
        10⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
        10⤵
        
        PID:14276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12972.exe
        10⤵
        
        PID:17960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5989.exe
        10⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        9⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41910.exe
        9⤵
        
        PID:13244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5029.exe
        9⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45104.exe
        8⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36200.exe
        9⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44039.exe
        9⤵
        
        PID:15192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13844.exe
        9⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1734.exe
        8⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        8⤵
        
        PID:16124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33237.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58592.exe
        8⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6270.exe
        8⤵
        
        PID:15792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        8⤵
        
        PID:17676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43096.exe
        7⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26229.exe
        7⤵
        
        PID:13124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7655.exe
        7⤵
        
        PID:16856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47631.exe
        7⤵
        
        PID:11884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64322.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20688.exe
        7⤵
        
        PID:508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2208.exe
        8⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62281.exe
        9⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18201.exe
        10⤵
        
        PID:12480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27671.exe
        10⤵
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        10⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51894.exe
        9⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38616.exe
        9⤵
        
        PID:15540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-956.exe
        9⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34735.exe
        8⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54617.exe
        9⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52352.exe
        9⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        9⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13349.exe
        8⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61776.exe
        8⤵
        
        PID:15320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28620.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:18312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60599.exe
        7⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61055.exe
        8⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44495.exe
        8⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        8⤵
        
        PID:16220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26330.exe
        8⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33439.exe
        7⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14901.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16154.exe
        7⤵
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11350.exe
        6⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40199.exe
        7⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2655.exe
        8⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37831.exe
        8⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41407.exe
        8⤵
        
        PID:15864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21141.exe
        8⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21444.exe
        8⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63271.exe
        7⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45559.exe
        7⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38061.exe
        7⤵
        
        PID:17120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5293.exe
        7⤵
        
        PID:8588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10495.exe
        6⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61513.exe
        7⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55961.exe
        8⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17095.exe
        8⤵
        
        PID:15028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        8⤵
        
        PID:17436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        7⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41910.exe
        7⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62475.exe
        7⤵
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7606.exe
        6⤵
        
        PID:7684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22711.exe
        6⤵
        
        PID:10784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52873.exe
        6⤵
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48076.exe
        6⤵
        
        PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52677.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17582.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4159.exe
        7⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13391.exe
        8⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
        9⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
        9⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58158.exe
        9⤵
        
        PID:14884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53238.exe
        9⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56967.exe
        8⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9766.exe
        8⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48616.exe
        8⤵
        
        PID:14820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11044.exe
        8⤵
        
        PID:17468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25150.exe
        7⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4414.exe
        8⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
        8⤵
        
        PID:14156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51126.exe
        8⤵
        
        PID:17248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62861.exe
        8⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55295.exe
        7⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33022.exe
        7⤵
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35546.exe
        7⤵
        
        PID:6828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        6⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26713.exe
        7⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2639.exe
        8⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9863.exe
        8⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe
        8⤵
        
        PID:15580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53810.exe
        8⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17662.exe
        7⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60311.exe
        7⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
        7⤵
        
        PID:15892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27660.exe
        7⤵
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-926.exe
        6⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
        7⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46535.exe
        7⤵
        
        PID:14680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3948.exe
        7⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49911.exe
        6⤵
        
        PID:9328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50784.exe
        6⤵
        
        PID:13756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
        6⤵
        
        PID:17752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
        6⤵
        
        PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61228.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18825.exe
        6⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53111.exe
        7⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
        8⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51199.exe
        8⤵
        
        PID:16056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36951.exe
        7⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38351.exe
        7⤵
        
        PID:13356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31886.exe
        7⤵
        
        PID:17616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31037.exe
        7⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37831.exe
        7⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59326.exe
        7⤵
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47895.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26110.exe
        6⤵
        
        PID:16972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        6⤵
        
        PID:13996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5046.exe
        5⤵
        
        PID:1392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15119.exe
        6⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33688.exe
        7⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-190.exe
        7⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60270.exe
        7⤵
        
        PID:14836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12205.exe
        7⤵
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42358.exe
        6⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39049.exe
        7⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
        7⤵
        
        PID:14980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        7⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60311.exe
        6⤵
        
        PID:11792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47272.exe
        6⤵
        
        PID:15656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2428.exe
        6⤵
        
        PID:10116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
        5⤵
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34664.exe
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54791.exe
        6⤵
        
        PID:14712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56610.exe
        6⤵
        
        PID:17628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35959.exe
        5⤵
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45400.exe
        5⤵
        
        PID:12440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13854.exe
        5⤵
        
        PID:17168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59301.exe
        5⤵
        
        PID:8972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55267.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10464.exe
        7⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
        8⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30350.exe
        9⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42047.exe
        9⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45056.exe
        9⤵
        
        PID:14988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11044.exe
        9⤵
        
        PID:17988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62208.exe
        8⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53614.exe
        8⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49991.exe
        8⤵
        
        PID:15620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9316.exe
        8⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63552.exe
        7⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 632
        8⤵
        Program crash
        
        PID:11652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1709.exe
        7⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59063.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        7⤵
        
        PID:16140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64304.exe
        6⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8534.exe
        7⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10549.exe
        7⤵
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14894.exe
        7⤵
        
        PID:15440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45316.exe
        7⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38886.exe
        6⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43496.exe
        7⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34598.exe
        7⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41407.exe
        7⤵
        
        PID:15760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41718.exe
        7⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61160.exe
        6⤵
        
        PID:8780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41855.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18319.exe
        6⤵
        
        PID:17192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
        6⤵
        
        PID:11756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63746.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:32
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62680.exe
        6⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
        7⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11871.exe
        8⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        8⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42751.exe
        8⤵
        
        PID:14604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29310.exe
        8⤵
        
        PID:17772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49863.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47566.exe
        7⤵
        
        PID:12468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
        7⤵
        
        PID:16024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        7⤵
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25150.exe
        6⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        7⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55127.exe
        7⤵
        
        PID:14252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51126.exe
        7⤵
        
        PID:17244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21444.exe
        7⤵
        
        PID:11856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46080.exe
        6⤵
        
        PID:10052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42151.exe
        6⤵
        
        PID:12596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        6⤵
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63391.exe
        6⤵
        
        PID:12580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64718.exe
        5⤵
        
        PID:692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19889.exe
        6⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9183.exe
        7⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        7⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41054.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39046.exe
        7⤵
        
        PID:12020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40111.exe
        6⤵
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60311.exe
        6⤵
        
        PID:11764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
        6⤵
        
        PID:16212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28460.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20630.exe
        5⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        6⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37513.exe
        7⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44184.exe
        7⤵
        
        PID:14492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47789.exe
        7⤵
        
        PID:10152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        6⤵
        
        PID:10696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42751.exe
        6⤵
        
        PID:14748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27878.exe
        6⤵
        
        PID:816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38598.exe
        5⤵
        
        PID:8620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28334.exe
        5⤵
        
        PID:12488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54928.exe
        5⤵
        
        PID:17068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
        5⤵
        
        PID:9872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32608.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30361.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53007.exe
        6⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18976.exe
        7⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9287.exe
        7⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57919.exe
        7⤵
        
        PID:14500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe
        6⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
        7⤵
        
        PID:12760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14407.exe
        7⤵
        
        PID:17440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62589.exe
        7⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62720.exe
        6⤵
        
        PID:12228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
        6⤵
        
        PID:15432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3917.exe
        6⤵
        
        PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61144.exe
        5⤵
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18649.exe
        6⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        7⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54184.exe
        7⤵
        
        PID:15268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27660.exe
        7⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52582.exe
        7⤵
        
        PID:13036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39831.exe
        6⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
        7⤵
        
        PID:528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29029.exe
        6⤵
        
        PID:13172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
        6⤵
        
        PID:16832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11750.exe
        5⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        6⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55127.exe
        6⤵
        
        PID:14260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59294.exe
        6⤵
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14236.exe
        6⤵
        
        PID:9996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32079.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-630.exe
        5⤵
        
        PID:12236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9575.exe
        5⤵
        
        PID:16944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22550.exe
        5⤵
        
        PID:11680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16582.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17777.exe
        5⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48664.exe
        6⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3423.exe
        7⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62528.exe
        7⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
        7⤵
        
        PID:16272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53451.exe
        7⤵
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53703.exe
        6⤵
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55646.exe
        6⤵
        
        PID:13264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34776.exe
        6⤵
        
        PID:16996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28902.exe
        5⤵
        
        PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24885.exe
        5⤵
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52928.exe
        5⤵
        
        PID:12476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52741.exe
        5⤵
        
        PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-294.exe
      4⤵
      PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
        5⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56153.exe
        6⤵
        
        PID:10668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41599.exe
        6⤵
        
        PID:14740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45858.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30838.exe
        5⤵
        
        PID:8196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39663.exe
        5⤵
        
        PID:14140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45870.exe
        5⤵
        
        PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37967.exe
      4⤵
      PID:7292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21520.exe
      4⤵
      PID:9820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43189.exe
      4⤵
      PID:12372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45077.exe
      4⤵
      PID:11808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61795.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4805.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21809.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25534.exe
        7⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
        8⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1926.exe
        8⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
        8⤵
        
        PID:16188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17597.exe
        8⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53567.exe
        7⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
        7⤵
        
        PID:13208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26110.exe
        7⤵
        
        PID:17092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29221.exe
        7⤵
        
        PID:10196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11782.exe
        6⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1103.exe
        7⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51688.exe
        8⤵
        
        PID:13196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23535.exe
        8⤵
        
        PID:16920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14540.exe
        8⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20854.exe
        7⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57535.exe
        7⤵
        
        PID:14388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61438.exe
        7⤵
        
        PID:9764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43951.exe
        6⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57759.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29950.exe
        6⤵
        
        PID:15532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4909.exe
        6⤵
        
        PID:10620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53256.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53080.exe
        6⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10127.exe
        7⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51280.exe
        8⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37831.exe
        8⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
        8⤵
        
        PID:16348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45294.exe
        8⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41559.exe
        7⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44655.exe
        7⤵
        
        PID:12676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63063.exe
        7⤵
        
        PID:17132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17292.exe
        7⤵
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64455.exe
        6⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34280.exe
        7⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2814.exe
        7⤵
        
        PID:15056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
        7⤵
        
        PID:17112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7318.exe
        6⤵
        
        PID:13852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33052.exe
        6⤵
        
        PID:6632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62488.exe
        5⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46184.exe
        6⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32398.exe
        6⤵
        
        PID:12836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39134.exe
        6⤵
        
        PID:16584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58438.exe
        6⤵
        
        PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34150.exe
        5⤵
        
        PID:9220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13150.exe
        5⤵
        
        PID:13380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32417.exe
        5⤵
        
        PID:17648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21289.exe
        5⤵
        
        PID:6536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42884.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13832.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25753.exe
        6⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56033.exe
        7⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10055.exe
        7⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1942.exe
        7⤵
        
        PID:15784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        7⤵
        
        PID:17152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53184.exe
        6⤵
        
        PID:8112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24942.exe
        6⤵
        
        PID:11256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46919.exe
        6⤵
        
        PID:15096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19212.exe
        6⤵
        
        PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
        5⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        6⤵
        
        PID:1468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40863.exe
        6⤵
        
        PID:15232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27660.exe
        6⤵
        
        PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42816.exe
        5⤵
        
        PID:9228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29685.exe
        5⤵
        
        PID:13368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15351.exe
        5⤵
        
        PID:17628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33220.exe
        5⤵
        
        PID:17432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15678.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25753.exe
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
        6⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54184.exe
        7⤵
        
        PID:15244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42866.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
        6⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59294.exe
        6⤵
        
        PID:13948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37127.exe
        6⤵
        
        PID:17792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43058.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2805.exe
        6⤵
        
        PID:18476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43759.exe
        5⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58592.exe
        6⤵
        
        PID:10972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39134.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52662.exe
        6⤵
        
        PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51886.exe
        5⤵
        
        PID:9468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
        5⤵
        
        PID:14380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
        5⤵
        
        PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3479.exe
      4⤵
      PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42904.exe
        5⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
        6⤵
        
        PID:11192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51199.exe
        6⤵
        
        PID:16048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3501.exe
        6⤵
        
        PID:13008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38150.exe
        5⤵
        
        PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53150.exe
        5⤵
        
        PID:14412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14157.exe
        5⤵
        
        PID:6308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1789.exe
      4⤵
      PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10800.exe
        5⤵
        
        PID:12424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
        5⤵
        
        PID:16248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25396.exe
        5⤵
        
        PID:8488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59551.exe
      4⤵
      PID:11688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32977.exe
      4⤵
      PID:15728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39908.exe
      4⤵
      PID:17900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62764.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62764.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30379.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13256.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2727.exe
        6⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
        7⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        8⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15294.exe
        8⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26990.exe
        8⤵
        
        PID:16820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58438.exe
        8⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28238.exe
        7⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44655.exe
        7⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43520.exe
        7⤵
        
        PID:17212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62861.exe
        7⤵
        
        PID:12452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2653.exe
        6⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
        7⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41407.exe
        7⤵
        
        PID:14916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56610.exe
        7⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43968.exe
        6⤵
        
        PID:9428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56494.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11926.exe
        6⤵
        
        PID:17808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33220.exe
        6⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
        5⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61352.exe
        6⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2136.exe
        7⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32398.exe
        7⤵
        
        PID:12828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39134.exe
        7⤵
        
        PID:16552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        7⤵
        
        PID:10216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33391.exe
        6⤵
        
        PID:8924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44655.exe
        6⤵
        
        PID:12540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63063.exe
        6⤵
        
        PID:17156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25580.exe
        6⤵
        
        PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14765.exe
        5⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29848.exe
        6⤵
        
        PID:9196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32398.exe
        6⤵
        
        PID:12844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39134.exe
        6⤵
        
        PID:16576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41718.exe
        6⤵
        
        PID:17684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61736.exe
        5⤵
        
        PID:8528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4221.exe
        5⤵
        
        PID:10772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21526.exe
        5⤵
        
        PID:17104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59504.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12431.exe
        5⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18400.exe
        6⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58953.exe
        7⤵
        
        PID:11652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14407.exe
        7⤵
        
        PID:17576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62973.exe
        7⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59928.exe
        6⤵
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        6⤵
        
        PID:16080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41021.exe
        6⤵
        
        PID:6520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
        6⤵
        
        PID:18464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56391.exe
        5⤵
        
        PID:8056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58592.exe
        6⤵
        
        PID:11028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
        6⤵
        
        PID:15004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45858.exe
        6⤵
        
        PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62943.exe
        5⤵
        
        PID:12300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        5⤵
        
        PID:16180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27493.exe
        5⤵
        
        PID:7032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8989.exe
      4⤵
      PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62665.exe
        5⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61664.exe
        6⤵
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18750.exe
        6⤵
        
        PID:13344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34686.exe
        6⤵
        
        PID:17640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5989.exe
        6⤵
        
        PID:12628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42431.exe
        5⤵
        
        PID:9988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39798.exe
        5⤵
        
        PID:13168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1733.exe
        5⤵
        
        PID:17784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64704.exe
      4⤵
      PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42856.exe
        5⤵
        
        PID:13884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42070.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
      4⤵
      PID:16160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28388.exe
      4⤵
      PID:6656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22522.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22522.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8487.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26521.exe
        5⤵
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19225.exe
        6⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15832.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26695.exe
        7⤵
        
        PID:14632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61701.exe
        7⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42566.exe
        6⤵
        
        PID:9028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        6⤵
        
        PID:12816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34008.exe
        6⤵
        
        PID:17468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33052.exe
        6⤵
        
        PID:6696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52400.exe
        5⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48177.exe
        6⤵
        
        PID:11040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31036.exe
        6⤵
        
        PID:17440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39831.exe
        5⤵
        
        PID:9932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11983.exe
        5⤵
        
        PID:14172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51506.exe
        5⤵
        
        PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46325.exe
        5⤵
        
        PID:12572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59255.exe
      4⤵
      PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12312.exe
        5⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46016.exe
        6⤵
        
        PID:13600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45453.exe
        6⤵
        
        PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        5⤵
        
        PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41910.exe
        5⤵
        
        PID:12880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12205.exe
        5⤵
        
        PID:3524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62622.exe
      4⤵
      PID:7640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47912.exe
      4⤵
      PID:10816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30853.exe
      4⤵
      PID:14804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31037.exe
      4⤵
      PID:17828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1669.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1669.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28384.exe
      4⤵
      PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4040.exe
        5⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
        6⤵
        
        PID:10732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63342.exe
        6⤵
        
        PID:15896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12205.exe
        6⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42431.exe
        5⤵
        
        PID:9900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        5⤵
        
        PID:14180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18837.exe
        5⤵
        
        PID:17388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        5⤵
        
        PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34957.exe
      4⤵
      PID:7924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
      4⤵
      PID:10432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38254.exe
      4⤵
      PID:15088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55191.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55191.exe
    3⤵
    PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18976.exe
      4⤵
      PID:7744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65424.exe
        5⤵
        
        PID:13968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17526.exe
        5⤵
        
        PID:17820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45858.exe
        5⤵
        
        PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9287.exe
      4⤵
      PID:10508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27685.exe
      4⤵
      PID:14672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36326.exe
      4⤵
      PID:4824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2895.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2895.exe
    3⤵
    PID:7752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33054.exe
    3⤵
    PID:10692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13615.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13615.exe
    3⤵
    PID:14708
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29905.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29905.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21649.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24707.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28768.exe
        7⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 492
        8⤵
        Program crash
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe
        7⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2942.exe
        7⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
        7⤵
        
        PID:16224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43058.exe
        7⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10973.exe
        7⤵
        
        PID:18492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60791.exe
        6⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42904.exe
        7⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10800.exe
        8⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
        8⤵
        
        PID:16144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
        8⤵
        
        PID:16828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
        7⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
        7⤵
        
        PID:13492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39046.exe
        7⤵
        
        PID:12012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4589.exe
        6⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19214.exe
        6⤵
        
        PID:11672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53111.exe
        6⤵
        
        PID:15308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43837.exe
        6⤵
        
        PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39358.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        6⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42904.exe
        7⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20854.exe
        7⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57535.exe
        7⤵
        
        PID:14404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42903.exe
        6⤵
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16591.exe
        6⤵
        
        PID:11132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        6⤵
        
        PID:16204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58318.exe
        6⤵
        
        PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64303.exe
        5⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18976.exe
        6⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13208.exe
        7⤵
        
        PID:13936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        7⤵
        
        PID:17900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
        7⤵
        
        PID:17796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        7⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
        6⤵
        
        PID:10776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55143.exe
        6⤵
        
        PID:14868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20565.exe
        6⤵
        
        PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11030.exe
        5⤵
        
        PID:7804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6966.exe
        5⤵
        
        PID:12284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23415.exe
        5⤵
        
        PID:14792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11574.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34912.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59224.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27673.exe
        6⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49816.exe
        7⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58592.exe
        8⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30774.exe
        8⤵
        
        PID:15856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55733.exe
        8⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5989.exe
        8⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24943.exe
        7⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59102.exe
        7⤵
        
        PID:14036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42653.exe
        7⤵
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38606.exe
        6⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58592.exe
        7⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
        7⤵
        
        PID:14996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47373.exe
        7⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3309.exe
        7⤵
        
        PID:18504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
        6⤵
        
        PID:9792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17781.exe
        6⤵
        
        PID:15456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36205.exe
        6⤵
        
        PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
        5⤵
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33688.exe
        6⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13319.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57774.exe
        6⤵
        
        PID:15168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61406.exe
        6⤵
        
        PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56094.exe
        5⤵
        
        PID:8384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58008.exe
        5⤵
        
        PID:11704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        5⤵
        
        PID:16196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        5⤵
        
        PID:7448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11336.exe
        5⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        6⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
        7⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27318.exe
        7⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45858.exe
        7⤵
        
        PID:17552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        6⤵
        
        PID:8256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47063.exe
        6⤵
        
        PID:13748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51723.exe
        6⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60181.exe
        6⤵
        
        PID:18516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48887.exe
        5⤵
        
        PID:7628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53614.exe
        5⤵
        
        PID:10628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64215.exe
        5⤵
        
        PID:14776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49773.exe
        5⤵
        
        PID:7512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53190.exe
      4⤵
      PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
        5⤵
        
        PID:8176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55127.exe
        5⤵
        
        PID:14244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60363.exe
        5⤵
        
        PID:17836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21444.exe
        5⤵
        
        PID:10120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
      4⤵
      PID:9148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34736.exe
      4⤵
      PID:12956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6397.exe
      4⤵
      PID:16700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20381.exe
      4⤵
      PID:180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48837.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48837.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14234.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19227.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38368.exe
        6⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10349.exe
        7⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29592.exe
        8⤵
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39501.exe
        8⤵
        
        PID:17812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29924.exe
        8⤵
        
        PID:11868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30751.exe
        7⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44263.exe
        7⤵
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
        7⤵
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41678.exe
        6⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        7⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54184.exe
        7⤵
        
        PID:15276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33052.exe
        7⤵
        
        PID:17696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47127.exe
        6⤵
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33022.exe
        6⤵
        
        PID:12756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        6⤵
        
        PID:16388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64496.exe
        5⤵
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29401.exe
        6⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57896.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        8⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56327.exe
        8⤵
        
        PID:13108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26990.exe
        8⤵
        
        PID:16868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31262.exe
        8⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53591.exe
        7⤵
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42461.exe
        7⤵
        
        PID:17044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54494.exe
        7⤵
        
        PID:12048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45104.exe
        6⤵
        
        PID:7668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42047.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64023.exe
        6⤵
        
        PID:14904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17100.exe
        6⤵
        
        PID:17992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14765.exe
        5⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5535.exe
        6⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53504.exe
        6⤵
        
        PID:13068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35351.exe
        6⤵
        
        PID:16796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41355.exe
        6⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45400.exe
        5⤵
        
        PID:8508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-630.exe
        5⤵
        
        PID:10836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9575.exe
        5⤵
        
        PID:17020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6460.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22032.exe
        5⤵
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56536.exe
        6⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
        7⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19353.exe
        8⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
        8⤵
        
        PID:16096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45666.exe
        8⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9863.exe
        7⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40431.exe
        7⤵
        
        PID:14616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53733.exe
        7⤵
        
        PID:8788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56967.exe
        6⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63504.exe
        7⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29311.exe
        7⤵
        
        PID:17560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13844.exe
        7⤵
        
        PID:17912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56855.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48616.exe
        6⤵
        
        PID:14864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19492.exe
        6⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46325.exe
        6⤵
        
        PID:12660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1030.exe
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46184.exe
        6⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32398.exe
        6⤵
        
        PID:12820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39134.exe
        6⤵
        
        PID:16532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56238.exe
        6⤵
        
        PID:17228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
        5⤵
        
        PID:7212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12502.exe
        5⤵
        
        PID:13224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26110.exe
        5⤵
        
        PID:17012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28250.exe
        5⤵
        
        PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32045.exe
      4⤵
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59977.exe
        6⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
        6⤵
        
        PID:11776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41407.exe
        6⤵
        
        PID:15736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53622.exe
        6⤵
        
        PID:17644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6260.exe
        6⤵
        
        PID:8248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32431.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
        5⤵
        
        PID:12968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36063.exe
        5⤵
        
        PID:16732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        5⤵
        
        PID:6568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44751.exe
      4⤵
      PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        5⤵
        
        PID:10544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36342.exe
        5⤵
        
        PID:15612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19797.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52495.exe
      4⤵
      PID:8752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33553.exe
      4⤵
      PID:13364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37604.exe
      4⤵
      PID:16696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42589.exe
      4⤵
      PID:12656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32608.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32608.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9255.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62104.exe
        5⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31840.exe
        6⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        7⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59809.exe
        8⤵
        
        PID:12240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
        8⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        8⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38150.exe
        7⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53150.exe
        7⤵
        
        PID:14420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5989.exe
        7⤵
        
        PID:12576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
        6⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        7⤵
        
        PID:12536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13349.exe
        6⤵
        
        PID:11720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40095.exe
        6⤵
        
        PID:15352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38933.exe
        6⤵
        
        PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43878.exe
        5⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        6⤵
        
        PID:9724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
        6⤵
        
        PID:14228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28924.exe
        6⤵
        
        PID:17852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55465.exe
        6⤵
        
        PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23349.exe
        5⤵
        
        PID:13100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54686.exe
        5⤵
        
        PID:12004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58575.exe
      4⤵
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4294.exe
        5⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2655.exe
        6⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1926.exe
        6⤵
        
        PID:12280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
        6⤵
        
        PID:16168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
        6⤵
        
        PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55295.exe
        5⤵
        
        PID:8900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50520.exe
        5⤵
        
        PID:12384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34854.exe
        5⤵
        
        PID:17144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46709.exe
        5⤵
        
        PID:12008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14765.exe
      4⤵
      PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26095.exe
        5⤵
        
        PID:9956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61480.exe
        5⤵
        
        PID:696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
        5⤵
        
        PID:8676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7574.exe
      4⤵
      PID:8340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52846.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8807.exe
      4⤵
      PID:16816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11574.exe
      4⤵
      PID:13992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5015.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5015.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10272.exe
      4⤵
      PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2120.exe
        5⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe
        6⤵
        
        PID:10700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44615.exe
        6⤵
        
        PID:14764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5764.exe
        6⤵
        
        PID:544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58798.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6550.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28084.exe
        5⤵
        
        PID:13056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43878.exe
      4⤵
      PID:6424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40777.exe
        5⤵
        
        PID:11912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20494.exe
        5⤵
        
        PID:15344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45666.exe
        5⤵
        
        PID:7460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24015.exe
      4⤵
      PID:9964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3318.exe
      4⤵
      PID:14164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1613.exe
      4⤵
      PID:17980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9318.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9318.exe
    3⤵
    PID:448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
      4⤵
      PID:6788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16334.exe
      4⤵
      PID:10068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64190.exe
      4⤵
      PID:14004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe
      4⤵
      PID:3168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57952.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57952.exe
    3⤵
    PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26776.exe
      4⤵
      PID:8716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62528.exe
      4⤵
      PID:11560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
      4⤵
      PID:16284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20597.exe
      4⤵
      PID:12084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45625.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45625.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31845.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31845.exe
    3⤵
    PID:13276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65312.exe
    3⤵
    PID:16932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65422.exe
    3⤵
    PID:2092
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3165.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39123.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35296.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
        6⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61217.exe
        7⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
        8⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
        8⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
        8⤵
        
        PID:16132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19709.exe
        8⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        7⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5485.exe
        7⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44999.exe
        7⤵
        
        PID:16568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11044.exe
        7⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45519.exe
        6⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
        7⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19918.exe
        7⤵
        
        PID:14812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30460.exe
        7⤵
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15269.exe
        6⤵
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36623.exe
        6⤵
        
        PID:12988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25342.exe
        6⤵
        
        PID:16892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6533.exe
        6⤵
        
        PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50568.exe
        5⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49344.exe
        6⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57305.exe
        7⤵
        
        PID:11832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37847.exe
        7⤵
        
        PID:15704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45858.exe
        7⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        6⤵
        
        PID:8492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41910.exe
        6⤵
        
        PID:13296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53238.exe
        6⤵
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8678.exe
        5⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34280.exe
        6⤵
        
        PID:11112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2814.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54965.exe
        6⤵
        
        PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        5⤵
        
        PID:10316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55119.exe
        5⤵
        
        PID:14516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45365.exe
        5⤵
        
        PID:9244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61424.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55768.exe
        5⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59977.exe
        6⤵
        
        PID:8452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38407.exe
        6⤵
        
        PID:11752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
        6⤵
        
        PID:16104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
        6⤵
        
        PID:7400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32461.exe
        5⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        5⤵
        
        PID:12680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33318.exe
        5⤵
        
        PID:16516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28250.exe
        5⤵
        
        PID:17688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8029.exe
      4⤵
      PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15712.exe
        5⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        6⤵
        
        PID:10536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13950.exe
        6⤵
        
        PID:14688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43601.exe
        6⤵
        
        PID:9588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44544.exe
        5⤵
        
        PID:7500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54184.exe
        5⤵
        
        PID:15252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28268.exe
        5⤵
        
        PID:9828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64704.exe
      4⤵
      PID:7616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39247.exe
      4⤵
      PID:10828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14318.exe
      4⤵
      PID:14828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48103.exe
      4⤵
      PID:6556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60098.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60098.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13448.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27424.exe
        5⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe
        6⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59977.exe
        7⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57256.exe
        8⤵
        
        PID:12160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29015.exe
        8⤵
        
        PID:15484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45858.exe
        8⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3309.exe
        8⤵
        
        PID:18524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
        7⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
        7⤵
        
        PID:16292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58054.exe
        7⤵
        
        PID:6712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32431.exe
        6⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50327.exe
        6⤵
        
        PID:12948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36063.exe
        6⤵
        
        PID:16712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        6⤵
        
        PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43878.exe
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41296.exe
        6⤵
        
        PID:9096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33711.exe
        6⤵
        
        PID:10824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33180.exe
        6⤵
        
        PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
        5⤵
        
        PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23349.exe
        5⤵
        
        PID:13076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36205.exe
        5⤵
        
        PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40614.exe
      4⤵
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        5⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
        6⤵
        
        PID:10376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51199.exe
        6⤵
        
        PID:16064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25958.exe
        6⤵
        
        PID:16052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16334.exe
        5⤵
        
        PID:7556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64190.exe
        5⤵
        
        PID:13868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
        5⤵
        
        PID:18420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22223.exe
      4⤵
      PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40201.exe
        5⤵
        
        PID:10684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44615.exe
        5⤵
        
        PID:12336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47373.exe
        5⤵
        
        PID:4308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43575.exe
      4⤵
      PID:10100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
      4⤵
      PID:13140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47823.exe
      4⤵
      PID:9392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51174.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12166.exe
      4⤵
      PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14616.exe
        5⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58592.exe
        6⤵
        
        PID:10956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27759.exe
        6⤵
        
        PID:15768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53621.exe
        6⤵
        
        PID:13984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5989.exe
        6⤵
        
        PID:11944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13070.exe
        5⤵
        
        PID:9892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55615.exe
        5⤵
        
        PID:14328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
        5⤵
        
        PID:18444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
      4⤵
      PID:5688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe
      4⤵
      PID:11888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38311.exe
      4⤵
      PID:15516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
      4⤵
      PID:11960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10054.exe
    3⤵
    PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21088.exe
      4⤵
      PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        5⤵
        
        PID:100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54184.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25388.exe
        5⤵
        
        PID:9868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37440.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40646.exe
      4⤵
      PID:14648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
    3⤵
    PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
      4⤵
      PID:8512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40863.exe
      4⤵
      PID:15224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3540.exe
      4⤵
      PID:3512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6878.exe
    3⤵
    PID:8400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1160.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1160.exe
    3⤵
    PID:12276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5110.exe
    3⤵
    PID:16956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45077.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45077.exe
    3⤵
    PID:12100
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2900.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2900.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30955.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30955.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8679.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
        5⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55457.exe
        6⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2440.exe
        7⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
        7⤵
        
        PID:16240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
        7⤵
        
        PID:16528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51894.exe
        6⤵
        
        PID:12060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38616.exe
        6⤵
        
        PID:15572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19492.exe
        6⤵
        
        PID:17156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52608.exe
        5⤵
        
        PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38238.exe
        5⤵
        
        PID:10304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63639.exe
        5⤵
        
        PID:15184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42866.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
      4⤵
      PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18638.exe
        5⤵
        
        PID:9532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59102.exe
        5⤵
        
        PID:14028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12092.exe
        5⤵
        
        PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31311.exe
      4⤵
      PID:8964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27573.exe
      4⤵
      PID:11656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1070.exe
      4⤵
      PID:17732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3494.exe
      4⤵
      PID:5232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25753.exe
      4⤵
      PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62945.exe
        5⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        6⤵
        
        PID:8840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39663.exe
        6⤵
        
        PID:14148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39046.exe
        6⤵
        
        PID:11896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40895.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53591.exe
        5⤵
        
        PID:13796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50629.exe
        5⤵
        
        PID:17380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28645.exe
        5⤵
        
        PID:10148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38414.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20832.exe
        5⤵
        
        PID:11984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
        5⤵
        
        PID:16340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53149.exe
        5⤵
        
        PID:17496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23022.exe
      4⤵
      PID:10336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63784.exe
      4⤵
      PID:14508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5876.exe
      4⤵
      PID:9712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55990.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55990.exe
    3⤵
    PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43361.exe
      4⤵
      PID:9104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54848.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36887.exe
      4⤵
      PID:17076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-685.exe
      4⤵
      PID:6524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46879.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46879.exe
    3⤵
    PID:9156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34205.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34205.exe
    3⤵
    PID:12936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10862.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10862.exe
    3⤵
    PID:16724
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12787.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12787.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59800.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59800.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25753.exe
      4⤵
      PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15769.exe
        5⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18520.exe
        6⤵
        
        PID:10752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44615.exe
        6⤵
        
        PID:14752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22012.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
        5⤵
        
        PID:9816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1453.exe
        5⤵
        
        PID:14132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51723.exe
        5⤵
        
        PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32078.exe
      4⤵
      PID:8144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13733.exe
      4⤵
      PID:10644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63639.exe
      4⤵
      PID:15176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42866.exe
      4⤵
      PID:6848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36670.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36670.exe
    3⤵
    PID:5716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56801.exe
      4⤵
      PID:7788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9863.exe
      4⤵
      PID:10404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41631.exe
      4⤵
      PID:15556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11132.exe
      4⤵
      PID:5296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29669.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29669.exe
    3⤵
    PID:7912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15631.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15631.exe
    3⤵
    PID:12260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
    3⤵
    PID:15600
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55824.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55824.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25753.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25753.exe
    3⤵
    PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6728.exe
      4⤵
      PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        5⤵
        
        PID:8612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40863.exe
        5⤵
        
        PID:15212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63629.exe
        5⤵
        
        PID:12196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24559.exe
      4⤵
      PID:9380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53591.exe
      4⤵
      PID:13780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35015.exe
      4⤵
      PID:17768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
      4⤵
      PID:4560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44720.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44720.exe
    3⤵
    PID:6804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37897.exe
      4⤵
      PID:10424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26695.exe
      4⤵
      PID:14608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30884.exe
      4⤵
      PID:12528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
    3⤵
    PID:10060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58814.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58814.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:15476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42485.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42485.exe
    3⤵
    PID:17732
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6719.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6719.exe
  2⤵
  PID:5936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
    3⤵
    PID:7776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18201.exe
      4⤵
      PID:12456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
      4⤵
      PID:16152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
      4⤵
      PID:17952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38399.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38399.exe
    3⤵
    PID:10760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60270.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60270.exe
    3⤵
    PID:15292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36934.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36934.exe
    3⤵
    PID:6844
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46901.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46901.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:7784
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46167.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46167.exe
  2⤵
  PID:12248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17815.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17815.exe
  2⤵
  PID:3616
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38734.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38734.exe
  2⤵
  PID:5104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5168 -ip 5168
1⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 5460 -ip 5460
1⤵
PID:11060

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12787.exe

Filesize
468KB

MD5
b8b0d7b1293e835db5d661da34c65ce9

SHA1
4102991e039c2fe1f62ba7f83930faa57f8fda13

SHA256
c691b1dac0915c82ecfd1f1933e0336a9f607121bd6f328b78eaa1af0c350990

SHA512
e82eeb0dabbfe0f987b81e5c41ead4d09a5caf1035df2f765dcfad25d2eb072f65ef947cb9a6c006e3c06387135e9ee8463f5153d7219b091fe6c68be0d1b325

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14234.exe

Filesize
468KB

MD5
e274c5e45babbec76e5c8512ca62e67d

SHA1
a90cf9e811151c4add3b736039710e407ab1932e

SHA256
00a43b00f11b9c35e9b7349e562656cb74743d35aae12b11c0175ae9e735d8b5

SHA512
df0779bc7ab964aad756ec39351b030aaf3e57c2fce0a80214b48b98dc3a48ccc707fbba82d86573d15a644eb22080ccd9dc2ef7a3ad1fb7f6b19a4157703d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21649.exe

Filesize
468KB

MD5
c159513ac4038487da9ef30a4e7fa4e4

SHA1
3a07ce71e8c7333700281ed206df096c7480ab0b

SHA256
39d4e539a79ccec81706842bef1345fc729f3f8a654500682219efb45e06edf6

SHA512
0a76f47647c0a5500663f306b64485a21b85ebc5955ef9036dde3a7856572ea1c10d66b1b9178fe00399505c24617a0dbf5277b60612c01c80cc65ee0f06e91a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22522.exe

Filesize
468KB

MD5
79904375414c720d19bfd7af4b7a8827

SHA1
614b022a86174fdc6263a3c0c730b7cf79f70ca6

SHA256
0771457321ee8a1c9cc8588e75b1aad42f012350148e0c161267ed8aab588fda

SHA512
a2c7d7916676fd1b913f4ae4d115beb9e837f5f80e945687247a48147c0537cfc74c6eb4946af2c807f1fe02971488c8dc1773d816f5633ff45a063f010b1f4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24707.exe

Filesize
468KB

MD5
ccf0543fc0f026ca461661d992efc1da

SHA1
493ccbb4ff19b4a1795227cc4a4b1fb0e346b77d

SHA256
006fd81116a8cfdfa568ce2732e3f771d4dc016f6c499fc60b58c23f62de16cf

SHA512
2be4738c75aeee520586a474f0b3528d69029bfe54fec23501223f38a8971b77949a53c4e3150823eb43c21e2051eabd5a2667a036a016d533a652f1402c2f75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25070.exe

Filesize
468KB

MD5
82461cabeae9a78e4f5b95148c59825a

SHA1
4c88df2e0a20105af0d834794fedd167ea494d0a

SHA256
773b632fd12eb11ba8fdca0c2d8af9b3d1a8ac835a88f12bfed59f290a06b6a6

SHA512
4545a154aa4c477c351bf3b95e7aec39b1f1475692150e44d757c3bec2f9064f4b9a385f43d64d895dbd3c9fd94bc245140d931d5d480534ae6794795d958132

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2900.exe

Filesize
468KB

MD5
a3ffdd1e79f85a1eb18837ed08c3e134

SHA1
5c5151cdc8bbccdbc305d6429217f14c8bcb0e92

SHA256
9009cfbcabfb96d8f99d94c4de71ec839a45e9f551a824ecae8efc115fa6c3f4

SHA512
8094154474e00ee574507004d2dbb8c79713afe1bc71a0996a39bd6e48e589bfcb2720ef8ffa795493216f0d63191a75fbf2249c931f7e9c5719dd5b3de24c38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29905.exe

Filesize
468KB

MD5
6f12c9c33fb957ba81c91976278f9f68

SHA1
d4633cffd436a32d3cdad760787b001eb4d0235f

SHA256
4e411ba542029859cc22a8b4c71d9367ad87e25f63820eff01e44671ca151718

SHA512
142f169765c94f57dcc9dbf19f7a56d82c12ec0d6e393ed28c7e9cfcf1586ea532b1538e1f1b0a690d7656754a7894934e153a345fe9b5e8a6b7ae1f3eb58fba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30379.exe

Filesize
468KB

MD5
df638797d9a24bfa4efb91ba2ac0cf0c

SHA1
d84da7a925357b4e6aac41db243e2971206df731

SHA256
ab0ca863ffa7ec49a16141ff8ddf6256a54f79a2e9d991d3b8cb0d72feee5afa

SHA512
e5b5626f1893ff78bc84efb08a5744fa577992ff3256247546d0be1c1ea81a74d40dac191cc427ee77cc68c3445b2695fe9bcbb806a772f443ccd67df1f3f22c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe

Filesize
468KB

MD5
fe15cad80d601b4c5b89b564d8302bf4

SHA1
f2d3969732f63f8cdc414177a952846b6a11a496

SHA256
c52677e5d96b05710df220cffb897114d69fb9b57ebc10e75b66ec0f3be90f74

SHA512
2cf1646767666513c3bea63836f0babf66320d124a08b00ded6fa2f6f5ae271bb7bf5aa23e38e6f46d8578949ef2dde9faafc599ab4dae1bf1f576f4d061e43a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30955.exe

Filesize
468KB

MD5
dea8e8616a0f8e62e78d4d5200822c56

SHA1
c8e07606af21f7f74d50a257ae3d751590a3b9e3

SHA256
50d0d747789c5f3f1fb883229cde99aa82054238d1e319b3d9adb6257d25676b

SHA512
38c18c4c8366df412e3ca40d69b6d8a8f50c3385413ccb1885f8ffb537480ea31c8bb46c502d618a6b49bb818873fcfa968237e44531f1c64e2964ff8e2a1fa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3165.exe

Filesize
468KB

MD5
64cf0df48cb0b789e1e41c55830302c7

SHA1
ea0a393af54a90bead37fcf8ce9e1fe97eca078c

SHA256
3646648b81de0bb83ddd3c582b3af7f3925501f958d5dfe0cfea83a2186f9bd4

SHA512
7db93973cc5b459ae5e4e2f88d45a0c173e5cdaf7d0b1896f2efaa6ac5ed3469fe06f3f1c1225f62450ccbd32bafbf1f2b44bf030cd2531c14de47795789dc53

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32608.exe

Filesize
468KB

MD5
61c5e10a62d1d6c487d55e0b2c1a8495

SHA1
5f80ca0cceb83937beb33bd8dbe068c35a36e9eb

SHA256
26ed7101a07c657fbf16c874a6a48da384bcf8ca13153b0a5b26f436a844ed81

SHA512
15d06b7153e12b96bd47c68a6aa336ebe870b05d87f752581842a6ab5622d098b65b395aba7ff9be95a122d6016018ed168c5453bcb071f92716b63a16673a6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe

Filesize
468KB

MD5
6fe6f3d0c8a395874f0d7a43e5417808

SHA1
50c1d1207fd2e79264063ce3a5fda297f9e954f9

SHA256
f8ec81c4765d4586a6776aeb76eed6165874d36c3358d9bd8234e110984e7284

SHA512
67d27c40a29035ce684a95b8c2fbd77f7669dec5a5d89d8da208eecd1bccdcc471f01ce9036735510cd6b230919af86504e549ce50424911441fa017b9ada769

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34912.exe

Filesize
468KB

MD5
2007f6f5b3e01da7f8c1b06b9368b5e8

SHA1
157f3e3490e16bd57f6ca9b3f97a424743d7f708

SHA256
bf51ba3747fb536b0b817ae127a613ffc90201a69acb714ef7eb7599bf321d6f

SHA512
b8e65435f829822974e7e9de0a699e5e349be21614fedbea84a5471d721f3f3fb7627e588d64e06fdd201d9da51f025a347a94a40968d8a28bc45032b46d7eb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35179.exe

Filesize
468KB

MD5
8c0893f1e5b786dbf60aa3ccfc3ef7d1

SHA1
b1471423242325dcb8baba7f0c8b7ec9a9ec605f

SHA256
32a789a75a4cb0be33740014288f9c3945a1999c61ecef39216acbadf87a6e54

SHA512
3529f9623add8c0946ea771958f46146d5f3c33c2118b0fdcbb208c411d274dfecb49edc3ee744c9d4b59500d20482bfaca59c467a231baefaaeb050fd2871cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39123.exe

Filesize
468KB

MD5
955074120546d57f24e3017d8b66e21e

SHA1
39f302c5e0f8e590646d418a71745c0a36fdddf0

SHA256
427281da50dc99af7b8292b3b571a41c856a5d3169e55730a6836ee89112535b

SHA512
d6fdfc84df897f636b513ceea68e67a6f169fd1b0f7e84bbc976404bdf9275d4fd44842648852349b1f5305928e1b84fceddb17d8c692f09758ffc1a231c1c05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40939.exe

Filesize
468KB

MD5
47b26e47100a26322e7ed5558dfefb6e

SHA1
ee00985aa5926a12563c82ec93c2bab7252ce2c5

SHA256
807c1782df18fa61dff1f855ae61d8d6a729faca0b80368a00b07db6481c4469

SHA512
dfc8ecc98045d5d987943df5cf08a8258c656fbe88a9f2c08d26641e054f603cd7993c172b7109e22b023d06819d9aac79a6db480cdda76b026817274ae4bb69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42075.exe

Filesize
468KB

MD5
1ee983fb87a6bb4344c7447def12fad8

SHA1
6a49eaa78179fb5e29de471810de0111d5c7b0c7

SHA256
0270b11c9a19eeebda20e7d54498bd6faffda56818163d716d17b434e4e3ab15

SHA512
8d8b5a8f042fc030b7cab6aa60f73a3cd30825841799828c1d987629f8ab44cf0a3859a31821bde70436253cd4e23083fba0e2d26a04cc7faae60b52cea98c80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42884.exe

Filesize
468KB

MD5
a471da935361e5b444e8900b8673075f

SHA1
a908947f7f6323595e57524a25f72e0d7de616cc

SHA256
04cf8a6d898fca870081e7fdd48e292ef52f4e61ae8b7c74a93c2b582596093d

SHA512
ffbf9999ed763eaf73e1e54b4426ff9d6faff8d9279f365a692eb437a2da281383873aab306726e2133b4509add27955e73d876a2eaed03d3ec978701273b650

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45459.exe

Filesize
468KB

MD5
9798ede0de07d19de27a864e21377b66

SHA1
c2a0d7285e62448946c50ccc1faf4d102d28fffb

SHA256
255fc9e02823776c47f78b45ac5d41aa8b43b596a3d75a0379228fd59e115f2a

SHA512
3554f79e26c9c701116bff7e4fd3bcb6efc4702bd0574c399dd7950530e1417224c834c16ca2eed6b34541c9fcf4337bc84f0ccbc1a183fe3e3d14ed0eb7dab7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4805.exe

Filesize
468KB

MD5
fca5158d5ff6a1ffacd764e319eb2a6a

SHA1
6d473b11d52f911fb95e4bb1169fe3c10754db05

SHA256
f643032ce29666329518ef693543d7066a962d2abfd438ebb84064c3aac88501

SHA512
565579c9e5e8cda6a06e3037ce6206eceb07d9ebd53abc43694b6da435855aa6a8b9e106766e345ca6497b71519639d33b8cdc93e4b3cd994688b7a651399686

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48837.exe

Filesize
468KB

MD5
e4acd7d4c273f9da7c69da21fc273f78

SHA1
2dde5ef723d5c9adcb8ad3e706b64e200de7da75

SHA256
4152c99d660037cf816e2f86e840cc0f433b78894801ac04feb228e7aa95c3fa

SHA512
a520cc6905d7835c494821f875ad901bf677536e3790068b0c4f83c88fdab4e17bb9fff9e730b795d28b2045e3442597a557b0d8a19b0178d6e3f4381c15d1f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe

Filesize
468KB

MD5
428dd284232b1f566127dea1a6ea92b5

SHA1
947ac47323be9a009a8e946df6f7fef93e61901f

SHA256
81c7f32b62dc1b09b35b0b191bcbc4fcf7ea09ac98053673c0672875bc44a8f5

SHA512
2583fa28e4860cc2b6b4bb119ab71ca2dcbc1d32feb2e8c6ebe873b3fab261606daa60d4b6c2bbff999b1907b12a68a887ed794f180faae5c24c005b3e2c1ee6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52677.exe

Filesize
468KB

MD5
d00fb3f33bb279c1515f9ece725c17d0

SHA1
e992b1d6a9c52e7463682f2a5de0fab01bb41201

SHA256
965898715d752cd2c11d56a5ed7e3d4d44c9960612dd061056ed9a54f525eef0

SHA512
ef74314f2aa5b9007d3e16549e559792b45107d271a9e17ddaa2c8f9de6ab07cb82072d269015b92f04d3302da9bd954df1471081b35bc1d74682340c71f8a2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55267.exe

Filesize
468KB

MD5
4245e874b1f916f1a8cc6fd8eff6f98d

SHA1
483af96a5dd48ce77b7f739b546a5b13b97d689f

SHA256
f08eab6feaef2c3eb2533e437defad1b1a23f3daab3def4e805bcd6c7c335bd5

SHA512
df21fb97880ba4543e5f960d141f963d7ebc9ddc03402068f8101be2b50d12445efe2f2fbd1698d511577edac84e6be981eb276226c64c879ff9e2db0b70b6ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60098.exe

Filesize
468KB

MD5
1ed8d182ce28e47dd5587b09b31801f0

SHA1
a0e076e5d8da316231e66ebfaa9d2a7144496b5f

SHA256
d0d131ad64a95ff65b1eb6f97f101f32c20878fa6a9c5867a58bd3d2f66d73f9

SHA512
d67ee55fcd20962a6c2f9929937f86e829e39e4a6d19b92ebf42be553cdac75aae707ffb7806d83627321a41089b375f39c9785ef5c28f355fbc663a388bf0dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe

Filesize
468KB

MD5
0a2cde39f7e36dbd96ea0803d76112c6

SHA1
2a50efc5b4f3f2e729f87e1a71cc56c0b00372f2

SHA256
5d2f11d0377c6d098f285f3287d9ad2815ea4c672b019f5207f86a9b2c612fb6

SHA512
18c5e34f5f3f92c0d344940005618d9f43f3a0a66a4f66571612df0d66d9d26289914e431fc8185f5bb95b50a480a7123fd9bd6cd92d3f6bb52000a2a8f0930a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61795.exe

Filesize
468KB

MD5
6b5d4ea95b2aa4b95911ef55b8543ead

SHA1
3ab3c13e160324402af000cb60779e6328cb76e4

SHA256
79d392e6053d391197d58f324d37289f5e85155d113cb796900ae20db440e542

SHA512
e24964a3aed2ab3f9f0e31489e07d9c39bf0e9b6b0bcbcff6a5f56968867d6e4821d8904d2486aba50629cb8e95e8262facbef654db933ee20fe34f5e39832c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62764.exe

Filesize
468KB

MD5
2daa57f25445616b94d8252407687478

SHA1
60d0f1f315e6ab41d9660f308079d02653fd0bd2

SHA256
87c4189ec6cae56ef018763d7b5d921120d89b247cefd01322a9535c85504fb6

SHA512
5911a9846b753f342be9135f9c2f7ce3d99bbdaccfb4420624b8047042ed4426df161c8fb5b69027194fe041c315ed4d4e106cf7fe357dcc75b9c7aee0ee764e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63629.exe

Filesize
468KB

MD5
ee2ba690d4e110ee7b249d5e8778bebb

SHA1
1e0403408debf77c6d4a3047c2568cfad336a75b

SHA256
b530bdebf75a605e9a6af92020ad2feb9bd9c72fabe75f699f445ed1e95bd452

SHA512
d38bb064c879af34fa9e760e9db2b665e49a718a64c8c8a5424ae0f747434efba1adf34d0d015251e4d3b0c3ee28c177c77e4bd26832201e61d575cff192d0ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe

Filesize
468KB

MD5
60b625ecbfec4584a37a959ae143d28f

SHA1
5ab3a187e93a622673e87189c88cba836f9dadea

SHA256
2fe1cc0d644d7499d6da0cecb2edbfc8325aae834aef4a7cb5bc15f73ae014b0

SHA512
ea8bf49e95e95fab44fc598848ceb1031589e3086090a1adfd8c90591b3ab22f030a93b42e2ff6ab940c5f8f72c02016f0e6f7583d399e6d2bd13869ffe33e24

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads