4d60ee8e365db8d351820741724d7a313d27fdc773a7042b61908fa4f6408a3b

Analysis

max time kernel
120s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 00:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d60ee8e365db8d351820741724d7a313d27fdc773a7042b61908fa4f6408a3bN.exe
Size

468KB
MD5

73e8c36bb10a7bd4f48f49cd4c6c8fa0
SHA1

6350303fa225efea13e2651738465e4f13b082ed
SHA256

4d60ee8e365db8d351820741724d7a313d27fdc773a7042b61908fa4f6408a3b
SHA512

75dd59b3001cf8834404aa38c0badcdc0caf00d19a73468756197ceedd043ac4e22b572c49282c686cd1d98681e9a833e46cbfe66fa1e49180a646b71faa29f2
SSDEEP

3072:vnCpovIwU85e5bYOPgc5Of8nE5R9NIXdlmHoxStd5F9wGh+anZlx:vnAoIUe5NPV5Of/2TI5F2W+an

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1652	Unicorn-64367.exe
4828	Unicorn-50757.exe
832	Unicorn-54742.exe
5068	Unicorn-12642.exe
2176	Unicorn-24441.exe
1400	Unicorn-10706.exe
884	Unicorn-12477.exe
2896	Unicorn-52823.exe
4024	Unicorn-41649.exe
1956	Unicorn-65132.exe
688	Unicorn-43866.exe
2020	Unicorn-44131.exe
736	Unicorn-19827.exe
2272	Unicorn-53858.exe
4864	Unicorn-59988.exe
1824	Unicorn-41294.exe
3720	Unicorn-39622.exe
2452	Unicorn-31554.exe
464	Unicorn-49762.exe
3956	Unicorn-64584.exe
1248	Unicorn-64584.exe
2316	Unicorn-33391.exe
3688	Unicorn-47200.exe
4372	Unicorn-27334.exe
4576	Unicorn-20048.exe
2520	Unicorn-448.exe
808	Unicorn-38270.exe
1080	Unicorn-23916.exe
2820	Unicorn-17485.exe
4988	Unicorn-63422.exe
4832	Unicorn-19070.exe
4976	Unicorn-43875.exe
3748	Unicorn-24009.exe
5040	Unicorn-58225.exe
4480	Unicorn-64355.exe
2912	Unicorn-57946.exe
3716	Unicorn-58211.exe
3272	Unicorn-17501.exe
4856	Unicorn-18636.exe
4204	Unicorn-57028.exe
2224	Unicorn-22597.exe
3756	Unicorn-64619.exe
2528	Unicorn-42327.exe
4948	Unicorn-44740.exe
2068	Unicorn-33635.exe
1184	Unicorn-33635.exe
3280	Unicorn-33635.exe
208	Unicorn-13925.exe
1076	Unicorn-33635.exe
4084	Unicorn-16338.exe
1584	Unicorn-30073.exe
3460	Unicorn-27273.exe
4956	Unicorn-10738.exe
1404	Unicorn-20434.exe
3644	Unicorn-61509.exe
1420	Unicorn-63922.exe
3800	Unicorn-18251.exe
632	Unicorn-18251.exe
2848	Unicorn-40543.exe
3904	Unicorn-37742.exe
3840	Unicorn-28241.exe
4424	Unicorn-42941.exe
4352	Unicorn-37704.exe
4840	Unicorn-43712.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
8652	5988	WerFault.exe	237
11368	10888	WerFault.exe	522
19224	9308	Process not Found	452

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29027.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57419.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7823.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62806.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65132.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34191.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21653.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15816.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1669.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46018.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30991.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7657.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63764.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57341.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48512.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65277.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14175.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22656.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31322.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65277.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43098.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56957.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64250.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-105.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59272.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31232.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33635.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15175.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3049.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40593.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11275.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4913.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2178.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	19748	dwm.exe
Token: SeChangeNotifyPrivilege	19748	dwm.exe
Token: 33	19748	dwm.exe
Token: SeIncBasePriorityPrivilege	19748	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5024	4d60ee8e365db8d351820741724d7a313d27fdc773a7042b61908fa4f6408a3bN.exe
1652	Unicorn-64367.exe
832	Unicorn-54742.exe
4828	Unicorn-50757.exe
5068	Unicorn-12642.exe
2176	Unicorn-24441.exe
1400	Unicorn-10706.exe
884	Unicorn-12477.exe
2896	Unicorn-52823.exe
4024	Unicorn-41649.exe
2020	Unicorn-44131.exe
688	Unicorn-43866.exe
1956	Unicorn-65132.exe
736	Unicorn-19827.exe
2272	Unicorn-53858.exe
4864	Unicorn-59988.exe
1824	Unicorn-41294.exe
3720	Unicorn-39622.exe
2452	Unicorn-31554.exe
464	Unicorn-49762.exe
3956	Unicorn-64584.exe
1248	Unicorn-64584.exe
4372	Unicorn-27334.exe
4576	Unicorn-20048.exe
3688	Unicorn-47200.exe
808	Unicorn-38270.exe
2316	Unicorn-33391.exe
2520	Unicorn-448.exe
1080	Unicorn-23916.exe
4988	Unicorn-63422.exe
2820	Unicorn-17485.exe
4832	Unicorn-19070.exe
4976	Unicorn-43875.exe
3748	Unicorn-24009.exe
4480	Unicorn-64355.exe
5040	Unicorn-58225.exe
2912	Unicorn-57946.exe
3272	Unicorn-17501.exe
3716	Unicorn-58211.exe
4856	Unicorn-18636.exe
4204	Unicorn-57028.exe
2224	Unicorn-22597.exe
3756	Unicorn-64619.exe
2068	Unicorn-33635.exe
2528	Unicorn-42327.exe
4948	Unicorn-44740.exe
3280	Unicorn-33635.exe
1184	Unicorn-33635.exe
208	Unicorn-13925.exe
1076	Unicorn-33635.exe
4084	Unicorn-16338.exe
4956	Unicorn-10738.exe
3460	Unicorn-27273.exe
1584	Unicorn-30073.exe
1404	Unicorn-20434.exe
3644	Unicorn-61509.exe
1420	Unicorn-63922.exe
3800	Unicorn-18251.exe
2848	Unicorn-40543.exe
632	Unicorn-18251.exe
3904	Unicorn-37742.exe
3840	Unicorn-28241.exe
4424	Unicorn-42941.exe
4840	Unicorn-43712.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5024 wrote to memory of 1652	5024	4d60ee8e365db8d351820741724d7a313d27fdc773a7042b61908fa4f6408a3bN.exe	82
PID 5024 wrote to memory of 1652	5024	4d60ee8e365db8d351820741724d7a313d27fdc773a7042b61908fa4f6408a3bN.exe	82
PID 5024 wrote to memory of 1652	5024	4d60ee8e365db8d351820741724d7a313d27fdc773a7042b61908fa4f6408a3bN.exe	82
PID 1652 wrote to memory of 4828	1652	Unicorn-64367.exe	83
PID 1652 wrote to memory of 4828	1652	Unicorn-64367.exe	83
PID 1652 wrote to memory of 4828	1652	Unicorn-64367.exe	83
PID 5024 wrote to memory of 832	5024	4d60ee8e365db8d351820741724d7a313d27fdc773a7042b61908fa4f6408a3bN.exe	84
PID 5024 wrote to memory of 832	5024	4d60ee8e365db8d351820741724d7a313d27fdc773a7042b61908fa4f6408a3bN.exe	84
PID 5024 wrote to memory of 832	5024	4d60ee8e365db8d351820741724d7a313d27fdc773a7042b61908fa4f6408a3bN.exe	84
PID 832 wrote to memory of 5068	832	Unicorn-54742.exe	85
PID 832 wrote to memory of 5068	832	Unicorn-54742.exe	85
PID 832 wrote to memory of 5068	832	Unicorn-54742.exe	85
PID 5024 wrote to memory of 2176	5024	4d60ee8e365db8d351820741724d7a313d27fdc773a7042b61908fa4f6408a3bN.exe	86
PID 5024 wrote to memory of 2176	5024	4d60ee8e365db8d351820741724d7a313d27fdc773a7042b61908fa4f6408a3bN.exe	86
PID 5024 wrote to memory of 2176	5024	4d60ee8e365db8d351820741724d7a313d27fdc773a7042b61908fa4f6408a3bN.exe	86
PID 1652 wrote to memory of 1400	1652	Unicorn-64367.exe	87
PID 1652 wrote to memory of 1400	1652	Unicorn-64367.exe	87
PID 1652 wrote to memory of 1400	1652	Unicorn-64367.exe	87
PID 4828 wrote to memory of 884	4828	Unicorn-50757.exe	88
PID 4828 wrote to memory of 884	4828	Unicorn-50757.exe	88
PID 4828 wrote to memory of 884	4828	Unicorn-50757.exe	88
PID 5068 wrote to memory of 2896	5068	Unicorn-12642.exe	91
PID 5068 wrote to memory of 2896	5068	Unicorn-12642.exe	91
PID 5068 wrote to memory of 2896	5068	Unicorn-12642.exe	91
PID 832 wrote to memory of 4024	832	Unicorn-54742.exe	92
PID 832 wrote to memory of 4024	832	Unicorn-54742.exe	92
PID 832 wrote to memory of 4024	832	Unicorn-54742.exe	92
PID 2176 wrote to memory of 1956	2176	Unicorn-24441.exe	93
PID 2176 wrote to memory of 1956	2176	Unicorn-24441.exe	93
PID 2176 wrote to memory of 1956	2176	Unicorn-24441.exe	93
PID 5024 wrote to memory of 688	5024	4d60ee8e365db8d351820741724d7a313d27fdc773a7042b61908fa4f6408a3bN.exe	94
PID 5024 wrote to memory of 688	5024	4d60ee8e365db8d351820741724d7a313d27fdc773a7042b61908fa4f6408a3bN.exe	94
PID 5024 wrote to memory of 688	5024	4d60ee8e365db8d351820741724d7a313d27fdc773a7042b61908fa4f6408a3bN.exe	94
PID 1400 wrote to memory of 2020	1400	Unicorn-10706.exe	95
PID 1400 wrote to memory of 2020	1400	Unicorn-10706.exe	95
PID 1400 wrote to memory of 2020	1400	Unicorn-10706.exe	95
PID 1652 wrote to memory of 736	1652	Unicorn-64367.exe	96
PID 1652 wrote to memory of 736	1652	Unicorn-64367.exe	96
PID 1652 wrote to memory of 736	1652	Unicorn-64367.exe	96
PID 4828 wrote to memory of 2272	4828	Unicorn-50757.exe	99
PID 4828 wrote to memory of 2272	4828	Unicorn-50757.exe	99
PID 4828 wrote to memory of 2272	4828	Unicorn-50757.exe	99
PID 884 wrote to memory of 4864	884	Unicorn-12477.exe	100
PID 884 wrote to memory of 4864	884	Unicorn-12477.exe	100
PID 884 wrote to memory of 4864	884	Unicorn-12477.exe	100
PID 2896 wrote to memory of 1824	2896	Unicorn-52823.exe	101
PID 2896 wrote to memory of 1824	2896	Unicorn-52823.exe	101
PID 2896 wrote to memory of 1824	2896	Unicorn-52823.exe	101
PID 5068 wrote to memory of 3720	5068	Unicorn-12642.exe	102
PID 5068 wrote to memory of 3720	5068	Unicorn-12642.exe	102
PID 5068 wrote to memory of 3720	5068	Unicorn-12642.exe	102
PID 4024 wrote to memory of 2452	4024	Unicorn-41649.exe	103
PID 4024 wrote to memory of 2452	4024	Unicorn-41649.exe	103
PID 4024 wrote to memory of 2452	4024	Unicorn-41649.exe	103
PID 832 wrote to memory of 464	832	Unicorn-54742.exe	104
PID 832 wrote to memory of 464	832	Unicorn-54742.exe	104
PID 832 wrote to memory of 464	832	Unicorn-54742.exe	104
PID 2020 wrote to memory of 1248	2020	Unicorn-44131.exe	105
PID 688 wrote to memory of 3956	688	Unicorn-43866.exe	106
PID 2020 wrote to memory of 1248	2020	Unicorn-44131.exe	105
PID 2020 wrote to memory of 1248	2020	Unicorn-44131.exe	105
PID 688 wrote to memory of 3956	688	Unicorn-43866.exe	106
PID 688 wrote to memory of 3956	688	Unicorn-43866.exe	106
PID 1956 wrote to memory of 2316	1956	Unicorn-65132.exe	107

C:\Users\Admin\AppData\Local\Temp\4d60ee8e365db8d351820741724d7a313d27fdc773a7042b61908fa4f6408a3bN.exe
"C:\Users\Admin\AppData\Local\Temp\4d60ee8e365db8d351820741724d7a313d27fdc773a7042b61908fa4f6408a3bN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5024
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64367.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64367.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50757.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50757.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59988.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20434.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        7⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        8⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57981.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42086.exe
        9⤵
        
        PID:13968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53715.exe
        9⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
        8⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13447.exe
        8⤵
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18786.exe
        8⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17779.exe
        7⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2309.exe
        8⤵
        
        PID:13356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58273.exe
        7⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
        7⤵
        
        PID:1128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52054.exe
        6⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        7⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18176.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20463.exe
        8⤵
        
        PID:11896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35152.exe
        8⤵
        
        PID:18172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30709.exe
        7⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
        7⤵
        
        PID:14564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59652.exe
        7⤵
        
        PID:18556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3315.exe
        6⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11275.exe
        7⤵
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48717.exe
        7⤵
        
        PID:18436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
        6⤵
        
        PID:11696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14324.exe
        6⤵
        
        PID:16212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4442.exe
        6⤵
        
        PID:20232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18251.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33608.exe
        7⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20352.exe
        8⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        9⤵
        
        PID:13240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49196.exe
        9⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43665.exe
        8⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3980.exe
        8⤵
        
        PID:17068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
        7⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2309.exe
        8⤵
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18835.exe
        7⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51718.exe
        7⤵
        
        PID:16792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57833.exe
        7⤵
        
        PID:17844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-704.exe
        6⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60687.exe
        7⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46479.exe
        8⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50938.exe
        9⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4913.exe
        9⤵
        
        PID:18940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18537.exe
        8⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13846.exe
        8⤵
        
        PID:15364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39993.exe
        8⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40163.exe
        7⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56317.exe
        8⤵
        
        PID:15436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48717.exe
        8⤵
        
        PID:18548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12042.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        7⤵
        
        PID:16596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46688.exe
        7⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42769.exe
        6⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29065.exe
        7⤵
        
        PID:13884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60978.exe
        7⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9590.exe
        6⤵
        
        PID:10892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53293.exe
        6⤵
        
        PID:16152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39797.exe
        6⤵
        
        PID:17716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40543.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60232.exe
        6⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21251.exe
        7⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57981.exe
        8⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42086.exe
        8⤵
        
        PID:14156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65277.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:18208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
        7⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28003.exe
        7⤵
        
        PID:18008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38898.exe
        6⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33152.exe
        7⤵
        
        PID:15624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2505.exe
        7⤵
        
        PID:18508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29075.exe
        6⤵
        
        PID:10976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
        6⤵
        
        PID:16304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38627.exe
        6⤵
        
        PID:17684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57419.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
        6⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21245.exe
        7⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32117.exe
        7⤵
        
        PID:16824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-216.exe
        7⤵
        
        PID:19740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        6⤵
        
        PID:11780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28131.exe
        6⤵
        
        PID:16800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35738.exe
        5⤵
        
        PID:8540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
        6⤵
        
        PID:16764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44428.exe
        5⤵
        
        PID:12028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52636.exe
        5⤵
        
        PID:1220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53858.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23916.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61509.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46944.exe
        7⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27657.exe
        8⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8456.exe
        9⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34025.exe
        9⤵
        
        PID:13548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16600.exe
        9⤵
        
        PID:17756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32623.exe
        8⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53629.exe
        8⤵
        
        PID:16084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15967.exe
        8⤵
        
        PID:18496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35177.exe
        7⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32384.exe
        8⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23449.exe
        8⤵
        
        PID:15748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46018.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41364.exe
        7⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26743.exe
        7⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59652.exe
        7⤵
        
        PID:18564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3752.exe
        6⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16256.exe
        7⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
        8⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64365.exe
        9⤵
        
        PID:12724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
        9⤵
        
        PID:20152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63844.exe
        8⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
        8⤵
        
        PID:16676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43363.exe
        8⤵
        
        PID:18404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65264.exe
        7⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63107.exe
        8⤵
        
        PID:13076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        8⤵
        
        PID:18732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11920.exe
        7⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24764.exe
        7⤵
        
        PID:18148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9738.exe
        6⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41693.exe
        7⤵
        
        PID:17808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3970.exe
        6⤵
        
        PID:10936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53293.exe
        6⤵
        
        PID:16140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55027.exe
        6⤵
        
        PID:19196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63922.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43348.exe
        6⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        7⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27907.exe
        8⤵
        
        PID:12888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53042.exe
        8⤵
        
        PID:17656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
        7⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34951.exe
        7⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38374.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24803.exe
        6⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18191.exe
        7⤵
        
        PID:15488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33454.exe
        7⤵
        
        PID:18540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29943.exe
        6⤵
        
        PID:13436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6376.exe
        6⤵
        
        PID:19460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28525.exe
        5⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16250.exe
        7⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46661.exe
        8⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39379.exe
        7⤵
        
        PID:14732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        6⤵
        
        PID:12116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
        6⤵
        
        PID:16836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44404.exe
        5⤵
        
        PID:8612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1047.exe
        5⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4683.exe
        5⤵
        
        PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17485.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18251.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59482.exe
        6⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        7⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57981.exe
        8⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        8⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16600.exe
        8⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
        7⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
        7⤵
        
        PID:13660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe
        7⤵
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49252.exe
        6⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-653.exe
        6⤵
        
        PID:11116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22537.exe
        6⤵
        
        PID:13700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-704.exe
        5⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        6⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46092.exe
        7⤵
        
        PID:14472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48425.exe
        7⤵
        
        PID:19124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        6⤵
        
        PID:11752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44768.exe
        6⤵
        
        PID:17004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38539.exe
        5⤵
        
        PID:8588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4092.exe
        5⤵
        
        PID:11588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
        5⤵
        
        PID:536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37742.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe
        5⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
        6⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8456.exe
        7⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9973.exe
        7⤵
        
        PID:14308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36084.exe
        7⤵
        
        PID:19368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53729.exe
        6⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        7⤵
        
        PID:20476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37137.exe
        6⤵
        
        PID:14608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
        6⤵
        
        PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48115.exe
        5⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
        6⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        6⤵
        
        PID:12896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        6⤵
        
        PID:18356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5148.exe
        5⤵
        
        PID:10156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43127.exe
        5⤵
        
        PID:14020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37123.exe
        5⤵
        
        PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60641.exe
      4⤵
      PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8587.exe
        5⤵
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2059.exe
        6⤵
        
        PID:13216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
        6⤵
        
        PID:19572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12170.exe
        5⤵
        
        PID:11492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40047.exe
        5⤵
        
        PID:16872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9906.exe
      4⤵
      PID:8204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        5⤵
        
        PID:13208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58412.exe
        5⤵
        
        PID:18428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51230.exe
      4⤵
      PID:11140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32872.exe
      4⤵
      PID:1776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10706.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10706.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44131.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64584.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58211.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50242.exe
        7⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
        8⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
        9⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52458.exe
        9⤵
        
        PID:12408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41975.exe
        9⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63216.exe
        8⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54929.exe
        8⤵
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56508.exe
        8⤵
        
        PID:17932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63213.exe
        7⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 644
        8⤵
        Program crash
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26905.exe
        7⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15356.exe
        7⤵
        
        PID:12640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34944.exe
        7⤵
        
        PID:17544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47559.exe
        6⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18566.exe
        7⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3580.exe
        8⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11275.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:13856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        9⤵
        
        PID:18740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        8⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23362.exe
        8⤵
        
        PID:15412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51690.exe
        7⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24460.exe
        8⤵
        
        PID:16016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15022.exe
        8⤵
        
        PID:19008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4997.exe
        7⤵
        
        PID:13340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22656.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
        6⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
        7⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46838.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
        7⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
        6⤵
        
        PID:7180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52129.exe
        6⤵
        
        PID:13640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
        6⤵
        
        PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18636.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41327.exe
        6⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20227.exe
        7⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
        8⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16867.exe
        8⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6610.exe
        8⤵
        
        PID:18384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30709.exe
        7⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exe
        8⤵
        
        PID:12532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33064.exe
        8⤵
        
        PID:20144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
        7⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41699.exe
        7⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58355.exe
        6⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17914.exe
        7⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60400.exe
        7⤵
        
        PID:13988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        7⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13840.exe
        6⤵
        
        PID:9592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19312.exe
        6⤵
        
        PID:15064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
        6⤵
        
        PID:18420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15189.exe
        5⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        6⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        7⤵
        
        PID:13176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26834.exe
        7⤵
        
        PID:16892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
        6⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9337.exe
        7⤵
        
        PID:15612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39369.exe
        7⤵
        
        PID:20024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13447.exe
        6⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14523.exe
        6⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3315.exe
        5⤵
        
        PID:7504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63390.exe
        5⤵
        
        PID:11204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60048.exe
        5⤵
        
        PID:15380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60673.exe
        5⤵
        
        PID:19192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27334.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22597.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61807.exe
        6⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        7⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57341.exe
        8⤵
        
        PID:14468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5577.exe
        8⤵
        
        PID:18684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
        7⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13447.exe
        7⤵
        
        PID:15276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53055.exe
        7⤵
        
        PID:17708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13673.exe
        6⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22540.exe
        7⤵
        
        PID:11812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23762.exe
        7⤵
        
        PID:18392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        6⤵
        
        PID:12756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4335.exe
        6⤵
        
        PID:20164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49607.exe
        5⤵
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43142.exe
        6⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33667.exe
        7⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50029.exe
        7⤵
        
        PID:11644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52560.exe
        7⤵
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        6⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17667.exe
        7⤵
        
        PID:15752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45645.exe
        7⤵
        
        PID:18964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18957.exe
        6⤵
        
        PID:12384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24764.exe
        6⤵
        
        PID:18160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28819.exe
        5⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54537.exe
        6⤵
        
        PID:9584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53485.exe
        6⤵
        
        PID:15192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
        6⤵
        
        PID:1864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40865.exe
        5⤵
        
        PID:11560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55538.exe
        5⤵
        
        PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64619.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2887.exe
        5⤵
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
        6⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52361.exe
        7⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        7⤵
        
        PID:18192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59272.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-380.exe
        6⤵
        
        PID:15692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44390.exe
        6⤵
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48115.exe
        5⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        6⤵
        
        PID:16916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
        6⤵
        
        PID:1104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49530.exe
        5⤵
        
        PID:11524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26583.exe
        5⤵
        
        PID:3336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
      4⤵
      PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        5⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41728.exe
        6⤵
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
        6⤵
        
        PID:11488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
        6⤵
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
        5⤵
        
        PID:15152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
        5⤵
        
        PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
      4⤵
      PID:7660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45065.exe
      4⤵
      PID:7172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23855.exe
      4⤵
      PID:12388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57857.exe
      4⤵
      PID:16812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19827.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19827.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47200.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42327.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21320.exe
        6⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        7⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11400.exe
        8⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        8⤵
        
        PID:13508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65277.exe
        8⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51830.exe
        7⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4630.exe
        7⤵
        
        PID:14668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29631.exe
        7⤵
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49252.exe
        6⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13826.exe
        7⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44144.exe
        7⤵
        
        PID:15108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16600.exe
        7⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46458.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13794.exe
        6⤵
        
        PID:16248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18388.exe
        6⤵
        
        PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36270.exe
        5⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21876.exe
        6⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57981.exe
        7⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2309.exe
        8⤵
        
        PID:13456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60978.exe
        8⤵
        
        PID:19500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42086.exe
        7⤵
        
        PID:13960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65277.exe
        7⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64118.exe
        6⤵
        
        PID:9968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53629.exe
        6⤵
        
        PID:16068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61453.exe
        6⤵
        
        PID:19028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9738.exe
        5⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29292.exe
        6⤵
        
        PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57642.exe
        5⤵
        
        PID:11616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43649.exe
        5⤵
        
        PID:8920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44740.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15175.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29568.exe
        6⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30991.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-645.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50518.exe
        8⤵
        
        PID:18980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        7⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        7⤵
        
        PID:17148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55054.exe
        6⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11275.exe
        7⤵
        
        PID:13984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31564.exe
        7⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58746.exe
        6⤵
        
        PID:13064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
        6⤵
        
        PID:20220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30944.exe
        5⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17914.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53732.exe
        6⤵
        
        PID:14096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65277.exe
        6⤵
        
        PID:18380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13840.exe
        5⤵
        
        PID:752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43127.exe
        5⤵
        
        PID:15132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
        5⤵
        
        PID:5456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
      4⤵
      PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1032.exe
        5⤵
        
        PID:7356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52455.exe
        5⤵
        
        PID:10532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33802.exe
        5⤵
        
        PID:16528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        5⤵
        
        PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13865.exe
      4⤵
      PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-261.exe
        5⤵
        
        PID:13284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29739.exe
        5⤵
        
        PID:19208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50049.exe
      4⤵
      PID:10528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28786.exe
      4⤵
      PID:17568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33635.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10079.exe
        5⤵
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        6⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8456.exe
        7⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        7⤵
        
        PID:11996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31600.exe
        7⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
        6⤵
        
        PID:9712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
        6⤵
        
        PID:15100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10296.exe
        6⤵
        
        PID:18012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49252.exe
        5⤵
        
        PID:7480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48512.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
        6⤵
        
        PID:17556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        5⤵
        
        PID:12768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15051.exe
        5⤵
        
        PID:20200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11221.exe
      4⤵
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21876.exe
        5⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        6⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        7⤵
        
        PID:16900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11618.exe
        7⤵
        
        PID:19556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20585.exe
        6⤵
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        6⤵
        
        PID:16832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47840.exe
        6⤵
        
        PID:16944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56310.exe
        5⤵
        
        PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62621.exe
        5⤵
        
        PID:12060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63295.exe
        5⤵
        
        PID:18252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64922.exe
      4⤵
      PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        5⤵
        
        PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34292.exe
      4⤵
      PID:10780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35098.exe
      4⤵
      PID:15832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
      4⤵
      PID:18628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27273.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27273.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7392.exe
      4⤵
      PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46848.exe
        5⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17423.exe
        6⤵
        
        PID:9596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe
        6⤵
        
        PID:15080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        6⤵
        
        PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33897.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13846.exe
        5⤵
        
        PID:16328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14690.exe
        5⤵
        
        PID:19164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26905.exe
      4⤵
      PID:8996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        5⤵
        
        PID:14316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60978.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:19492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31267.exe
      4⤵
      PID:13596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
      4⤵
      PID:18260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59093.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59093.exe
    3⤵
    PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
      4⤵
      PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        5⤵
        
        PID:16888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62822.exe
        5⤵
        
        PID:15816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
      4⤵
      PID:9492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13447.exe
      4⤵
      PID:15284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
      4⤵
      PID:18144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25139.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25139.exe
    3⤵
    PID:7632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
      4⤵
      PID:13200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65449.exe
      4⤵
      PID:4568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7823.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7823.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:11020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50247.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50247.exe
    3⤵
    PID:15392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46354.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46354.exe
    3⤵
    PID:19644
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54742.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54742.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12642.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12642.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52823.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41294.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19070.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25666.exe
        8⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        9⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11275.exe
        10⤵
        
        PID:13684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62806.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:18528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        9⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        9⤵
        
        PID:17092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24803.exe
        8⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53891.exe
        9⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:18876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11811.exe
        8⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3049.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:18472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53953.exe
        7⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
        8⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1669.exe
        9⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58826.exe
        9⤵
        
        PID:19112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43665.exe
        8⤵
        
        PID:11840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
        8⤵
        
        PID:16720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12176.exe
        7⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46661.exe
        8⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15359.exe
        7⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43053.exe
        7⤵
        
        PID:16936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1135.exe
        7⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42941.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25666.exe
        7⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55930.exe
        8⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43665.exe
        8⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34275.exe
        8⤵
        
        PID:16276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7657.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60157.exe
        8⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44144.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17148.exe
        8⤵
        
        PID:18448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38417.exe
        7⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19711.exe
        7⤵
        
        PID:15520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51213.exe
        7⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7247.exe
        6⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        7⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19721.exe
        8⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-111.exe
        8⤵
        
        PID:16376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-880.exe
        8⤵
        
        PID:19216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17888.exe
        7⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13846.exe
        7⤵
        
        PID:16368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
        7⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57505.exe
        6⤵
        
        PID:9132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        6⤵
        
        PID:13068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55160.exe
        6⤵
        
        PID:18264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32608.exe
        6⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63855.exe
        7⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34191.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40451.exe
        9⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32117.exe
        9⤵
        
        PID:16944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56957.exe
        9⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
        8⤵
        
        PID:10888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10888 -s 412
        9⤵
        Program crash
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-272.exe
        8⤵
        
        PID:15180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64450.exe
        8⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5933.exe
        7⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64250.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4913.exe
        8⤵
        
        PID:18932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23577.exe
        7⤵
        
        PID:12364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25059.exe
        7⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10988.exe
        6⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        7⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        8⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23762.exe
        8⤵
        
        PID:18372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25351.exe
        7⤵
        
        PID:11648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        7⤵
        
        PID:17144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65425.exe
        6⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32908.exe
        7⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40320.exe
        8⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36276.exe
        8⤵
        
        PID:19672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44144.exe
        7⤵
        
        PID:13520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38653.exe
        7⤵
        
        PID:8932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41734.exe
        6⤵
        
        PID:10224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11046.exe
        6⤵
        
        PID:15456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55271.exe
        6⤵
        
        PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29025.exe
        5⤵
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64078.exe
        6⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52096.exe
        7⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11275.exe
        8⤵
        
        PID:13628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        8⤵
        
        PID:18868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        7⤵
        
        PID:12108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48712.exe
        7⤵
        
        PID:16920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55054.exe
        6⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38534.exe
        7⤵
        
        PID:16276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57052.exe
        7⤵
        
        PID:18036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11141.exe
        6⤵
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37730.exe
        6⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15103.exe
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20352.exe
        6⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8834.exe
        7⤵
        
        PID:12344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6601.exe
        7⤵
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14691.exe
        6⤵
        
        PID:10836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37899.exe
        6⤵
        
        PID:15852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27586.exe
        6⤵
        
        PID:18724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18592.exe
        5⤵
        
        PID:8088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15481.exe
        6⤵
        
        PID:15396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5577.exe
        6⤵
        
        PID:18692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21653.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64563.exe
        5⤵
        
        PID:16708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50912.exe
        5⤵
        
        PID:19520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39622.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37704.exe
        6⤵
        Executes dropped EXE
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1089.exe
        7⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61312.exe
        8⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57981.exe
        9⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        9⤵
        
        PID:13664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65277.exe
        9⤵
        
        PID:18140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12518.exe
        8⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37262.exe
        8⤵
        
        PID:15208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24931.exe
        8⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
        7⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50938.exe
        8⤵
        
        PID:13604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15022.exe
        8⤵
        
        PID:19036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61437.exe
        7⤵
        
        PID:13404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6376.exe
        7⤵
        
        PID:19536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34472.exe
        6⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        7⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50938.exe
        8⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15022.exe
        8⤵
        
        PID:19044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65414.exe
        7⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3849.exe
        7⤵
        
        PID:20460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65425.exe
        6⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63110.exe
        7⤵
        
        PID:15664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4913.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:18948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49530.exe
        6⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12413.exe
        6⤵
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2137.exe
        6⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        7⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64365.exe
        8⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
        8⤵
        
        PID:20032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        7⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29408.exe
        7⤵
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24803.exe
        6⤵
        
        PID:8564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11811.exe
        6⤵
        
        PID:14360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6121.exe
        6⤵
        
        PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49256.exe
        5⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        6⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57341.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45267.exe
        7⤵
        
        PID:18076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25351.exe
        6⤵
        
        PID:11656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34275.exe
        6⤵
        
        PID:16340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57505.exe
        5⤵
        
        PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43285.exe
        5⤵
        
        PID:12228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7957.exe
        5⤵
        
        PID:5444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20320.exe
        5⤵
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54338.exe
        6⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13320.exe
        7⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36730.exe
        8⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32117.exe
        8⤵
        
        PID:16924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61526.exe
        8⤵
        
        PID:17996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2927.exe
        7⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41620.exe
        7⤵
        
        PID:16160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14690.exe
        7⤵
        
        PID:19184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51690.exe
        6⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10997.exe
        7⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-880.exe
        7⤵
        
        PID:19176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43665.exe
        6⤵
        
        PID:11476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2408.exe
        6⤵
        
        PID:16208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
        5⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19590.exe
        6⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        7⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23526.exe
        7⤵
        
        PID:15252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27635.exe
        7⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        6⤵
        
        PID:12176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
        6⤵
        
        PID:16888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49917.exe
        5⤵
        
        PID:8948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
        5⤵
        
        PID:12204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15816.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:18184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13910.exe
      4⤵
      PID:724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42255.exe
        5⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3580.exe
        6⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37903.exe
        7⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32117.exe
        7⤵
        
        PID:16812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57808.exe
        7⤵
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        6⤵
        
        PID:11764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22460.exe
        6⤵
        
        PID:16228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37855.exe
        6⤵
        
        PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16742.exe
        5⤵
        
        PID:9000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3228.exe
        5⤵
        
        PID:13144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51007.exe
        5⤵
        
        PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13344.exe
      4⤵
      PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46848.exe
        5⤵
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11275.exe
        6⤵
        
        PID:13636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3413.exe
        6⤵
        
        PID:18484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        5⤵
        
        PID:12692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7570.exe
      4⤵
      PID:8448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7221.exe
      4⤵
      PID:12620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38749.exe
      4⤵
      PID:17520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41649.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41649.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31554.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33635.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2887.exe
        6⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21876.exe
        7⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19962.exe
        8⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63844.exe
        8⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
        8⤵
        
        PID:16716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
        8⤵
        
        PID:17872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13170.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50938.exe
        8⤵
        
        PID:13900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9491.exe
        7⤵
        
        PID:12916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56258.exe
        7⤵
        
        PID:18060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51187.exe
        6⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
        7⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55146.exe
        7⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3708.exe
        7⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49530.exe
        6⤵
        
        PID:11464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62323.exe
        6⤵
        
        PID:16740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39322.exe
        5⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34191.exe
        6⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11275.exe
        7⤵
        
        PID:13736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32269.exe
        6⤵
        
        PID:12296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64322.exe
        6⤵
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58502.exe
        5⤵
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46092.exe
        6⤵
        
        PID:14496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:18884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63393.exe
        5⤵
        
        PID:12416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57554.exe
        5⤵
        
        PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29052.exe
      4⤵
      PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
        5⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55436.exe
        6⤵
        
        PID:9600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
        6⤵
        
        PID:11980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65277.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:18168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53729.exe
        5⤵
        
        PID:10000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53629.exe
        5⤵
        
        PID:16076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61453.exe
        5⤵
        
        PID:19020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2178.exe
      4⤵
      PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17423.exe
        5⤵
        
        PID:7960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23449.exe
        5⤵
        
        PID:14876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55353.exe
        5⤵
        
        PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38564.exe
      4⤵
      PID:10744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1542.exe
      4⤵
      PID:15788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50421.exe
      4⤵
      PID:18852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49762.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49762.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64355.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29012.exe
        5⤵
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54338.exe
        6⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        7⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3214.exe
        8⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26834.exe
        8⤵
        
        PID:13704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        7⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48712.exe
        7⤵
        
        PID:16756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51690.exe
        6⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34005.exe
        7⤵
        
        PID:508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7324.exe
        6⤵
        
        PID:11408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58684.exe
        6⤵
        
        PID:19980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35988.exe
        5⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59267.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        6⤵
        
        PID:13556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65277.exe
        6⤵
        
        PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4720.exe
        5⤵
        
        PID:9940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
        5⤵
        
        PID:14408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2802.exe
        5⤵
        
        PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-454.exe
      4⤵
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43098.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1032.exe
        6⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13826.exe
        7⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23526.exe
        7⤵
        
        PID:15268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65277.exe
        7⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        6⤵
        
        PID:12136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
        6⤵
        
        PID:16716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51690.exe
        5⤵
        
        PID:8464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46092.exe
        6⤵
        
        PID:14488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43665.exe
        5⤵
        
        PID:11820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
        5⤵
        
        PID:16912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14858.exe
      4⤵
      PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46351.exe
        5⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50938.exe
        6⤵
        
        PID:13336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4913.exe
        6⤵
        
        PID:18996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        5⤵
        
        PID:12168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48712.exe
        5⤵
        
        PID:17100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57505.exe
      4⤵
      PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32745.exe
        5⤵
        
        PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51478.exe
      4⤵
      PID:13188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57946.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57946.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14175.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-895.exe
        5⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1032.exe
        6⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27514.exe
        7⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32117.exe
        7⤵
        
        PID:16872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48467.exe
        7⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52455.exe
        6⤵
        
        PID:10436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        6⤵
        
        PID:16788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24803.exe
        5⤵
        
        PID:8572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63764.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22883.exe
        5⤵
        
        PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13298.exe
      4⤵
      PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27234.exe
        5⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46092.exe
        6⤵
        
        PID:14480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62806.exe
        6⤵
        
        PID:18520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        5⤵
        
        PID:11772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22460.exe
        5⤵
        
        PID:16040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
        5⤵
        
        PID:19228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65425.exe
      4⤵
      PID:8488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49530.exe
      4⤵
      PID:11516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6002.exe
      4⤵
      PID:17080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41312.exe
    3⤵
    PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20227.exe
      4⤵
      PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34191.exe
        5⤵
        
        PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42089.exe
        5⤵
        
        PID:10488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43543.exe
        5⤵
        
        PID:16484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46018.exe
        5⤵
        
        PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38901.exe
      4⤵
      PID:8072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28054.exe
      4⤵
      PID:11512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40291.exe
      4⤵
      PID:17704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
    3⤵
    PID:6892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11570.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11570.exe
    3⤵
    PID:9416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34078.exe
    3⤵
    PID:15144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58785.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58785.exe
    3⤵
    PID:5320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24441.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24441.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65132.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65132.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33391.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17501.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41327.exe
        6⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14844.exe
        7⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        8⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38528.exe
        9⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27122.exe
        9⤵
        
        PID:13568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
        9⤵
        
        PID:18092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        8⤵
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
        8⤵
        
        PID:16876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48356.exe
        7⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21245.exe
        8⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32117.exe
        8⤵
        
        PID:16780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-216.exe
        8⤵
        
        PID:19244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32269.exe
        7⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29027.exe
        7⤵
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44656.exe
        6⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-508.exe
        7⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6601.exe
        8⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40593.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22460.exe
        7⤵
        
        PID:16012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12169.exe
        7⤵
        
        PID:19152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65425.exe
        6⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11275.exe
        7⤵
        
        PID:13712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5032.exe
        7⤵
        
        PID:18068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26371.exe
        6⤵
        
        PID:12324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48739.exe
        6⤵
        
        PID:16796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
        5⤵
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5890.exe
        6⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11528.exe
        7⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        7⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
        7⤵
        
        PID:18248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
        6⤵
        
        PID:9488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
        6⤵
        
        PID:15168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe
        6⤵
        
        PID:18412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27408.exe
        5⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19721.exe
        6⤵
        
        PID:11252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-111.exe
        6⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27635.exe
        6⤵
        
        PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37489.exe
        5⤵
        
        PID:11052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        5⤵
        
        PID:16348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57028.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21320.exe
        5⤵
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        6⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8456.exe
        7⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        7⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        7⤵
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
        6⤵
        
        PID:9528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13447.exe
        6⤵
        
        PID:15056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31322.exe
        6⤵
        
        PID:17992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36622.exe
        5⤵
        
        PID:8888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7045.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39523.exe
        5⤵
        
        PID:16264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24956.exe
      4⤵
      PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53882.exe
        5⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22927.exe
        6⤵
        
        PID:9576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53732.exe
        6⤵
        
        PID:14104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        6⤵
        
        PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12518.exe
        5⤵
        
        PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37262.exe
        5⤵
        
        PID:15124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23362.exe
        5⤵
        
        PID:16464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
      4⤵
      PID:7824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29187.exe
        5⤵
        
        PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
        5⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        5⤵
        
        PID:5360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44833.exe
      4⤵
      PID:9372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30613.exe
      4⤵
      PID:15428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20891.exe
      4⤵
      PID:3636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-448.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-448.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33635.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21320.exe
        5⤵
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13183.exe
        6⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61315.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32227.exe
        7⤵
        
        PID:13292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52858.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:18212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3299.exe
        6⤵
        
        PID:8424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
        6⤵
        
        PID:14580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
        6⤵
        
        PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50663.exe
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        6⤵
        
        PID:16856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6081.exe
        6⤵
        
        PID:19732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28426.exe
        5⤵
        
        PID:10804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43764.exe
        5⤵
        
        PID:15844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59652.exe
        5⤵
        
        PID:18572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48559.exe
      4⤵
      PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        5⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
        6⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45318.exe
        7⤵
        
        PID:13620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        7⤵
        
        PID:18712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63844.exe
        6⤵
        
        PID:10824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
        6⤵
        
        PID:16728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40669.exe
        6⤵
        
        PID:18920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41449.exe
        5⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27907.exe
        6⤵
        
        PID:11368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        6⤵
        
        PID:18860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60573.exe
        5⤵
        
        PID:12452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11201.exe
        5⤵
        
        PID:1948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31891.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        5⤵
        
        PID:10724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32117.exe
        5⤵
        
        PID:16840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60029.exe
        5⤵
        
        PID:3084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31767.exe
      4⤵
      PID:11576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40577.exe
      4⤵
      PID:16884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30073.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30073.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31310.exe
      4⤵
      PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21876.exe
        5⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2053.exe
        6⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20651.exe
        7⤵
        
        PID:20112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55152.exe
        6⤵
        
        PID:11160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50909.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13170.exe
        5⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27907.exe
        6⤵
        
        PID:14300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        6⤵
        
        PID:17632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18957.exe
        5⤵
        
        PID:12428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41017.exe
        5⤵
        
        PID:18196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
      4⤵
      PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        5⤵
        
        PID:16864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
        5⤵
        
        PID:17012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63642.exe
      4⤵
      PID:10944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55290.exe
      4⤵
      PID:16288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52106.exe
      4⤵
      PID:17580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36521.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36521.exe
    3⤵
    PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1032.exe
      4⤵
      PID:7376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        5⤵
        
        PID:16880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
        5⤵
        
        PID:16044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
      4⤵
      PID:11796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64221.exe
      4⤵
      PID:1224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62867.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62867.exe
    3⤵
    PID:8640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7033.exe
      4⤵
      PID:10284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53485.exe
      4⤵
      PID:15200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
      4⤵
      PID:17956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54704.exe
    3⤵
    PID:10172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55582.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55582.exe
    3⤵
    PID:15412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25472.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25472.exe
    3⤵
    PID:17644
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43866.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43866.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64584.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64584.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13925.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57184.exe
        5⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53882.exe
        6⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
        7⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1806.exe
        8⤵
        
        PID:16556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
        8⤵
        
        PID:17532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        7⤵
        
        PID:11572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65277.exe
        7⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
        6⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37262.exe
        6⤵
        
        PID:15216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31322.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58593.exe
        5⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17423.exe
        6⤵
        
        PID:10208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23526.exe
        6⤵
        
        PID:15260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51539.exe
        6⤵
        
        PID:17040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56974.exe
        5⤵
        
        PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39175.exe
        5⤵
        
        PID:13696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64693.exe
      4⤵
      PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56957.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        7⤵
        
        PID:16908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        7⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18037.exe
        6⤵
        
        PID:9188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        6⤵
        
        PID:16804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35775.exe
        6⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28899.exe
        5⤵
        
        PID:9112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        6⤵
        
        PID:16848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47840.exe
        6⤵
        
        PID:17056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18957.exe
        5⤵
        
        PID:11972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25309.exe
        5⤵
        
        PID:18104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1409.exe
      4⤵
      PID:7196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57642.exe
      4⤵
      PID:11608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12943.exe
      4⤵
      PID:4992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7392.exe
      4⤵
      PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1032.exe
        5⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-961.exe
        6⤵
        
        PID:17820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52455.exe
        5⤵
        
        PID:11212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13846.exe
        5⤵
        
        PID:16340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29027.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49917.exe
      4⤵
      PID:9036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40615.exe
      4⤵
      PID:13228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12891.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12891.exe
    3⤵
    PID:5296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
      4⤵
      PID:6256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57981.exe
        5⤵
        
        PID:9672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        5⤵
        
        PID:12092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        5⤵
        
        PID:18096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25830.exe
      4⤵
      PID:9848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36890.exe
      4⤵
      PID:14432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45411.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2178.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2178.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1413.exe
      4⤵
      PID:9408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44144.exe
      4⤵
      PID:15236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
      4⤵
      PID:16244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24329.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24329.exe
    3⤵
    PID:11544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18174.exe
    3⤵
    PID:17084
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38270.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38270.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33635.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33635.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10079.exe
      4⤵
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27657.exe
        5⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2946.exe
        6⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61043.exe
        6⤵
        
        PID:13540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        6⤵
        
        PID:18100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59873.exe
        5⤵
        
        PID:9880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42103.exe
        5⤵
        
        PID:15468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47843.exe
        5⤵
        
        PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50663.exe
      4⤵
      PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44154.exe
        5⤵
        
        PID:15688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
        5⤵
        
        PID:17984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28426.exe
      4⤵
      PID:10812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36748.exe
        5⤵
        
        PID:15528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5577.exe
        5⤵
        
        PID:18700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43764.exe
      4⤵
      PID:15824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59652.exe
      4⤵
      PID:18460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39322.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39322.exe
    3⤵
    PID:5856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64259.exe
      4⤵
      PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26639.exe
        5⤵
        
        PID:9220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
        5⤵
        
        PID:14676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23408.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14691.exe
      4⤵
      PID:10844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37899.exe
      4⤵
      PID:15876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
      4⤵
      PID:5464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
    3⤵
    PID:6412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1669.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55507.exe
      4⤵
      PID:17884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38189.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38189.exe
    3⤵
    PID:11112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17539.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17539.exe
    3⤵
    PID:16588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53362.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53362.exe
    3⤵
    PID:9460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31087.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31087.exe
    3⤵
    PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
      4⤵
      PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
        5⤵
        
        PID:7432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48362.exe
        5⤵
        
        PID:12292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
        5⤵
        
        PID:20084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30709.exe
      4⤵
      PID:9184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11789.exe
      4⤵
      PID:13572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe
      4⤵
      PID:6040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49252.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49252.exe
    3⤵
    PID:7528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21245.exe
      4⤵
      PID:11028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22265.exe
      4⤵
      PID:16976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31623.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31623.exe
    3⤵
    PID:11040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
    3⤵
    PID:16360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61929.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61929.exe
    3⤵
    PID:14736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10621.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10621.exe
  2⤵
  PID:5308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27657.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27657.exe
    3⤵
    PID:6272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19200.exe
      4⤵
      PID:8600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9099.exe
        5⤵
        
        PID:16176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51411.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:18468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
      4⤵
      PID:13844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
      4⤵
      PID:5668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41315.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41315.exe
    3⤵
    PID:9816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42103.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42103.exe
    3⤵
    PID:15460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
    3⤵
    PID:4916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40597.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40597.exe
  2⤵
  PID:6700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52074.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52074.exe
    3⤵
    PID:15324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13299.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13299.exe
    3⤵
    PID:18240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64828.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64828.exe
  2⤵
  PID:10788
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12963.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12963.exe
  2⤵
  PID:15864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19.exe
  2⤵
  PID:18896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5988 -ip 5988
1⤵
PID:9180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 10888 -ip 10888
1⤵
PID:10312

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:19748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10706.exe

Filesize
468KB

MD5
2735e0d8d51fe631ad853c1be676238c

SHA1
69dd89668f5b883fab267c19411ea1feb1845aed

SHA256
18fc7a756ac74491e9fc9ee91d202d42e6201bb2d31341ee66a5decd588c919e

SHA512
4dc5fe1b2066473eee94b16b4cc009b96e9439ae6cb0f236866ca85017b000e462b6e75465d12fc500d8556c1ee0e43b22f4ee3d24cd38ced9ce38fe1a857323

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe

Filesize
468KB

MD5
c4ce7ddfc6a6d253139c0c123403ae00

SHA1
9bc3fb143dc2cf87f8e9665daddf43a3b9986f05

SHA256
a72b274ec096fd7b493726e4dbee08ef6a40ffb4c0ef1ec3ce5f42bff3c9401d

SHA512
0fcdf8662f6f6adaecb24d2f821bc1043f37395a861928210c7b7d70c0f5543d89abfb586135de20163fa36832c71b136a7b490409157d6daa02efa7d2e0b5c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12642.exe

Filesize
468KB

MD5
0b2ab67b397782cb6ddebcc118f68099

SHA1
a2fa38fb19d35c59d17cd5040d00df24be1b32a8

SHA256
7a604b9bc7330c2a4e62e3ff390234559f54fd48b7fe4709917c481a9c9190f2

SHA512
7757df7a6b51d0290adafc21d6596a546214554ba77f1e5703a947291bf6ddff13602096d7fa256d273f585055958d84d278d8549b5d5b90587cb78e3f247489

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17485.exe

Filesize
468KB

MD5
800f7538af0db23a076c70370e297460

SHA1
6497e8561ad7025465f8a8e2bb665c49c404f349

SHA256
52773c1058230666061cc563250babd0bcd68dee83dbc2a0221e14338230691e

SHA512
44e1ced2e76af091be20a537685afc5d8d7a1ed3a03fc889da1747bed6f8fbec8d9ba5d7e5b48221f322d9dcdeb02cd5ada613902f27728e52d51140d056f38a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19070.exe

Filesize
468KB

MD5
99770b2882cedb4c66d399ad092770d9

SHA1
3c89ded4c8875ff36cdc0d72e41ed67c9f4767f5

SHA256
054282798ddfbc84a5506c653d82266919cf0378a2120242e8ffd251819336a7

SHA512
e1a7e86c00211ac8b5f21038919748ed46409cdd9f46a1090e8e39fad98dd39312f4743efa9451f0985274b1109927be2b664c1b51eb73ada8f0db0b797e52cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19827.exe

Filesize
468KB

MD5
10703ee79ba8d207194de57ac60bedcd

SHA1
36552a24c8da813d45d962ce16a4038f721e3ae0

SHA256
4d3c3a7b626a2ec288777e83c9d8793e0e55ea8481f6900d6f42edfa7bede0c3

SHA512
a5530c7d1e4b1ffb12b6bc5027f2c4e96a58da728e878fe78f4bbf8726ec753d8a70a29d8ea629a3d323f145289c2742434c7f166798b9f145b0276973b5dde6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe

Filesize
468KB

MD5
d969a38743df77467b595820af1f6f33

SHA1
09480d7f21ab438f8725fa50cc403265d96e6200

SHA256
44ae3fc0b7b2dea07df60923a6381cc76adad8a2ad4cb5673669a34722027226

SHA512
22b1c259f3f8040c27a59f116c012d6aae61c19accd50ec01cd89e87e484153435b451f491e29e1bea243b110eb3b114e88385ae265cc970fa536f8f2f2626e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23916.exe

Filesize
468KB

MD5
8f26ee0545c6d340718d0b02af84898f

SHA1
d5551fb11ac36b491b21dd7feb9fe4b2f8d5e6df

SHA256
07d61686426827d2ddb61a64f80a1e87943191f4da0635c1f118b5fc7de0a62a

SHA512
a87bace91ca3d05371ae5c0ee76aea974669dc18bb75f2a69e1b89f4321b204e7821313e9a30a7f99c8ee41ede418efdd5fcc124ea559bfa2886fc25e438a18b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24441.exe

Filesize
468KB

MD5
7241b500b8148f41fe7000d74592437c

SHA1
e3089230595fa3076e5910239992b19468919eca

SHA256
4c4b7d4cb89d1fbbbcec7ceb985734dcee0add93d40a5290cc627159b13584ba

SHA512
368cff12ae6e04f1196c09eb54412385805476e06c3b7ee1fbea86979be0a7069abbc87fc2bcfb4e055e68bc82eeb07a0ce23470ee5a1c4e91660034f0eeb691

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27334.exe

Filesize
468KB

MD5
09f2dd03378faf888f3722296a1b4940

SHA1
9d393faceda3a2663441f7b57ba4fcacfcdff456

SHA256
156f33525dd0ebf2d068328a8abf0f1a35399a6df500ff0d2651dcdc2c85dd7c

SHA512
cf88cd83ea52ce64f83892f0a0595a139d6744dc4c1a6701ab93c417fed5c497444575621040a13789e82288c8a3aa497fa31d08a143d72160f8ebfc61fb5777

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31554.exe

Filesize
468KB

MD5
27737f8536c4f4cbf7a68d93f4bb9d48

SHA1
1e51b69e603899cf46b2a8967108c044dfe98517

SHA256
d4f461f43f30e4c52d6d30b197f81fcb248f4a92ef75a31b8ff3e3a8430ba4d7

SHA512
5565a92c090e22bcd073b915a74f90c0ef659cb11af460fb14a1a74d5544d56e21b340741d8b012db2e5ddd7947896e4ea33c92e08f1db51fab4d7373302cb4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33391.exe

Filesize
468KB

MD5
c80fed7839aeb0b41fd9368aed62bc6a

SHA1
36d1d66c12f0754fb5db38ce2bbd6f055b43ad36

SHA256
a6a3873af3efc30a09aaa837f77624b8013661e7a877baf9292335ad5df48fcc

SHA512
2417bbd9886b9f9f2eac3d503b13260c46f7934fa90a7afadc8af0d5247266c237f38fbd3d3ca6e03cd2baefa4bfe6cda6dec58e8d343446ca35014af85bd02c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38270.exe

Filesize
468KB

MD5
529c5344899cec1629940637e42aa617

SHA1
92b4972458e613a9ff15104155b84132fd8cafb4

SHA256
78a9b06ae083268a41db84c299ba4248b39ecf8cf4bd1631d557b999bbee5a5f

SHA512
3c88f655eced951c2cc361765c03b9617f188dfbb25da0b83ed7d9ba0f5212a3a5a26b097583bf36bc7cf24e7fa7831054a2724ca1f926e8769837b2d8ff9e5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39622.exe

Filesize
468KB

MD5
f31050c4df0455c6931fa291fe6dd59e

SHA1
06aac12f9f9d6591854cb5a061d74e9e9904bc12

SHA256
f471e340bc117325eb810e0a2390493d7cbfe396f11c2d9a85fc9f2c397b037d

SHA512
fe28c4107b21df121ca78ff76184cbee83fbf9a60b8de5afb952fa0f32a44b0df1bb4a23d62fa23499dec7c554e86a8dea62d168a69604d09a87633ec2f634ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41294.exe

Filesize
468KB

MD5
b3afdad320b16281583981f860128de5

SHA1
87b3fc4a236bf5d0d943596bf3f7000855ec468e

SHA256
bf3d052ec74bcadb3a821b990f502f86baf575a7ce7ff00d13fcb5768598b062

SHA512
96dd7cab66af26e0318f22703568d5b9d109f4e32e103a5dcef8c7a424c1d6a67fd1922c1ae1a5ebc04df517c0936b508ac6a9ffbbbe004cd6956bba2ba4ee57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41649.exe

Filesize
468KB

MD5
8ca9d952ab901fb61ee37e68226a1fb6

SHA1
aee105ffac07d3d0b6c3c0253f6cd3a48c8d7bb5

SHA256
1d386deae680ab4d9c6c3e02a94fd9c1168ddce119c758665e131044ac8d1619

SHA512
a033a104f8f93cf11a50ac5fda2f382bf434fb33a4bb537df692c48208d4e9ef0cba4aef7ea84332b13afc43e0bd2020db211320348a5e65968f8fe60ff99368

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43866.exe

Filesize
468KB

MD5
289db2c559d9c4f6aff5dd7e810c1195

SHA1
ab9c9ce85a0a8de91d47cc6615075247780824c7

SHA256
8439098015c06c934b7f62c84c57ef006e1067f0958ae41c1e423a793f454c01

SHA512
2f8c43a8f3f461c464b150086ade4aebcc1ba87f3321286ffce358c8cf3615bc78bec22de00adc4c0b71b552b420908d89fbfacc6f90541b8af7b70bf450d6d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44131.exe

Filesize
468KB

MD5
33a58fc87b76cb50f7ab6fc37ceaf594

SHA1
65b9c62faef92ea72db08774be8b6b946311a7c1

SHA256
c94e322de93a78db88df4fbafcbfdb552f1372a1f2daa8cce07a0e128739bf13

SHA512
7ad18b2b054e91d84d0b7109648fc8ff8b13333577250a23b6ed3cc13c301b70481db54bf8db2a6b6473d27b1a8d35c888c85688b433896f98006109a40c85b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-448.exe

Filesize
468KB

MD5
a0721c4f8ae0c207d9746cfa59c45b9d

SHA1
d40b118392ea11b9135c564d0a3982fcac855e18

SHA256
12bf0aabb2a9a71c1ce03e2a020c220cb8606a5ab204bec23a3fe2a07921ec9c

SHA512
30b4d5da690830b8d258540f06802db687d67c76ae4c719d977b417f1b520e683175cd2a52edabf5ec1d1793fbf29aac555558f765b5f6bcd5896848007fc838

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47200.exe

Filesize
468KB

MD5
41f9519dceb16ec3140ccb62d856e9de

SHA1
ad7d7ca89bb043924cc096b4854e622571bd83a7

SHA256
7238c22bbe5166c21e21cf1d06c3bdbb94ded7572b5369f9cf17206d9bad8e0d

SHA512
cb19f9eb0ec07e26ba42258b4b53eb36101e2f0647fcc75d922e090d7a6f30caf7a22d768b72e03ca4d58917895cdbb239b56213dc50c627f84acbd7b19495d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49762.exe

Filesize
468KB

MD5
ab0fa2782b8612593d0a1c62471dde14

SHA1
d2746ceabbc77d0c3fc52c19abab0fa3f37ca908

SHA256
118dc7faeb1b6ad3d875df865b0dc3a9f40600246075700717d927f32bf3dc76

SHA512
c9b99b2a83258a56f47f4275a44f6c42a33407445ce10bccb1a899b67fb5b123544228904c1968b5e9dc743efe197bcbec0f8f508daa3d5a7b9461e89dfff268

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50757.exe

Filesize
468KB

MD5
1238437c93b4f32cd513a574d808be12

SHA1
715b9dc161b63d2a9334449ab6ba662893b2bc4d

SHA256
5cf0cdb370418ca10f9232dbfd59c5cb9a72ddfc2e0fea6821af2c20e3a9c782

SHA512
1dd46b6147d560346bf6484dea737848f840f6642902009f7d7f7b58d2414db143e9dd983fc8b08ffac628be3fbfaf0da0dcd27aa5125a4a86c4a4335952c7a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52823.exe

Filesize
468KB

MD5
52c264dca4480590a28bb7172129b798

SHA1
ced71b5dd8c982bd9716333a1493ba4a3002a356

SHA256
50fa86f72df20bbadbaa18c2d58f4487626e883aec88baf4a0e818e3b076f6ce

SHA512
cda103f0d22a77f0e5729a44e4f6c261b413ed5e3b9f0ccb65c3e0b9318d844d895b7188659f5ea8e2537fda8d21f46f6aa262b6c0e9a2d05b6e36e8ba90bb9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53858.exe

Filesize
468KB

MD5
8af26e693e1ced00947d1a2213a774e1

SHA1
feab7ba29ecc2797a3bf44b68935f26a43cefd7e

SHA256
630d8f35cd9d9b37624ee7d1bb824ff73d15247f2d1c17ef5b2027e04ec27fa3

SHA512
62b4af765c2876fa5eba4b94b3e6686cc1359681e16fd47d75562876444aa6166644e0f82bee5f395e7703e11bc5df264c13ab0a9c66ca766f8a2d2a28a674e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54742.exe

Filesize
468KB

MD5
d8231acb52de62a2ade739df7bdc485e

SHA1
1bb47a2d70f60a3738b1b8fd8f3208bc87245c32

SHA256
dabacbe5fd8bfbce16bd94524e5d49142946a6a34d8e3f822064d1243e7cd801

SHA512
cd2e3ce6b02e3f63c32e81b516c02d0cbdfa62aa23e72efbc2541dc6ef261ac8e54aa62f0c02ad3e0f6b8fa35a407ae9b80283f3a55947b8be477e417712ccf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59988.exe

Filesize
468KB

MD5
861f96ea25ee65f0af68485cfde1e8ce

SHA1
a9cb15c049c5bc2f24737f25910f27388f266480

SHA256
e186766fabe89595a2adff5efab4701930bcd9c1952d1017165e19cab9445389

SHA512
5ad796f57b396fe7f223d5a93d737d7ca53b163c0a3f272183272ae5ea33f0d544055b86fe47d1bff09e4992f989135170474d0b506467295b53943b8b7d0d77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe

Filesize
468KB

MD5
e03105f51eacae7e4724e4408fe9ad4f

SHA1
5680affa88773dab66918b04ccd64e5d829413af

SHA256
7bee3570f6a55ba7b01f86847e2deecdbe597c1599889939d5c93e33e177c32f

SHA512
ab35594036b42f1291d26d6d8e09fdfa2938d347f05e2bef0337e59eaf12ebe9d41e2d67e121d042b0eaf3122de60d034e36a4cc1a0420edd66ab809809b4e6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64367.exe

Filesize
468KB

MD5
83ff27c06c16a9abe11cc0a13fa37572

SHA1
b4305d3d1b86de0ecda5b708d7f9254dfe71e69d

SHA256
892f728d416aa462209dce5f6acece0a4497fa4217a7ee7996656ce1aa6e617e

SHA512
3caae358c580a5f64f80c6ae5c5da28c7adc46aa659efe88611548bdbe4a76509c5722ae2e30f3dc7f018b5ccfa9fe80a448748437b8343640606fe7e247e11f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64584.exe

Filesize
468KB

MD5
0f11af94f825985b28b4b4442c229194

SHA1
a75486bdbccca212589040630dd8a46765a19b7a

SHA256
23445cfaddadfd09483acff409c6206f2d3c5e4801139b22a6989cbb8cb70e58

SHA512
3a47cca284bd7dee52767cc3e6fe634025a10daab3dae939537c80f5eb4705f1f02b830789592d96a341d3a113a2417dfa8a8600c43bcb30d06ad6b65f0463e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65132.exe

Filesize
468KB

MD5
98438f9092dee2685eb59b1e1eb74280

SHA1
0eec27e90f4a945b8519be63fcbe44903aed7670

SHA256
b49df50800486bc38dc579703741c027d3b78db833a2b18b4275ba3c0684b7fa

SHA512
59193332d863c973eefa17b3139d6c1e1d21c0be6f9cff54acb9eb9145f6de17cc3e41fbc67427613a0468208a0667048a33662a12a8b25d013592e44710baf4

Download Submit
memory/4024-2395-0x0000000076940000-0x0000000076A13000-memory.dmp

Filesize
844KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads