22dcb40db5eca7364dffe6df201608a17397eae5533622be5ed22185df16ff2d

Analysis

max time kernel
118s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2024, 08:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22dcb40db5eca7364dffe6df201608a17397eae5533622be5ed22185df16ff2dN.exe
Size

468KB
MD5

5d5508cc5894c3c4e4ecb382010e36f0
SHA1

da78224bf03dd88c30495983c3968aaa0561ef30
SHA256

22dcb40db5eca7364dffe6df201608a17397eae5533622be5ed22185df16ff2d
SHA512

cbd139ff01015070be7a5468b90158a5eaa360681ab6c08fdf9963ab9f8a62d005c15d6ebf8624d5066446910245fb3a5e334dc0651b8efbf8326a97b580335f
SSDEEP

3072:N6qCowlCI03YtbY7PzcjNfT/rChZ4Ipvn1HCBVLvs0Fp5mpNGGlJ:N6Xo2OYtIP4jNfr083s0zApNG

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1068	Unicorn-38770.exe
3412	Unicorn-56868.exe
2924	Unicorn-35933.exe
1432	Unicorn-50039.exe
1508	Unicorn-46702.exe
2728	Unicorn-60437.exe
4400	Unicorn-14325.exe
3724	Unicorn-41591.exe
2848	Unicorn-38253.exe
4048	Unicorn-43821.exe
3352	Unicorn-58119.exe
4464	Unicorn-485.exe
5052	Unicorn-51399.exe
1444	Unicorn-37101.exe
3900	Unicorn-14045.exe
400	Unicorn-52935.exe
1556	Unicorn-61103.exe
2944	Unicorn-41237.exe
2628	Unicorn-20263.exe
3628	Unicorn-3926.exe
1616	Unicorn-52365.exe
2296	Unicorn-49598.exe
2592	Unicorn-3661.exe
5032	Unicorn-4620.exe
2460	Unicorn-63023.exe
4260	Unicorn-14014.exe
2276	Unicorn-59878.exe
3400	Unicorn-13941.exe
4936	Unicorn-22567.exe
536	Unicorn-32772.exe
2072	Unicorn-33749.exe
2212	Unicorn-54767.exe
4816	Unicorn-38623.exe
1712	Unicorn-38358.exe
3864	Unicorn-54959.exe
3292	Unicorn-30455.exe
1084	Unicorn-32684.exe
2896	Unicorn-38815.exe
2680	Unicorn-43453.exe
2828	Unicorn-12012.exe
2640	Unicorn-45639.exe
3084	Unicorn-58446.exe
1968	Unicorn-20943.exe
4604	Unicorn-4798.exe
3300	Unicorn-4798.exe
1788	Unicorn-9437.exe
4368	Unicorn-20365.exe
4704	Unicorn-33941.exe
2556	Unicorn-39701.exe
4104	Unicorn-49863.exe
3016	Unicorn-17191.exe
740	Unicorn-54694.exe
1160	Unicorn-43925.exe
1752	Unicorn-50055.exe
2020	Unicorn-53350.exe
1992	Unicorn-40543.exe
4008	Unicorn-40543.exe
4980	Unicorn-65047.exe
4220	Unicorn-48638.exe
2376	Unicorn-48141.exe
636	Unicorn-8062.exe
1596	Unicorn-42965.exe
4508	Unicorn-37205.exe
4392	Unicorn-55447.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
5240	17044	WerFault.exe	828
448	3696	WerFault.exe	901
5696	7620	WerFault.exe	313

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29286.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41789.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13108.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8708.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45030.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4293.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48141.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41677.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4677.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43719.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37822.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56639.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7782.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43925.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25597.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22924.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-916.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6636.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7590.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10453.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24223.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43439.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1870.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52742.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40166.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28861.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19548.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23021.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50022.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41957.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50062.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58446.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50055.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44134.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47590.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13686.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41014.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54173.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45383.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2412	svchost.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	760	dwm.exe
Token: SeChangeNotifyPrivilege	760	dwm.exe
Token: 33	760	dwm.exe
Token: SeIncBasePriorityPrivilege	760	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1624	22dcb40db5eca7364dffe6df201608a17397eae5533622be5ed22185df16ff2dN.exe
1068	Unicorn-38770.exe
3412	Unicorn-56868.exe
2924	Unicorn-35933.exe
1432	Unicorn-50039.exe
1508	Unicorn-46702.exe
2728	Unicorn-60437.exe
4400	Unicorn-14325.exe
3724	Unicorn-41591.exe
3352	Unicorn-58119.exe
2848	Unicorn-38253.exe
4464	Unicorn-485.exe
4048	Unicorn-43821.exe
5052	Unicorn-51399.exe
1444	Unicorn-37101.exe
3900	Unicorn-14045.exe
400	Unicorn-52935.exe
2944	Unicorn-41237.exe
1556	Unicorn-61103.exe
1616	Unicorn-52365.exe
5032	Unicorn-4620.exe
2628	Unicorn-20263.exe
3628	Unicorn-3926.exe
2296	Unicorn-49598.exe
2592	Unicorn-3661.exe
2460	Unicorn-63023.exe
4260	Unicorn-14014.exe
2276	Unicorn-59878.exe
3400	Unicorn-13941.exe
536	Unicorn-32772.exe
4936	Unicorn-22567.exe
2072	Unicorn-33749.exe
2212	Unicorn-54767.exe
1712	Unicorn-38358.exe
4816	Unicorn-38623.exe
3864	Unicorn-54959.exe
3292	Unicorn-30455.exe
2896	Unicorn-38815.exe
2680	Unicorn-43453.exe
1084	Unicorn-32684.exe
2640	Unicorn-45639.exe
3300	Unicorn-4798.exe
2828	Unicorn-12012.exe
4604	Unicorn-4798.exe
1788	Unicorn-9437.exe
4704	Unicorn-33941.exe
1968	Unicorn-20943.exe
4368	Unicorn-20365.exe
2556	Unicorn-39701.exe
3084	Unicorn-58446.exe
4104	Unicorn-49863.exe
3016	Unicorn-17191.exe
740	Unicorn-54694.exe
1160	Unicorn-43925.exe
1752	Unicorn-50055.exe
2020	Unicorn-53350.exe
1992	Unicorn-40543.exe
4008	Unicorn-40543.exe
4980	Unicorn-65047.exe
4508	Unicorn-37205.exe
1596	Unicorn-42965.exe
2376	Unicorn-48141.exe
636	Unicorn-8062.exe
4220	Unicorn-48638.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 1068	1624	22dcb40db5eca7364dffe6df201608a17397eae5533622be5ed22185df16ff2dN.exe	82
PID 1624 wrote to memory of 1068	1624	22dcb40db5eca7364dffe6df201608a17397eae5533622be5ed22185df16ff2dN.exe	82
PID 1624 wrote to memory of 1068	1624	22dcb40db5eca7364dffe6df201608a17397eae5533622be5ed22185df16ff2dN.exe	82
PID 1068 wrote to memory of 3412	1068	Unicorn-38770.exe	87
PID 1068 wrote to memory of 3412	1068	Unicorn-38770.exe	87
PID 1068 wrote to memory of 3412	1068	Unicorn-38770.exe	87
PID 1624 wrote to memory of 2924	1624	22dcb40db5eca7364dffe6df201608a17397eae5533622be5ed22185df16ff2dN.exe	88
PID 1624 wrote to memory of 2924	1624	22dcb40db5eca7364dffe6df201608a17397eae5533622be5ed22185df16ff2dN.exe	88
PID 1624 wrote to memory of 2924	1624	22dcb40db5eca7364dffe6df201608a17397eae5533622be5ed22185df16ff2dN.exe	88
PID 3412 wrote to memory of 1432	3412	Unicorn-56868.exe	90
PID 3412 wrote to memory of 1432	3412	Unicorn-56868.exe	90
PID 3412 wrote to memory of 1432	3412	Unicorn-56868.exe	90
PID 1624 wrote to memory of 2728	1624	22dcb40db5eca7364dffe6df201608a17397eae5533622be5ed22185df16ff2dN.exe	91
PID 1624 wrote to memory of 2728	1624	22dcb40db5eca7364dffe6df201608a17397eae5533622be5ed22185df16ff2dN.exe	91
PID 1624 wrote to memory of 2728	1624	22dcb40db5eca7364dffe6df201608a17397eae5533622be5ed22185df16ff2dN.exe	91
PID 1068 wrote to memory of 1508	1068	Unicorn-38770.exe	92
PID 1068 wrote to memory of 1508	1068	Unicorn-38770.exe	92
PID 1068 wrote to memory of 1508	1068	Unicorn-38770.exe	92
PID 2924 wrote to memory of 4400	2924	Unicorn-35933.exe	95
PID 2924 wrote to memory of 4400	2924	Unicorn-35933.exe	95
PID 2924 wrote to memory of 4400	2924	Unicorn-35933.exe	95
PID 2728 wrote to memory of 3724	2728	Unicorn-60437.exe	96
PID 2728 wrote to memory of 3724	2728	Unicorn-60437.exe	96
PID 2728 wrote to memory of 3724	2728	Unicorn-60437.exe	96
PID 3412 wrote to memory of 2848	3412	Unicorn-56868.exe	97
PID 3412 wrote to memory of 2848	3412	Unicorn-56868.exe	97
PID 3412 wrote to memory of 2848	3412	Unicorn-56868.exe	97
PID 1068 wrote to memory of 4048	1068	Unicorn-38770.exe	99
PID 1068 wrote to memory of 4048	1068	Unicorn-38770.exe	99
PID 1068 wrote to memory of 4048	1068	Unicorn-38770.exe	99
PID 1508 wrote to memory of 3352	1508	Unicorn-46702.exe	98
PID 1508 wrote to memory of 3352	1508	Unicorn-46702.exe	98
PID 1508 wrote to memory of 3352	1508	Unicorn-46702.exe	98
PID 1624 wrote to memory of 4464	1624	22dcb40db5eca7364dffe6df201608a17397eae5533622be5ed22185df16ff2dN.exe	100
PID 1624 wrote to memory of 4464	1624	22dcb40db5eca7364dffe6df201608a17397eae5533622be5ed22185df16ff2dN.exe	100
PID 1624 wrote to memory of 4464	1624	22dcb40db5eca7364dffe6df201608a17397eae5533622be5ed22185df16ff2dN.exe	100
PID 4400 wrote to memory of 5052	4400	Unicorn-14325.exe	101
PID 4400 wrote to memory of 5052	4400	Unicorn-14325.exe	101
PID 4400 wrote to memory of 5052	4400	Unicorn-14325.exe	101
PID 2924 wrote to memory of 1444	2924	Unicorn-35933.exe	102
PID 2924 wrote to memory of 1444	2924	Unicorn-35933.exe	102
PID 2924 wrote to memory of 1444	2924	Unicorn-35933.exe	102
PID 1432 wrote to memory of 3900	1432	Unicorn-50039.exe	103
PID 1432 wrote to memory of 3900	1432	Unicorn-50039.exe	103
PID 1432 wrote to memory of 3900	1432	Unicorn-50039.exe	103
PID 3352 wrote to memory of 400	3352	Unicorn-58119.exe	104
PID 3352 wrote to memory of 400	3352	Unicorn-58119.exe	104
PID 3352 wrote to memory of 400	3352	Unicorn-58119.exe	104
PID 1508 wrote to memory of 2944	1508	Unicorn-46702.exe	105
PID 1508 wrote to memory of 2944	1508	Unicorn-46702.exe	105
PID 1508 wrote to memory of 2944	1508	Unicorn-46702.exe	105
PID 3724 wrote to memory of 1556	3724	Unicorn-41591.exe	106
PID 3724 wrote to memory of 1556	3724	Unicorn-41591.exe	106
PID 3724 wrote to memory of 1556	3724	Unicorn-41591.exe	106
PID 4048 wrote to memory of 2628	4048	Unicorn-43821.exe	107
PID 4048 wrote to memory of 2628	4048	Unicorn-43821.exe	107
PID 4048 wrote to memory of 2628	4048	Unicorn-43821.exe	107
PID 4464 wrote to memory of 3628	4464	Unicorn-485.exe	111
PID 4464 wrote to memory of 3628	4464	Unicorn-485.exe	111
PID 4464 wrote to memory of 3628	4464	Unicorn-485.exe	111
PID 1624 wrote to memory of 1616	1624	22dcb40db5eca7364dffe6df201608a17397eae5533622be5ed22185df16ff2dN.exe	110
PID 1624 wrote to memory of 1616	1624	22dcb40db5eca7364dffe6df201608a17397eae5533622be5ed22185df16ff2dN.exe	110
PID 1624 wrote to memory of 1616	1624	22dcb40db5eca7364dffe6df201608a17397eae5533622be5ed22185df16ff2dN.exe	110
PID 1068 wrote to memory of 2592	1068	Unicorn-38770.exe	108

C:\Users\Admin\AppData\Local\Temp\22dcb40db5eca7364dffe6df201608a17397eae5533622be5ed22185df16ff2dN.exe
"C:\Users\Admin\AppData\Local\Temp\22dcb40db5eca7364dffe6df201608a17397eae5533622be5ed22185df16ff2dN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38770.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38770.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56868.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50039.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14045.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22567.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40543.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26231.exe
        8⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11254.exe
        9⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17925.exe
        10⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51869.exe
        10⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1245.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:17336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7116.exe
        10⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50214.exe
        9⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20156.exe
        9⤵
        
        PID:13108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26710.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:17044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17044 -s 484
        10⤵
        Program crash
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe
        9⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24645.exe
        8⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48495.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:15504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
        9⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47141.exe
        8⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26318.exe
        8⤵
        
        PID:14148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4741.exe
        7⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        8⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3716.exe
        8⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39398.exe
        8⤵
        
        PID:15484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-873.exe
        8⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
        7⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-916.exe
        7⤵
        
        PID:11960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14197.exe
        7⤵
        
        PID:15368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37205.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9157.exe
        7⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29255.exe
        8⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51590.exe
        8⤵
        
        PID:14996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10908.exe
        7⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41014.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41397.exe
        7⤵
        
        PID:16596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50573.exe
        6⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56711.exe
        7⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37447.exe
        8⤵
        
        PID:14932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2181.exe
        7⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22766.exe
        7⤵
        
        PID:15724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21620.exe
        7⤵
        
        PID:17144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55926.exe
        7⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24070.exe
        6⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31307.exe
        7⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7444.exe
        6⤵
        
        PID:11276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22453.exe
        6⤵
        
        PID:14508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
        6⤵
        
        PID:17008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32772.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65047.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58903.exe
        7⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
        8⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2046.exe
        9⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12668.exe
        9⤵
        
        PID:14316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-718.exe
        9⤵
        
        PID:16680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8517.exe
        8⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
        8⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7158.exe
        8⤵
        
        PID:3696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 464
        9⤵
        Program crash
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20701.exe
        7⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8708.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3357.exe
        7⤵
        
        PID:14536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61918.exe
        6⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62951.exe
        7⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47423.exe
        8⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12101.exe
        8⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53285.exe
        8⤵
        
        PID:15428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14572.exe
        7⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63598.exe
        7⤵
        
        PID:14904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46357.exe
        6⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43199.exe
        7⤵
        
        PID:13080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44598.exe
        7⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
        6⤵
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57725.exe
        6⤵
        
        PID:13492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48638.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24415.exe
        6⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48190.exe
        7⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40822.exe
        7⤵
        
        PID:12460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8532.exe
        7⤵
        
        PID:16464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10053.exe
        6⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10532.exe
        6⤵
        
        PID:13128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15261.exe
        6⤵
        
        PID:16704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16966.exe
        6⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6740.exe
        5⤵
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56327.exe
        6⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57151.exe
        7⤵
        
        PID:15672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17749.exe
        6⤵
        
        PID:10076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        6⤵
        
        PID:14100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37479.exe
        6⤵
        
        PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55662.exe
        5⤵
        
        PID:8072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16142.exe
        5⤵
        
        PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56716.exe
        5⤵
        
        PID:15160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8037.exe
        5⤵
        
        PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38253.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33749.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8062.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34975.exe
        7⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48190.exe
        8⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25916.exe
        8⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55630.exe
        8⤵
        
        PID:15748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44734.exe
        7⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        7⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47357.exe
        7⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14148.exe
        6⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44039.exe
        7⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12668.exe
        7⤵
        
        PID:14324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44158.exe
        6⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54159.exe
        7⤵
        
        PID:14820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1020.exe
        6⤵
        
        PID:13084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50518.exe
        6⤵
        
        PID:17016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64823.exe
        6⤵
        
        PID:16752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42965.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23189.exe
        6⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6654.exe
        7⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21013.exe
        7⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39869.exe
        7⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17348.exe
        6⤵
        
        PID:8612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20428.exe
        6⤵
        
        PID:13584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25157.exe
        6⤵
        
        PID:16768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31029.exe
        6⤵
        
        PID:16752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15981.exe
        5⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57199.exe
        6⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55591.exe
        7⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36605.exe
        7⤵
        
        PID:15432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
        6⤵
        
        PID:11292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41789.exe
        6⤵
        
        PID:14656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55669.exe
        5⤵
        
        PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46461.exe
        5⤵
        
        PID:11476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48071.exe
        5⤵
        
        PID:15280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4620.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54767.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
        6⤵
        Executes dropped EXE
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24415.exe
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62183.exe
        8⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52742.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:15128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37965.exe
        9⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5828.exe
        8⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2581.exe
        8⤵
        
        PID:14628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24453.exe
        7⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8590.exe
        8⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe
        8⤵
        
        PID:14580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        8⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29842.exe
        8⤵
        
        PID:17012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        7⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1621.exe
        7⤵
        
        PID:13996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
        7⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61150.exe
        6⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48678.exe
        7⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        7⤵
        
        PID:14260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19548.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6125.exe
        6⤵
        
        PID:11504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47541.exe
        6⤵
        
        PID:15380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57127.exe
        6⤵
        
        PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43942.exe
        5⤵
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8078.exe
        6⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        7⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29255.exe
        8⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57846.exe
        8⤵
        
        PID:13488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57334.exe
        7⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12756.exe
        7⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64198.exe
        7⤵
        
        PID:17108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57510.exe
        6⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51471.exe
        7⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57483.exe
        7⤵
        
        PID:16532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47141.exe
        6⤵
        
        PID:10000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26318.exe
        6⤵
        
        PID:14156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20042.exe
        6⤵
        
        PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1372.exe
        5⤵
        
        PID:1272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18087.exe
        6⤵
        
        PID:8292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35917.exe
        6⤵
        
        PID:11752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59085.exe
        6⤵
        
        PID:16144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24174.exe
        5⤵
        
        PID:8400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22924.exe
        5⤵
        
        PID:11844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45717.exe
        5⤵
        
        PID:16368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7262.exe
        5⤵
        
        PID:1436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38358.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38343.exe
        5⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41135.exe
        6⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        7⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2861.exe
        7⤵
        
        PID:11352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
        7⤵
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29655.exe
        7⤵
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36565.exe
        6⤵
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        6⤵
        
        PID:11412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56206.exe
        6⤵
        
        PID:15392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61342.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53831.exe
        6⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2654.exe
        7⤵
        
        PID:14512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6636.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15101.exe
        7⤵
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60790.exe
        6⤵
        
        PID:9676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21988.exe
        6⤵
        
        PID:14364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57509.exe
        5⤵
        
        PID:7992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18783.exe
        6⤵
        
        PID:12156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19605.exe
        6⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
        5⤵
        
        PID:10500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45813.exe
        5⤵
        
        PID:14736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51652.exe
        5⤵
        
        PID:760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6828.exe
      4⤵
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15478.exe
        5⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16655.exe
        6⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30245.exe
        6⤵
        
        PID:11992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
        6⤵
        
        PID:14032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6005.exe
        5⤵
        
        PID:7316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2446.exe
        6⤵
        
        PID:12244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19605.exe
        6⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18133.exe
        5⤵
        
        PID:372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22948.exe
        5⤵
        
        PID:16136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36364.exe
        5⤵
        
        PID:17024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15093.exe
      4⤵
      PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23375.exe
        5⤵
        
        PID:8000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        5⤵
        
        PID:11420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
        5⤵
        
        PID:16004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65239.exe
      4⤵
      PID:8360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51124.exe
      4⤵
      PID:11824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35917.exe
      4⤵
      PID:16356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46702.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46702.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58119.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52935.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14990.exe
        7⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
        8⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31159.exe
        9⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
        9⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41789.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:15472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46037.exe
        9⤵
        
        PID:17116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3805.exe
        8⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3140.exe
        8⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
        8⤵
        
        PID:14660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31556.exe
        7⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32151.exe
        8⤵
        
        PID:12760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21333.exe
        8⤵
        
        PID:16828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64293.exe
        8⤵
        
        PID:17376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13229.exe
        7⤵
        
        PID:10804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
        7⤵
        
        PID:15716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44710.exe
        6⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28447.exe
        7⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64999.exe
        8⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2205.exe
        8⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14141.exe
        8⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28308.exe
        7⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18429.exe
        7⤵
        
        PID:13184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55533.exe
        7⤵
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39333.exe
        6⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19919.exe
        7⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46302.exe
        7⤵
        
        PID:12332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60917.exe
        7⤵
        
        PID:17320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29849.exe
        7⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27926.exe
        6⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1980.exe
        6⤵
        
        PID:13376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58446.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49007.exe
        6⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43631.exe
        7⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7452.exe
        8⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1621.exe
        8⤵
        
        PID:14004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14661.exe
        7⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
        7⤵
        
        PID:12384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50062.exe
        7⤵
        
        PID:16548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56542.exe
        6⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1397.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65015.exe
        8⤵
        
        PID:12796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
        8⤵
        
        PID:16916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15397.exe
        8⤵
        
        PID:16836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60037.exe
        7⤵
        
        PID:12468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64966.exe
        7⤵
        
        PID:16456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16436.exe
        7⤵
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46461.exe
        6⤵
        
        PID:8200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9685.exe
        6⤵
        
        PID:13132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18044.exe
        6⤵
        
        PID:17056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        5⤵
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11342.exe
        6⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exe
        7⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        7⤵
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50341.exe
        7⤵
        
        PID:15440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12165.exe
        6⤵
        
        PID:8696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        6⤵
        
        PID:12116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
        6⤵
        
        PID:13936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15326.exe
        6⤵
        
        PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
        5⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46686.exe
        6⤵
        
        PID:12756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        6⤵
        
        PID:16440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60957.exe
        5⤵
        
        PID:8604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2046.exe
        5⤵
        
        PID:17008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7590.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24223.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32015.exe
        8⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10733.exe
        8⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56965.exe
        8⤵
        
        PID:15072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4469.exe
        7⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18412.exe
        7⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45734.exe
        7⤵
        
        PID:14204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30501.exe
        6⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41351.exe
        7⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13909.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
        7⤵
        
        PID:14684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20804.exe
        6⤵
        
        PID:8456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26022.exe
        6⤵
        
        PID:13120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18044.exe
        6⤵
        
        PID:17036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19629.exe
        5⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11830.exe
        6⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57422.exe
        6⤵
        
        PID:8352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60037.exe
        6⤵
        
        PID:12492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64966.exe
        6⤵
        
        PID:16392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
        6⤵
        
        PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15988.exe
        5⤵
        
        PID:7304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57999.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45366.exe
        6⤵
        
        PID:16564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25676.exe
        6⤵
        
        PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        5⤵
        
        PID:10180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17268.exe
        5⤵
        
        PID:13692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44565.exe
        5⤵
        
        PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53375.exe
        5⤵
        
        PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26276.exe
        5⤵
        
        PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32684.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25271.exe
        5⤵
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16669.exe
        6⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        7⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16900.exe
        7⤵
        
        PID:15700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23596.exe
        6⤵
        
        PID:9864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3821.exe
        6⤵
        
        PID:13828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10364.exe
        6⤵
        
        PID:16428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51747.exe
        5⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        6⤵
        
        PID:8324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
        6⤵
        
        PID:12868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        6⤵
        
        PID:16416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
        6⤵
        
        PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11204.exe
        5⤵
        
        PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        5⤵
        
        PID:13024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7484.exe
        5⤵
        
        PID:16760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
        5⤵
        
        PID:5276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49894.exe
      4⤵
      PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
        5⤵
        
        PID:7004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53271.exe
        6⤵
        
        PID:10052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48134.exe
        6⤵
        
        PID:14280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
        6⤵
        
        PID:17296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30332.exe
        5⤵
        
        PID:10692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14100.exe
        5⤵
        
        PID:15688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12228.exe
      4⤵
      PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
        5⤵
        
        PID:12848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
        5⤵
        
        PID:16908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exe
      4⤵
      PID:8332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
      4⤵
      PID:14356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12117.exe
      4⤵
      PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43843.exe
      4⤵
      PID:3632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43821.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43821.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20263.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54959.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7782.exe
        6⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43631.exe
        7⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4454.exe
        8⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22285.exe
        8⤵
        
        PID:13644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37053.exe
        7⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26876.exe
        7⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15661.exe
        7⤵
        
        PID:15596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56734.exe
        6⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54527.exe
        7⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16900.exe
        7⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6732.exe
        7⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13508.exe
        6⤵
        
        PID:9436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51294.exe
        6⤵
        
        PID:13228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55533.exe
        6⤵
        
        PID:17356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44134.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18551.exe
        6⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6462.exe
        7⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12845.exe
        7⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14980.exe
        7⤵
        
        PID:15356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20413.exe
        7⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13405.exe
        6⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48501.exe
        6⤵
        
        PID:11588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55438.exe
        6⤵
        
        PID:15656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45773.exe
        5⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41677.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57733.exe
        6⤵
        
        PID:15200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43830.exe
        6⤵
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13940.exe
        6⤵
        
        PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11485.exe
        5⤵
        
        PID:7704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57237.exe
        5⤵
        
        PID:436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41581.exe
        5⤵
        
        PID:17344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43453.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64767.exe
        5⤵
        
        PID:1352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
        6⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5590.exe
        7⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44070.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3732.exe
        7⤵
        
        PID:13868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21132.exe
        7⤵
        
        PID:16936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
        6⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61455.exe
        7⤵
        
        PID:13964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34364.exe
        6⤵
        
        PID:10600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62838.exe
        6⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28861.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31543.exe
        6⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        6⤵
        
        PID:11368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
        6⤵
        
        PID:15972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
        5⤵
        
        PID:8392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31590.exe
        5⤵
        
        PID:11852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
        5⤵
        
        PID:16344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51045.exe
      4⤵
      PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11830.exe
        5⤵
        
        PID:6464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2046.exe
        6⤵
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55622.exe
        6⤵
        
        PID:13196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53709.exe
        6⤵
        
        PID:17068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55309.exe
        5⤵
        
        PID:9980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46358.exe
      4⤵
      PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52247.exe
        5⤵
        
        PID:14388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5612.exe
      4⤵
      PID:10160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49934.exe
      4⤵
      PID:13468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
      4⤵
      PID:16900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38815.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7782.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43439.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6301.exe
        7⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51293.exe
        7⤵
        
        PID:12352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
        7⤵
        
        PID:16488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53006.exe
        6⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
        6⤵
        
        PID:12400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50062.exe
        6⤵
        
        PID:16536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19980.exe
        6⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
        5⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37599.exe
        6⤵
        
        PID:9044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54470.exe
        6⤵
        
        PID:60
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54093.exe
        6⤵
        
        PID:17280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36198.exe
        5⤵
        
        PID:10648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        5⤵
        
        PID:14916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52494.exe
      4⤵
      PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
        5⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3686.exe
        6⤵
        
        PID:9564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56582.exe
        6⤵
        
        PID:13388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32476.exe
        6⤵
        
        PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21292.exe
        5⤵
        
        PID:9764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29286.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49093.exe
        5⤵
        
        PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21770.exe
        5⤵
        
        PID:7040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
      4⤵
      PID:7132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28118.exe
      4⤵
      PID:9616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36380.exe
      4⤵
      PID:13420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12012.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39495.exe
      4⤵
      PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58343.exe
        5⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54055.exe
        6⤵
        
        PID:13616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe
        6⤵
        
        PID:17292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23405.exe
        5⤵
        
        PID:8428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        5⤵
        
        PID:14244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43277.exe
      4⤵
      PID:4708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
      4⤵
      PID:9784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3437.exe
      4⤵
      PID:13712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49285.exe
      4⤵
      PID:16612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
    3⤵
    PID:5088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20471.exe
      4⤵
      PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29255.exe
        5⤵
        
        PID:11156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16900.exe
        5⤵
        
        PID:15804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20956.exe
        5⤵
        
        PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40125.exe
      4⤵
      PID:8668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
      4⤵
      PID:14252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61060.exe
      4⤵
      PID:16972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4390.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4390.exe
    3⤵
    PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59519.exe
      4⤵
      PID:7328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40629.exe
      4⤵
      PID:13052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10284.exe
      4⤵
      PID:16852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46378.exe
      4⤵
      PID:4576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6620.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6620.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10045.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10045.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:13436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35933.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35933.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14325.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14325.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51399.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63023.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49863.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
        7⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11254.exe
        8⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
        9⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43229.exe
        9⤵
        
        PID:15080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
        9⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5338.exe
        9⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30525.exe
        8⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4396.exe
        8⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
        8⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42989.exe
        7⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12958.exe
        8⤵
        
        PID:15932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49754.exe
        8⤵
        
        PID:16760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14573.exe
        7⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60229.exe
        7⤵
        
        PID:14552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15685.exe
        6⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32015.exe
        7⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19383.exe
        8⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18325.exe
        7⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17276.exe
        7⤵
        
        PID:15268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18204.exe
        6⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32446.exe
        6⤵
        
        PID:10424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37068.exe
        6⤵
        
        PID:14232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54694.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51695.exe
        6⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36911.exe
        7⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        8⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22766.exe
        8⤵
        
        PID:15776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21620.exe
        8⤵
        
        PID:16500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14893.exe
        8⤵
        
        PID:17120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16685.exe
        7⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39181.exe
        7⤵
        
        PID:13444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1293.exe
        6⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1870.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12013.exe
        7⤵
        
        PID:16288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        6⤵
        
        PID:10352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14973.exe
        6⤵
        
        PID:15176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38399.exe
        6⤵
        
        PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11932.exe
        5⤵
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11446.exe
        6⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10686.exe
        7⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10453.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
        7⤵
        
        PID:15740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45461.exe
        7⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14661.exe
        6⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
        6⤵
        
        PID:12424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
        6⤵
        
        PID:16512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20693.exe
        5⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56663.exe
        6⤵
        
        PID:15588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31924.exe
        6⤵
        
        PID:1224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19741.exe
        5⤵
        
        PID:10252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55463.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59878.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17191.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43719.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10230.exe
        8⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30077.exe
        8⤵
        
        PID:16216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1556.exe
        8⤵
        
        PID:16112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16685.exe
        7⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12861.exe
        7⤵
        
        PID:14744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1293.exe
        6⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55591.exe
        7⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36605.exe
        7⤵
        
        PID:15408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57229.exe
        6⤵
        
        PID:9548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2581.exe
        6⤵
        
        PID:14620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23277.exe
        5⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62959.exe
        6⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15751.exe
        7⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11941.exe
        7⤵
        
        PID:16504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44070.exe
        6⤵
        
        PID:9508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21604.exe
        6⤵
        
        PID:14760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46908.exe
        6⤵
        
        PID:14980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24452.exe
        5⤵
        
        PID:7928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56758.exe
        5⤵
        
        PID:10948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54173.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
        5⤵
        
        PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43925.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50735.exe
        5⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47879.exe
        6⤵
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
        6⤵
        
        PID:11688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51685.exe
        6⤵
        
        PID:16080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10053.exe
        5⤵
        
        PID:8300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10532.exe
        5⤵
        
        PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15261.exe
        5⤵
        
        PID:16500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11924.exe
      4⤵
      PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
        5⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
        6⤵
        
        PID:17268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        5⤵
        
        PID:11448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
        5⤵
        
        PID:15824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17054.exe
        5⤵
        
        PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6757.exe
      4⤵
      PID:8728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9422.exe
      4⤵
      PID:12248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34812.exe
      4⤵
      PID:14144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21429.exe
      4⤵
      PID:16972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37101.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37101.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43527.exe
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
        7⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53271.exe
        8⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5757.exe
        8⤵
        
        PID:13224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40452.exe
        8⤵
        
        PID:16356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
        7⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45429.exe
        7⤵
        
        PID:13140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64198.exe
        7⤵
        
        PID:17092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9077.exe
        6⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
        7⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16900.exe
        7⤵
        
        PID:15836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6732.exe
        7⤵
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31956.exe
        6⤵
        
        PID:9884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61190.exe
        6⤵
        
        PID:13860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47590.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exe
        6⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29564.exe
        6⤵
        
        PID:11936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39206.exe
        6⤵
        
        PID:16244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25604.exe
        5⤵
        
        PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-916.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14197.exe
        5⤵
        
        PID:14848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53350.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26231.exe
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62959.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52135.exe
        7⤵
        
        PID:13152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45750.exe
        7⤵
        
        PID:16816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7421.exe
        7⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3037.exe
        6⤵
        
        PID:9036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13628.exe
        6⤵
        
        PID:14092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
        6⤵
        
        PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43581.exe
        5⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34751.exe
        6⤵
        
        PID:14072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33068.exe
        6⤵
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50893.exe
        5⤵
        
        PID:10992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62838.exe
        5⤵
        
        PID:14832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10116.exe
      4⤵
      PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35759.exe
        5⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        6⤵
        
        PID:10672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22766.exe
        6⤵
        
        PID:15708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30332.exe
        5⤵
        
        PID:10736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
        5⤵
        
        PID:15016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25377.exe
        5⤵
        
        PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52222.exe
      4⤵
      PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26583.exe
        5⤵
        
        PID:14176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12820.exe
      4⤵
      PID:9940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41957.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13941.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13941.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40543.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35551.exe
        5⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
        6⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27143.exe
        7⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19605.exe
        7⤵
        
        PID:16256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14189.exe
        6⤵
        
        PID:9300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4396.exe
        6⤵
        
        PID:13352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39886.exe
        6⤵
        
        PID:16612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-873.exe
        6⤵
        
        PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27420.exe
        5⤵
        
        PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37542.exe
        5⤵
        
        PID:9624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44277.exe
        5⤵
        
        PID:14068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8124.exe
        5⤵
        
        PID:17284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47590.exe
      4⤵
      PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6462.exe
        5⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2989.exe
        6⤵
        
        PID:16860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55043.exe
        6⤵
        
        PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4293.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48613.exe
        5⤵
        
        PID:14756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
        5⤵
        
        PID:17328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58469.exe
      4⤵
      PID:7964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-916.exe
      4⤵
      PID:12084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14197.exe
      4⤵
      PID:15640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22861.exe
      4⤵
      PID:17120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65275.exe
      4⤵
      PID:5288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48141.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48141.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24415.exe
      4⤵
      PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3613.exe
        5⤵
        
        PID:8620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
        5⤵
        
        PID:12416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50062.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20036.exe
      4⤵
      PID:8832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57158.exe
      4⤵
      PID:12360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8532.exe
      4⤵
      PID:16476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
    3⤵
    PID:5196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32015.exe
      4⤵
      PID:7620
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 684
        5⤵
        Program crash
        
        PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10733.exe
      4⤵
      PID:11124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22766.exe
      4⤵
      PID:15768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15934.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15934.exe
    3⤵
    PID:6988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2780.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2780.exe
    3⤵
    PID:8768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51381.exe
    3⤵
    PID:15056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12973.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12973.exe
    3⤵
    PID:2988
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60437.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60437.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41591.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41591.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61103.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40071.exe
        6⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        7⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe
        8⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        8⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
        8⤵
        
        PID:15880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3805.exe
        7⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3140.exe
        7⤵
        
        PID:12088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
        7⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57895.exe
        7⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31556.exe
        6⤵
        
        PID:7516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13229.exe
        6⤵
        
        PID:10788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54165.exe
        6⤵
        
        PID:15008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16868.exe
        6⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62966.exe
        5⤵
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11446.exe
        6⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52503.exe
        7⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39861.exe
        7⤵
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        7⤵
        
        PID:17332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55309.exe
        6⤵
        
        PID:9988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
        6⤵
        
        PID:14132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30404.exe
        5⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        6⤵
        
        PID:14688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37822.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        5⤵
        
        PID:13928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59366.exe
        5⤵
        
        PID:17236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33941.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9126.exe
        5⤵
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
        6⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16900.exe
        7⤵
        
        PID:15788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6732.exe
        7⤵
        
        PID:17144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23021.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
        6⤵
        
        PID:16444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29655.exe
        6⤵
        
        PID:1312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33765.exe
        5⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41717.exe
        6⤵
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31820.exe
        6⤵
        
        PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20437.exe
        5⤵
        
        PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        5⤵
        
        PID:14956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65493.exe
        5⤵
        
        PID:5312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27692.exe
      4⤵
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36807.exe
        5⤵
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6846.exe
        6⤵
        
        PID:7280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
        6⤵
        
        PID:11308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41789.exe
        6⤵
        
        PID:14704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49197.exe
        6⤵
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        5⤵
        
        PID:8656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3140.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
        5⤵
        
        PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-681.exe
        5⤵
        
        PID:9952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61534.exe
      4⤵
      PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44423.exe
        5⤵
        
        PID:8284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55622.exe
        5⤵
        
        PID:13204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4700.exe
        5⤵
        
        PID:17244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55454.exe
        5⤵
        
        PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45461.exe
        5⤵
        
        PID:17328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
      4⤵
      PID:9556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49124.exe
      4⤵
      PID:14664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43229.exe
      4⤵
      PID:676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23325.exe
      4⤵
      PID:2236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49598.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4798.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17295.exe
        5⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        6⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
        7⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40053.exe
        7⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34020.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31765.exe
        6⤵
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        6⤵
        
        PID:14236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61060.exe
        6⤵
        
        PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33765.exe
        5⤵
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        6⤵
        
        PID:12932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29885.exe
        6⤵
        
        PID:16956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21349.exe
        6⤵
        
        PID:15876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57413.exe
        5⤵
        
        PID:10348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exe
        5⤵
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4558.exe
        5⤵
        
        PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24460.exe
        5⤵
        
        PID:5240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
      4⤵
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
        5⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1397.exe
        6⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60037.exe
        6⤵
        
        PID:12508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64966.exe
        6⤵
        
        PID:16584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        6⤵
        
        PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22253.exe
        5⤵
        
        PID:9008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11988.exe
        5⤵
        
        PID:13044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10181.exe
        5⤵
        
        PID:16996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65482.exe
      4⤵
      PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        5⤵
        
        PID:8912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
        5⤵
        
        PID:12876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25102.exe
        5⤵
        
        PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19373.exe
      4⤵
      PID:9416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
      4⤵
      PID:13156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38997.exe
      4⤵
      PID:2012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39701.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39701.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33631.exe
      4⤵
      PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
        5⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16655.exe
        6⤵
        
        PID:8524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30245.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
        6⤵
        
        PID:13880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31765.exe
        5⤵
        
        PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3820.exe
        5⤵
        
        PID:13164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59574.exe
        5⤵
        
        PID:17084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43277.exe
      4⤵
      PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45383.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55622.exe
        5⤵
        
        PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4700.exe
        5⤵
        
        PID:17256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22252.exe
      4⤵
      PID:9680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45046.exe
      4⤵
      PID:13428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49894.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49894.exe
    3⤵
    PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
      4⤵
      PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42700.exe
        5⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        6⤵
        
        PID:12732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21333.exe
        6⤵
        
        PID:16820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        5⤵
        
        PID:11404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
        5⤵
        
        PID:15988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13894.exe
        5⤵
        
        PID:264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45030.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52533.exe
      4⤵
      PID:12140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
      4⤵
      PID:15452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
      4⤵
      PID:17188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25377.exe
      4⤵
      PID:6580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36532.exe
    3⤵
    PID:4456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2917.exe
    3⤵
    PID:9648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45271.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45271.exe
    3⤵
    PID:13512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51075.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51075.exe
    3⤵
    PID:6156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-485.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-485.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3926.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3926.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45639.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40071.exe
        5⤵
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
        6⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        7⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23599.exe
        8⤵
        
        PID:12640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61982.exe
        8⤵
        
        PID:16752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29622.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4677.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14980.exe
        7⤵
        
        PID:15184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5476.exe
        7⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30380.exe
        7⤵
        
        PID:14992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3613.exe
        6⤵
        
        PID:8596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10452.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
        6⤵
        
        PID:16524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36941.exe
        6⤵
        
        PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25597.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8614.exe
        6⤵
        
        PID:16008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20437.exe
        5⤵
        
        PID:10276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        5⤵
        
        PID:14864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54990.exe
      4⤵
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36335.exe
        5⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63871.exe
        6⤵
        
        PID:15628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23756.exe
        6⤵
        
        PID:16584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55043.exe
        6⤵
        
        PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9565.exe
        5⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7070.exe
        6⤵
        
        PID:15228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10836.exe
        5⤵
        
        PID:13296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59958.exe
        5⤵
        
        PID:17272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22812.exe
      4⤵
      PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8694.exe
        5⤵
        
        PID:11864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44110.exe
        5⤵
        
        PID:16160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37822.exe
      4⤵
      PID:9892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28020.exe
      4⤵
      PID:13848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59366.exe
      4⤵
      PID:16592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31341.exe
      4⤵
      PID:6128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9437.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9437.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
      4⤵
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35183.exe
        5⤵
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62119.exe
        6⤵
        
        PID:11220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57846.exe
        6⤵
        
        PID:13548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        5⤵
        
        PID:8384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51206.exe
        5⤵
        
        PID:14268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43277.exe
      4⤵
      PID:6692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-142.exe
        5⤵
        
        PID:11544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20565.exe
        5⤵
        
        PID:14724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64245.exe
      4⤵
      PID:9800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28134.exe
      4⤵
      PID:13744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51205.exe
      4⤵
      PID:17296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24242.exe
      4⤵
      PID:2308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2996.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2996.exe
    3⤵
    PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35183.exe
      4⤵
      PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9534.exe
        5⤵
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16007.exe
        6⤵
        
        PID:12820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38053.exe
        6⤵
        
        PID:16940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52062.exe
        5⤵
        
        PID:11524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24214.exe
        5⤵
        
        PID:15948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
        5⤵
        
        PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47526.exe
      4⤵
      PID:8884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
      4⤵
      PID:12408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50062.exe
      4⤵
      PID:16556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13677.exe
    3⤵
    PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53951.exe
      4⤵
      PID:10048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57846.exe
      4⤵
      PID:14048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19452.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19452.exe
    3⤵
    PID:9708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28205.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28205.exe
    3⤵
    PID:13504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56639.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56639.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52365.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52365.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4798.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
      4⤵
      PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37191.exe
        5⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61558.exe
        6⤵
        
        PID:8756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10540.exe
        6⤵
        
        PID:11484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48142.exe
        6⤵
        
        PID:15428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46950.exe
        5⤵
        
        PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
        5⤵
        
        PID:11584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9645.exe
      4⤵
      PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57895.exe
        5⤵
        
        PID:11560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60446.exe
        5⤵
        
        PID:15844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35901.exe
      4⤵
      PID:9244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11413.exe
      4⤵
      PID:12724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40541.exe
      4⤵
      PID:16884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41125.exe
      4⤵
      PID:17368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52877.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52877.exe
    3⤵
    PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11662.exe
      4⤵
      PID:9488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64558.exe
      4⤵
      PID:12368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
      4⤵
      PID:17152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7837.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7837.exe
    3⤵
    PID:8376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22924.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:12224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22941.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22941.exe
    3⤵
    PID:13364
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
    3⤵
    PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36463.exe
        5⤵
        
        PID:10904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16900.exe
        5⤵
        
        PID:15812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30286.exe
        5⤵
        
        PID:16592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63094.exe
      4⤵
      PID:8988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52829.exe
      4⤵
      PID:13028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10181.exe
      4⤵
      PID:16988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33765.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33765.exe
    3⤵
    PID:7140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61455.exe
      4⤵
      PID:13944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22606.exe
      4⤵
      PID:4752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44942.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44942.exe
    3⤵
    PID:10260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
    3⤵
    PID:14872
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
  2⤵
  PID:2148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
    3⤵
    PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63447.exe
      4⤵
      PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26223.exe
        5⤵
        
        PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44038.exe
        5⤵
        
        PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61470.exe
      4⤵
      PID:10236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14788.exe
      4⤵
      PID:15284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6005.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6005.exe
    3⤵
    PID:5692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53095.exe
      4⤵
      PID:13772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-188.exe
      4⤵
      PID:3584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31972.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31972.exe
    3⤵
    PID:11564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15548.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15548.exe
    3⤵
    PID:15960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exe
  2⤵
  PID:7124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59831.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59831.exe
    3⤵
    PID:14496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47765.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47765.exe
    3⤵
    PID:17296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41933.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41933.exe
  2⤵
  PID:9480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53357.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53357.exe
  2⤵
  PID:12828
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5661.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5661.exe
  2⤵
  PID:16496
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13108.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13108.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 7620 -ip 7620
1⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 17044 -ip 17044
1⤵
PID:16920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 3696 -ip 3696
1⤵
PID:2312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 16452 -ip 16452
1⤵
PID:16432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 16908 -ip 16908
1⤵
PID:17284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 16556 -ip 16556
1⤵
PID:4212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 15372 -ip 15372
1⤵
PID:2100

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2876 -s 3712
1⤵
PID:4752

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
- Suspicious behavior: AddClipboardFormatListener
PID:2412

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe

Filesize
468KB

MD5
a87e50e46eaf7aad7b82ed0da77edd07

SHA1
4ba53594fa83ea75e79cdb9709ba3c52eff49ca0

SHA256
e207047c5f7d38b317eb072135c5950e4888adab192e8f69ac6b1788327af95d

SHA512
1173c3278fa77c406248214c1c605f0db5659a8a6d639428221740e0666228e9decaf91550d95c30ce6aadd6e57d3899feac408c6dc19b9312e27b7c283b026f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10686.exe

Filesize
468KB

MD5
2aa083ea4de5ef141182603dbac44139

SHA1
bce4713f67513561634f7a8a2637793f349dd60c

SHA256
2e465b3382007faa23c7285d736345246d804bfb3ce99da3b80e302c485e02ef

SHA512
286e4ba81f56b554a460da29a84663284837c13ae43e3ce3da2e285a9d53fc4f0ac2bce6c04d08a9f1ec9d9efdbb2005a04be3e6d521baeed168c66e2cc003d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13941.exe

Filesize
468KB

MD5
f620adb7f14eda28d356fc71a8ea4fda

SHA1
a65784888386b88aa0ed7b54d6df566fa2ff2dac

SHA256
a7ad55b3551f5eca082034c7cf47e238c048a7d8466ac87001036b4677e13d67

SHA512
07175242bb54a20d98113d564eaed4a05c4135a7f574e7c31537a0d1708222b8bd6b86ae8cda4ce2850ce97ba810583776e384d73e3538db29730a309775aa26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe

Filesize
468KB

MD5
78231a38906655546984ac432fdc0bee

SHA1
073a82c5d7b90aaefaa3f9123d7a950746a12a61

SHA256
d6721f15b82c0f1330d980f781042ec68e69f97cd6b0e9c0df3de86b67c241a4

SHA512
a42cede5a8a6d969ec140f8dbf96218d083e29784b8a3fc2f104941fbe0a9abfbdf6059145736a093dd310f11b6c412e96641591c4f250d4eeb9104d481c8c36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14045.exe

Filesize
468KB

MD5
e93cbba4890475e6b06a659ed6471dfb

SHA1
b4ddf62ddfad2cd68073b32849834f0c0fece94d

SHA256
5dd2eae27f71cde8279880e8f62322fa5ba0a9471c16f9fcfccbad303640b498

SHA512
6bc8390c2058c5011c3acc569f03acb33d0dc0d3e827d2a9edec1c5154c83083dd61ab27be212962bd6778f02442aa629730aea992e59046b379963b1ec061ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14325.exe

Filesize
468KB

MD5
6a7c694cdc4c6d1eb595b2f988467c06

SHA1
4234485a35d9c7410c228fbb225d12b0dd14e9e7

SHA256
4db7fbd4aa3933054749725b8c972e00722bf24c5ef7686c6652643babb06fbb

SHA512
2d3efeae97220976f092fcf2454875609d6c32a5f085163216e25ec31dce7dd33f8720f439eca81041116eb0e647ae2f442a333a87a63d37ef5c109ffbb10c4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20263.exe

Filesize
468KB

MD5
82ca77ae1597f2c2404e4d0a4bf2bc1e

SHA1
9cae5cbeaada0865a5ef5e405973ba7a97099993

SHA256
cd1e3b8d58fb63ceab1b4d5cf9b35f8a413d5e128c6b2bd57ee853a4b9fda443

SHA512
c67a31515fcce92599ec8e92e3f43074a2422ba7ef08d68eac5d8c9d7e6dbb4850cb6ad01b61592e27e1f68de374ffd53cc4598cfb91c7cd175e89bd4f759583

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22567.exe

Filesize
468KB

MD5
b0d8e78016c21aea695d13465abd09a6

SHA1
1cd27f2a8636bb0195b3e7e950f5fa9fb85b8de3

SHA256
0bcfaa3ceac9c87f829b0fdfbb755be2238bf7a9c62a4ab152cd11705492035f

SHA512
d2870c3be0eecab861bc53585a27cfb6dce3e92115061d25b74399b3acdfc08eaa9c5017c3f8ceaa9e47293144366dbde628483b98bbe8c8623b22c782abfd89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32772.exe

Filesize
468KB

MD5
b5e9e736cc0e0770f6fcb991432bde0a

SHA1
b1b56ca6a9a7e74a04dd3d0d9e05148d541c5e98

SHA256
26b4e3e28b22ad8f7434a69eb933b604b1fbb5e86a15c17b4c355d18e4ba24b4

SHA512
29c344d4312384db81af2aa1797f0f218271e7ca05fc34b588f07645696044077513945269733a45598001c9602576349baf1feae7781e0dfc0a73e5651a119c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33749.exe

Filesize
468KB

MD5
225dc23b7eeb18df3b1cbced8b3b67d0

SHA1
c744e91a38ecbe79040270ea9374919aef7065a2

SHA256
e98129821f4d4fcd543ab080715e1a228acd2869b038e75f5238e4c1a432322a

SHA512
6303695b5c63837ba86df7314821df5a5ce5492bc69f754b806616b2c759f50add454f8861eeef4a7b6734932a9a686b6df101c9e3b51e7a3de8c1d21516d3d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35933.exe

Filesize
468KB

MD5
9b9ad2954cd2f8e29835417803ac44e8

SHA1
29109256a46e0d18306b9c1f793ef96f46a5b856

SHA256
48f03919853eae4c30b2c8af38b1783654653b8373d4b469b55dbdbae67f7f0c

SHA512
8d9b93c1e3fe5b426625967ec0e3741b6cea83c8ffcc3494ff73d3232d82bad315b9cfbb5e0ba11bc46730f2d2e4e6b8a03cdda1aaa6e025d30939cf41dbda02

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe

Filesize
468KB

MD5
7cb69642942495c2f49b43914c5e9fef

SHA1
f508cf97cd705efe3fcaef063607d300253392ad

SHA256
4e34d8545ab8a7ef5577c86e80af8e375f49bdd9cd7ec61883000971a102e9a2

SHA512
4724b4abdeb44c5e229f4423018e211296f50774743a05ca213b8cb35d98ec89f906d841591ae541defb3cacfa586312a4481e3e981084cdbd907eb58dd85ea6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37101.exe

Filesize
468KB

MD5
1ab17d0202d420a6ca9d065f1216d752

SHA1
f478b7485ce6182fc1d331ab09566d5a78a0e008

SHA256
0ad8dfcb7d3b7442661b238e390ce1da790f4ae481ba097d1546d1f7d7521662

SHA512
362199c8cf37f25f0c2b758cd6ca7dca127e6d1c0dffc6d90062dade6fe4bcad69c9bfbf307976f8bd3b1c1c42a44884679f7e5f0d2472f3e7d386e39a121b6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38253.exe

Filesize
468KB

MD5
170b8c6de9eff676bf54b66dcdca1809

SHA1
dbb6db016a882165c9b6a02dc18791f6fbd91180

SHA256
c196b4a18b2d83fd971d7c367649ac4af165a926143848a14e410941585314d7

SHA512
0d5a22fcd6144a36b30f68e81480d5b0df04117b8523c9a308da64259b88781772187b8477d0409a501cff0597a04e66e43d49ab1de7a9931a18afede14111e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38770.exe

Filesize
468KB

MD5
cd2e687468b14c78e40dbea151c278df

SHA1
91686262f9703775cb6775291e7ba8a51e9cc4d7

SHA256
ed118f20786ed8a27dbd4f16425ca139ab3d81424735b0289bc9e5c8f4ee29f4

SHA512
4aa338ead3af84a4f438bee9478498c90cc1d974693d63b3af27a5ab6f3d93e832345b81d97b8a0bdfb6a9f53a69eeb7e4559c3499a3f7e338af241be61718ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3926.exe

Filesize
468KB

MD5
cd4043f03d01d116aefe0f41f435c670

SHA1
fc6025a74ec1141e7e4794c72c969c4e080852ae

SHA256
ca44a53bd9e95abbe3d293dd013b9d4d9d3576164194874406e33842366d3d03

SHA512
70dd4902bc238ca41c48633ab3b761b9e04789397555349701af0faf70609f76c080df24b01bf1c175a0a29171d4ed8a0fc0ee2bf61144281aeb67db1ca0b1d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe

Filesize
468KB

MD5
6ff61c69ab9a7a32e9804d605ea0bec6

SHA1
ac6e879cf85a267cae8b28ed37961f13ba5e0919

SHA256
ac585e72c8cd67d15507676aedab3a5f29f536574928fa26d12ac8461f9f66d2

SHA512
6493793744fa99e3c5cc2cd3be7ca1157bc32b31f1f09b43e4be2ab26d31fb280cbbcf1a02a9ba56b6398e8ae53d21c2ce450cb47e7b60ff4c6fba7f6c205569

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41591.exe

Filesize
468KB

MD5
83a7a3ba518b628df54f454ddac736b6

SHA1
00cd5454f02fcf8448d3388731cef0054737bdeb

SHA256
052965c48e0801e694972b9c8a662b9ccefa8761684dbb5ee68c178808d7a98d

SHA512
e2ffda590570c447f88ebe5a221f49ba690e37558820c10a69b824b2509b1487273c43c9c10e5028af95b90c4e5f8549f7827fbd983fce9bf9dcd7e376a99eb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43821.exe

Filesize
468KB

MD5
67a83a3fc6bf23f5c5beafb75a0c031d

SHA1
81a016689b6b34d0859f0baeb0c0226422fe4011

SHA256
2ea924a7ef2cf4636d8c775ce834bb7ed4b2e91a12e64a7e27902d70bd1442ee

SHA512
533160dfaebd67a972853c910cdd7513e4dfe9eeba7524dd97580fef76c5186a2d776fd04179f8225939e2e84fdb201c98b637b58e97228ccbfd12400975ffee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4620.exe

Filesize
468KB

MD5
1d3c103780d1c8569e14b08bad5f1fd9

SHA1
afdc680bc1d9aedc02f0db69e1fcb4b4678b144e

SHA256
c0a07fce4e886c10baee88355e3eef91cfaacaca85df730050b1d5a5b8f45f64

SHA512
b6e9ff3a07fb5b1e4a1e6ae0f7459bb79f6fc6ceb8619cf0951f1e6a2165f5a1069e9d380e3a6fe1d4ede2af8c7f824bdb8e228906fed46c27061f79bf638a82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46702.exe

Filesize
468KB

MD5
f3eadd5a737ea86d115db4867daa3252

SHA1
3141cdbce274a4844090a5fdb5a5abf2e8a115fd

SHA256
2dd7a4d673c69e96dee828037097eea62cb41d9a13912b233b1036fb880c9a89

SHA512
c3a582a6e2105024a057fc45259d36a7b832663e3dd329bf71e4fc684cb01bb50a44f43482fb8769460345644d4b36fb9ee57b9ee7d565fb4fcfc465694dc020

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-485.exe

Filesize
468KB

MD5
9fadb18086262983de19d621045c2932

SHA1
d14b43ecaed5b55176e8f511ba5faa08229b77f8

SHA256
3b5da3a9e423e524a0e31cf3d561863820c2740ffcea035759ab70e42157e4ac

SHA512
b96f662a59f69de3b80f2bc2627ed0471cad8a600c281bb7dca817c1e9eb682fa0867e527a532ec0616613427377de6156eb7242d5a3dc071f5c973e65f5f851

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49598.exe

Filesize
468KB

MD5
d441a4ac68f518e2b16ff0bfae35f921

SHA1
552642ccdb70d521ad75536df34eb1d10b8c5388

SHA256
1de71e933b4a745b386601e48b15baafaaf54455c1e54b3dd3ea223723d7e3be

SHA512
cc31614141967ae8c3d101fcc9f90cceb89a886d7cb239df8652b326789b86d9ac4b6eb086e39e387c3b266dbe4f4c2f2cadbafac1fc41057e462115a960e640

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50039.exe

Filesize
468KB

MD5
f37ad65a1a2d88e445aa09d2662b6354

SHA1
56782ac321aa604bcc9fe40a7f2d19f77a352495

SHA256
e5f76ada00771be291209be0b4033b66bd37d4bc692b1f1f0462231451aca163

SHA512
c4e3fee3e434f0207c10061cfeb2cef01e21f6ebc790eb2a32db1b7d237a54980a0eef715be1962fb43e76a8fa8e9fba487a5851ac49ec65c63967608322b872

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51399.exe

Filesize
468KB

MD5
4618605235077fa5442957fa2fe3da4b

SHA1
d5f98e6062f749d86eecc97e1d900d1bb7c203c1

SHA256
6e88ef8d6d7ad71bda52247930af0b4ee1de9976380c00b8938b5ea6fda27a69

SHA512
527693f28ede79f4fa6fcceac53ce74d8d74f48d66ac77b3669e9df2390c494e209373752675de549a74b095a17b2f9615f1da7f9a846aa1f95ff631484474bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52365.exe

Filesize
468KB

MD5
f482a7d8106612b11eddb60842717f86

SHA1
04e79bcb11c99a439486ef86ec41a10199a934c2

SHA256
ce79c411e516484be56785b12c0ee908e6e8d8ec8e5144fbd6438264539c12c9

SHA512
63bcd59614bcfb056b5fff88063d0ad2dd0115f21d7250576d751a7eaec076cb274eaa060ce703da3464484b3190e33551831a369309755c814910b89e448eec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52935.exe

Filesize
468KB

MD5
a998cb66b6c24afff7fc8b7d66226f3f

SHA1
26e5525baeaee91b8ea1caf776bccb781766b404

SHA256
b58f337f44ad3f28a14ca84a47bf3556501ce3abc4a1a98b87096516e8bcf0f7

SHA512
b98c8c9c7f7ba22f60e6ad3fdb4a939bc26cd8cd65c2549343bafd05733e20010e201e486dd34d5706a67f16f97158cb7d41d8059360f6949e86397d4d0809d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56868.exe

Filesize
468KB

MD5
39ac0535747f399a83048e97d82bc7ae

SHA1
98c5cfa1388477f111652561b037abe5e2daa9dc

SHA256
d146c0e0440bb54d3e9df2affe7144e0a3ff5dc15a572ab42758c1cef5801e7c

SHA512
a88840ea274fdc40b4ba89644886b4b6991b5a0ac5155aeaee63e177818e0e2e43cfc6c4b33b506c77e333b118f7ac274a491a71bd082172eaed9983213510dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58119.exe

Filesize
468KB

MD5
6b9680800762dc5016213db6f5c109ef

SHA1
d682bd6587f73e4c8a43db5b06d9dd690f66bae3

SHA256
bebb2ce22fd1456cc17d5aeb5596f9930c1ee517483094b468f3b42bb9db4673

SHA512
d552835a1c614a9c75e4f779357972a3c632524daf6dfd6138928eabf49ff7fbe3d84d5f41bcc4831010bb06e363b5b7e31dda3a43475c7c6672a4e70d5cf058

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59878.exe

Filesize
468KB

MD5
e655734deca605c422110ce0063f299d

SHA1
54c288d55c7704464b82e347ee8b0bf0dd277db1

SHA256
7d1df80ea0029f172086b503214440a658267ab53664a4a7ec6fea0ad63e2576

SHA512
b53236928352e33a8866a2fb3636d58a5fb05706b35c468568b9cca42a5e352dc2863fe41d3ee26352cc9fdf7cfb2414dcea819c1d6fbb7a0d86887691bcb93e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60437.exe

Filesize
468KB

MD5
1abe6dd26cfd77076cf1d8bc38875bc1

SHA1
b543d464b228e146d6b714abdc9d7222a21711db

SHA256
9dc895f5edc52835a811836e61b07fddf0bb7978910a9bd32129fdd38a869579

SHA512
47ac0da400391bbb53823a2e41fdf239621ab987864d4f3042766075f9393f6c3f34a962b259a47903101c6cf6223ec5b9c39bf46024c40af2f712e35344c2ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61103.exe

Filesize
468KB

MD5
8475d36753bc567713abe567fce5effc

SHA1
952ef9eeb2d0c0701ae840835df965c3aa7b7961

SHA256
8263245a6d1ae5771ab78f678b5618d1f66abf1a6bd3510e00a327fd6a42a754

SHA512
3f79b4670f243ec02eb02939bd735287818c58ab717535549f802e2e62163f0d97ad47e8b1235b055a4a997aeed13ae772f6068be415eb4058d9f386ad9ec675

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63023.exe

Filesize
468KB

MD5
7902d9a798e271f7b6232abc3a092a0d

SHA1
d01a5d9e5bf03f0d1611b8b777788aac154e296d

SHA256
c5229a924081b5479196b76159698c1e0257c0349a10ade5e1f3ecbcc6bfdb33

SHA512
da5d0b2227c3ec9466b04c3c6c40a3969ac97c9bd57024e7238de1ee043c79f46e8e0baf335daf113b97384f2631aa81ef59c9164765d968090b00dde182aac9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads