30ac53850515ffbdb0fe1d53e08ae8bffb9dcd1bb5db4275a36fc2faab9d46fb

Analysis

max time kernel
120s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2024, 23:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30ac53850515ffbdb0fe1d53e08ae8bffb9dcd1bb5db4275a36fc2faab9d46fbN.exe
Size

468KB
MD5

548124d0fc2d5771d033d26ec9651ed0
SHA1

79047b569052ebfc9340e2e85f8e1d25518faffc
SHA256

30ac53850515ffbdb0fe1d53e08ae8bffb9dcd1bb5db4275a36fc2faab9d46fb
SHA512

aa4dfc7347cd3f06a29719cc27709993c96c6af06fcafe5a2d71e3fab1d9ae6f5dbce736824178f6e1bca0b36c457b9ad61bc37dc6a5160690f239ec6c834ce3
SSDEEP

3072:1G3oogvKYv5TtbYJHzgOcY8/zChaP0ptnLHeTVP9NyVL8aXK/1ly:1G4o4RTtOHkOcYuYgDNyRvXK/

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4292	Unicorn-5825.exe
2552	Unicorn-53848.exe
996	Unicorn-64709.exe
4260	Unicorn-1715.exe
3252	Unicorn-16660.exe
2384	Unicorn-48970.exe
4084	Unicorn-16197.exe
680	Unicorn-17834.exe
2744	Unicorn-6136.exe
2036	Unicorn-7527.exe
3044	Unicorn-18388.exe
2028	Unicorn-50698.exe
3196	Unicorn-44568.exe
3048	Unicorn-46349.exe
3464	Unicorn-667.exe
2316	Unicorn-46339.exe
2068	Unicorn-47730.exe
1104	Unicorn-52177.exe
2960	Unicorn-8543.exe
920	Unicorn-475.exe
3972	Unicorn-27672.exe
2564	Unicorn-51622.exe
2760	Unicorn-39924.exe
968	Unicorn-59790.exe
4572	Unicorn-24793.exe
1076	Unicorn-33459.exe
3908	Unicorn-27593.exe
4396	Unicorn-40522.exe
3480	Unicorn-40522.exe
4256	Unicorn-10350.exe
4276	Unicorn-10350.exe
3508	Unicorn-28745.exe
3964	Unicorn-34876.exe
3476	Unicorn-15010.exe
772	Unicorn-15010.exe
1816	Unicorn-47128.exe
1268	Unicorn-63464.exe
1652	Unicorn-57334.exe
4064	Unicorn-22624.exe
4536	Unicorn-45737.exe
4520	Unicorn-59472.exe
800	Unicorn-38503.exe
1448	Unicorn-46936.exe
1832	Unicorn-20028.exe
3432	Unicorn-20294.exe
2396	Unicorn-39322.exe
1068	Unicorn-6095.exe
4988	Unicorn-42944.exe
4460	Unicorn-10179.exe
4236	Unicorn-22432.exe
976	Unicorn-31776.exe
4400	Unicorn-21669.exe
3160	Unicorn-10734.exe
4884	Unicorn-21808.exe
2000	Unicorn-52364.exe
2908	Unicorn-52364.exe
3648	Unicorn-15607.exe
3512	Unicorn-54865.exe
3444	Unicorn-3063.exe
1420	Unicorn-33698.exe
2500	Unicorn-33698.exe
2228	Unicorn-3163.exe
396	Unicorn-3163.exe
2348	Unicorn-3163.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
17000	7624	WerFault.exe	327
16936	17132	WerFault.exe	843
16972	13968	WerFault.exe	698

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24643.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33459.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46235.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31512.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4134.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9608.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27148.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45213.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50002.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20541.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39510.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15191.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43217.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64663.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60982.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5078.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47210.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25322.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24670.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29957.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46251.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12199.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62770.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29260.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48668.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2617.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58578.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6639.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24091.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32380.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33179.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47258.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6178.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36687.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26037.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34440.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	1560	dwm.exe
Token: SeChangeNotifyPrivilege	1560	dwm.exe
Token: 33	1560	dwm.exe
Token: SeIncBasePriorityPrivilege	1560	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4708	30ac53850515ffbdb0fe1d53e08ae8bffb9dcd1bb5db4275a36fc2faab9d46fbN.exe
4292	Unicorn-5825.exe
2552	Unicorn-53848.exe
996	Unicorn-64709.exe
4260	Unicorn-1715.exe
2384	Unicorn-48970.exe
3252	Unicorn-16660.exe
4084	Unicorn-16197.exe
680	Unicorn-17834.exe
2744	Unicorn-6136.exe
2036	Unicorn-7527.exe
3048	Unicorn-46349.exe
2028	Unicorn-50698.exe
3196	Unicorn-44568.exe
3044	Unicorn-18388.exe
3464	Unicorn-667.exe
2316	Unicorn-46339.exe
2068	Unicorn-47730.exe
1104	Unicorn-52177.exe
2960	Unicorn-8543.exe
920	Unicorn-475.exe
3972	Unicorn-27672.exe
2564	Unicorn-51622.exe
968	Unicorn-59790.exe
2760	Unicorn-39924.exe
1076	Unicorn-33459.exe
4572	Unicorn-24793.exe
3908	Unicorn-27593.exe
4396	Unicorn-40522.exe
3480	Unicorn-40522.exe
4256	Unicorn-10350.exe
4276	Unicorn-10350.exe
3964	Unicorn-34876.exe
772	Unicorn-15010.exe
3476	Unicorn-15010.exe
3508	Unicorn-28745.exe
1816	Unicorn-47128.exe
1268	Unicorn-63464.exe
1652	Unicorn-57334.exe
4064	Unicorn-22624.exe
1448	Unicorn-46936.exe
4536	Unicorn-45737.exe
2396	Unicorn-39322.exe
4520	Unicorn-59472.exe
800	Unicorn-38503.exe
3432	Unicorn-20294.exe
1832	Unicorn-20028.exe
1068	Unicorn-6095.exe
4236	Unicorn-22432.exe
4460	Unicorn-10179.exe
976	Unicorn-31776.exe
4988	Unicorn-42944.exe
3160	Unicorn-10734.exe
4400	Unicorn-21669.exe
4884	Unicorn-21808.exe
2000	Unicorn-52364.exe
2908	Unicorn-52364.exe
3648	Unicorn-15607.exe
3512	Unicorn-54865.exe
3444	Unicorn-3063.exe
2500	Unicorn-33698.exe
1420	Unicorn-33698.exe
2228	Unicorn-3163.exe
2348	Unicorn-3163.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4708 wrote to memory of 4292	4708	30ac53850515ffbdb0fe1d53e08ae8bffb9dcd1bb5db4275a36fc2faab9d46fbN.exe	82
PID 4708 wrote to memory of 4292	4708	30ac53850515ffbdb0fe1d53e08ae8bffb9dcd1bb5db4275a36fc2faab9d46fbN.exe	82
PID 4708 wrote to memory of 4292	4708	30ac53850515ffbdb0fe1d53e08ae8bffb9dcd1bb5db4275a36fc2faab9d46fbN.exe	82
PID 4292 wrote to memory of 2552	4292	Unicorn-5825.exe	83
PID 4292 wrote to memory of 2552	4292	Unicorn-5825.exe	83
PID 4292 wrote to memory of 2552	4292	Unicorn-5825.exe	83
PID 4708 wrote to memory of 996	4708	30ac53850515ffbdb0fe1d53e08ae8bffb9dcd1bb5db4275a36fc2faab9d46fbN.exe	84
PID 4708 wrote to memory of 996	4708	30ac53850515ffbdb0fe1d53e08ae8bffb9dcd1bb5db4275a36fc2faab9d46fbN.exe	84
PID 4708 wrote to memory of 996	4708	30ac53850515ffbdb0fe1d53e08ae8bffb9dcd1bb5db4275a36fc2faab9d46fbN.exe	84
PID 2552 wrote to memory of 4260	2552	Unicorn-53848.exe	85
PID 2552 wrote to memory of 4260	2552	Unicorn-53848.exe	85
PID 2552 wrote to memory of 4260	2552	Unicorn-53848.exe	85
PID 4292 wrote to memory of 3252	4292	Unicorn-5825.exe	86
PID 4292 wrote to memory of 3252	4292	Unicorn-5825.exe	86
PID 4292 wrote to memory of 3252	4292	Unicorn-5825.exe	86
PID 996 wrote to memory of 2384	996	Unicorn-64709.exe	87
PID 996 wrote to memory of 2384	996	Unicorn-64709.exe	87
PID 996 wrote to memory of 2384	996	Unicorn-64709.exe	87
PID 4708 wrote to memory of 4084	4708	30ac53850515ffbdb0fe1d53e08ae8bffb9dcd1bb5db4275a36fc2faab9d46fbN.exe	88
PID 4708 wrote to memory of 4084	4708	30ac53850515ffbdb0fe1d53e08ae8bffb9dcd1bb5db4275a36fc2faab9d46fbN.exe	88
PID 4708 wrote to memory of 4084	4708	30ac53850515ffbdb0fe1d53e08ae8bffb9dcd1bb5db4275a36fc2faab9d46fbN.exe	88
PID 4260 wrote to memory of 680	4260	Unicorn-1715.exe	89
PID 4260 wrote to memory of 680	4260	Unicorn-1715.exe	89
PID 4260 wrote to memory of 680	4260	Unicorn-1715.exe	89
PID 2552 wrote to memory of 2744	2552	Unicorn-53848.exe	90
PID 2552 wrote to memory of 2744	2552	Unicorn-53848.exe	90
PID 2552 wrote to memory of 2744	2552	Unicorn-53848.exe	90
PID 2384 wrote to memory of 2036	2384	Unicorn-48970.exe	91
PID 2384 wrote to memory of 2036	2384	Unicorn-48970.exe	91
PID 2384 wrote to memory of 2036	2384	Unicorn-48970.exe	91
PID 996 wrote to memory of 3044	996	Unicorn-64709.exe	92
PID 996 wrote to memory of 3044	996	Unicorn-64709.exe	92
PID 996 wrote to memory of 3044	996	Unicorn-64709.exe	92
PID 3252 wrote to memory of 2028	3252	Unicorn-16660.exe	93
PID 3252 wrote to memory of 2028	3252	Unicorn-16660.exe	93
PID 3252 wrote to memory of 2028	3252	Unicorn-16660.exe	93
PID 4292 wrote to memory of 3196	4292	Unicorn-5825.exe	94
PID 4292 wrote to memory of 3196	4292	Unicorn-5825.exe	94
PID 4292 wrote to memory of 3196	4292	Unicorn-5825.exe	94
PID 4708 wrote to memory of 3048	4708	30ac53850515ffbdb0fe1d53e08ae8bffb9dcd1bb5db4275a36fc2faab9d46fbN.exe	95
PID 4708 wrote to memory of 3048	4708	30ac53850515ffbdb0fe1d53e08ae8bffb9dcd1bb5db4275a36fc2faab9d46fbN.exe	95
PID 4708 wrote to memory of 3048	4708	30ac53850515ffbdb0fe1d53e08ae8bffb9dcd1bb5db4275a36fc2faab9d46fbN.exe	95
PID 680 wrote to memory of 3464	680	Unicorn-17834.exe	96
PID 680 wrote to memory of 3464	680	Unicorn-17834.exe	96
PID 680 wrote to memory of 3464	680	Unicorn-17834.exe	96
PID 4084 wrote to memory of 2316	4084	Unicorn-16197.exe	97
PID 4084 wrote to memory of 2316	4084	Unicorn-16197.exe	97
PID 4084 wrote to memory of 2316	4084	Unicorn-16197.exe	97
PID 2744 wrote to memory of 2068	2744	Unicorn-6136.exe	98
PID 2744 wrote to memory of 2068	2744	Unicorn-6136.exe	98
PID 2744 wrote to memory of 2068	2744	Unicorn-6136.exe	98
PID 4260 wrote to memory of 1104	4260	Unicorn-1715.exe	99
PID 4260 wrote to memory of 1104	4260	Unicorn-1715.exe	99
PID 4260 wrote to memory of 1104	4260	Unicorn-1715.exe	99
PID 2552 wrote to memory of 2960	2552	Unicorn-53848.exe	100
PID 2552 wrote to memory of 2960	2552	Unicorn-53848.exe	100
PID 2552 wrote to memory of 2960	2552	Unicorn-53848.exe	100
PID 2036 wrote to memory of 920	2036	Unicorn-7527.exe	101
PID 2036 wrote to memory of 920	2036	Unicorn-7527.exe	101
PID 2036 wrote to memory of 920	2036	Unicorn-7527.exe	101
PID 2384 wrote to memory of 3972	2384	Unicorn-48970.exe	102
PID 2384 wrote to memory of 3972	2384	Unicorn-48970.exe	102
PID 2384 wrote to memory of 3972	2384	Unicorn-48970.exe	102
PID 2028 wrote to memory of 2564	2028	Unicorn-50698.exe	103

C:\Users\Admin\AppData\Local\Temp\30ac53850515ffbdb0fe1d53e08ae8bffb9dcd1bb5db4275a36fc2faab9d46fbN.exe
"C:\Users\Admin\AppData\Local\Temp\30ac53850515ffbdb0fe1d53e08ae8bffb9dcd1bb5db4275a36fc2faab9d46fbN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4708
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5825.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5825.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53848.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1715.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17834.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40522.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52364.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24928.exe
        9⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        10⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5187.exe
        11⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        11⤵
        
        PID:12716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19276.exe
        11⤵
        
        PID:17132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17132 -s 276
        12⤵
        Program crash
        
        PID:16936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4545.exe
        11⤵
        
        PID:17784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        10⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8482.exe
        10⤵
        
        PID:13964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15069.exe
        10⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56644.exe
        9⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        10⤵
        
        PID:14192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24091.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59681.exe
        9⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
        10⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36094.exe
        9⤵
        
        PID:16988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25340.exe
        9⤵
        
        PID:17004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13980.exe
        9⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43957.exe
        8⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        9⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64170.exe
        10⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17968.exe
        9⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16431.exe
        9⤵
        
        PID:13852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
        9⤵
        
        PID:16828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1056.exe
        8⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8939.exe
        9⤵
        
        PID:13492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
        9⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12121.exe
        8⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40588.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
        8⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54865.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
        8⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61082.exe
        9⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18182.exe
        10⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14999.exe
        10⤵
        
        PID:14468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47210.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe
        9⤵
        
        PID:14200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        9⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56644.exe
        8⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33880.exe
        9⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44426.exe
        9⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20786.exe
        8⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14145.exe
        8⤵
        
        PID:15540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61305.exe
        8⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
        7⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57346.exe
        8⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18914.exe
        9⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23630.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:15676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41938.exe
        9⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20874.exe
        8⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64070.exe
        8⤵
        
        PID:13992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35805.exe
        8⤵
        
        PID:17008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23237.exe
        8⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52587.exe
        7⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        8⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52551.exe
        8⤵
        
        PID:16736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41512.exe
        8⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9983.exe
        7⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3148.exe
        8⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32420.exe
        7⤵
        
        PID:15492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
        7⤵
        
        PID:17848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10350.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52364.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24928.exe
        8⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45862.exe
        9⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39520.exe
        10⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40080.exe
        9⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61295.exe
        9⤵
        
        PID:16976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29260.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
        8⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:14308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13359.exe
        8⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
        8⤵
        
        PID:14368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13230.exe
        7⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        8⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51264.exe
        9⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
        10⤵
        
        PID:17328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48596.exe
        10⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2617.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:13848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15566.exe
        9⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
        8⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        9⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50091.exe
        8⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4756.exe
        8⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28849.exe
        7⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47398.exe
        8⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9157.exe
        9⤵
        
        PID:13288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29364.exe
        8⤵
        
        PID:11792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23743.exe
        8⤵
        
        PID:15876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56261.exe
        7⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
        8⤵
        
        PID:13744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        8⤵
        
        PID:15148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
        7⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11567.exe
        7⤵
        
        PID:17216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13020.exe
        7⤵
        
        PID:17832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3063.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39.exe
        7⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34440.exe
        8⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32380.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        9⤵
        
        PID:16572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34880.exe
        8⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27313.exe
        8⤵
        
        PID:14076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50648.exe
        8⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62945.exe
        7⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6661.exe
        8⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58441.exe
        8⤵
        
        PID:15748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41938.exe
        8⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40029.exe
        7⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9813.exe
        7⤵
        
        PID:16872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38861.exe
        6⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14367.exe
        7⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10672.exe
        8⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59505.exe
        8⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
        7⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43231.exe
        7⤵
        
        PID:15792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5027.exe
        6⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6661.exe
        7⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15645.exe
        7⤵
        
        PID:7936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56847.exe
        6⤵
        
        PID:10812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4369.exe
        6⤵
        
        PID:15776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44203.exe
        6⤵
        
        PID:18176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52177.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34876.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33698.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37564.exe
        8⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40600.exe
        9⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        10⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6038.exe
        9⤵
        
        PID:11232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        9⤵
        
        PID:16324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57175.exe
        9⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23448.exe
        8⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        9⤵
        
        PID:14212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-121.exe
        8⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        8⤵
        
        PID:16352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21649.exe
        8⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13614.exe
        7⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3267.exe
        8⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        9⤵
        
        PID:14204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4710.exe
        9⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42524.exe
        8⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        8⤵
        
        PID:14396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44201.exe
        7⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31529.exe
        7⤵
        
        PID:12556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
        7⤵
        
        PID:17196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53575.exe
        7⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4102.exe
        6⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32110.exe
        7⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        8⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45058.exe
        9⤵
        
        PID:14844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17869.exe
        9⤵
        
        PID:14840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
        8⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        8⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        8⤵
        
        PID:16928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23448.exe
        7⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62177.exe
        7⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28620.exe
        7⤵
        
        PID:15800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60982.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5078.exe
        7⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14999.exe
        7⤵
        
        PID:15412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7346.exe
        7⤵
        
        PID:11900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2758.exe
        6⤵
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
        6⤵
        
        PID:13832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
        6⤵
        
        PID:17340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57334.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31512.exe
        6⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14367.exe
        7⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10309.exe
        8⤵
        
        PID:13780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18342.exe
        8⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49079.exe
        7⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25322.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
        7⤵
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27863.exe
        6⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47429.exe
        6⤵
        
        PID:10576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34565.exe
        6⤵
        
        PID:15724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53547.exe
        6⤵
        
        PID:17812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27979.exe
        5⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56422.exe
        6⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
        7⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53532.exe
        8⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22178.exe
        9⤵
        
        PID:13268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        8⤵
        
        PID:14384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6038.exe
        7⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        7⤵
        
        PID:16376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50377.exe
        7⤵
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38336.exe
        6⤵
        
        PID:8328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
        6⤵
        
        PID:12208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21092.exe
        6⤵
        
        PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37569.exe
        5⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63926.exe
        6⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47113.exe
        7⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28404.exe
        6⤵
        
        PID:11224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29965.exe
        6⤵
        
        PID:14604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39612.exe
        5⤵
        
        PID:9196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38400.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
        6⤵
        
        PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25070.exe
        5⤵
        
        PID:12880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33566.exe
        5⤵
        
        PID:15740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6136.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47730.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21808.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46910.exe
        7⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        8⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47782.exe
        9⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35778.exe
        9⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2145.exe
        9⤵
        
        PID:17092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65441.exe
        8⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34329.exe
        8⤵
        
        PID:12396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15069.exe
        8⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
        7⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5078.exe
        8⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45726.exe
        8⤵
        
        PID:15432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-871.exe
        8⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9721.exe
        7⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23875.exe
        7⤵
        
        PID:14084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39166.exe
        7⤵
        
        PID:17296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53032.exe
        6⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17798.exe
        8⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42358.exe
        8⤵
        
        PID:14112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58545.exe
        8⤵
        
        PID:14188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47210.exe
        7⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40709.exe
        7⤵
        
        PID:13468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4756.exe
        7⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64901.exe
        6⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5078.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37366.exe
        7⤵
        
        PID:15760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51695.exe
        7⤵
        
        PID:18340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41732.exe
        6⤵
        
        PID:9692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        6⤵
        
        PID:14040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54820.exe
        6⤵
        
        PID:15872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10350.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3163.exe
        6⤵
        Executes dropped EXE
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19604.exe
        8⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23138.exe
        9⤵
        
        PID:14128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
        9⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5575.exe
        8⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16579.exe
        8⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
        7⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53448.exe
        8⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16292.exe
        7⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58578.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
        6⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
        7⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8939.exe
        8⤵
        
        PID:13424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51965.exe
        8⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55736.exe
        7⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        7⤵
        
        PID:16492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36687.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5072.exe
        6⤵
        
        PID:13332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44130.exe
        6⤵
        
        PID:18360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17837.exe
        5⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        6⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38244.exe
        7⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24678.exe
        7⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2337.exe
        7⤵
        
        PID:16436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60563.exe
        6⤵
        
        PID:9028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
        6⤵
        
        PID:13340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28685.exe
        5⤵
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4907.exe
        6⤵
        
        PID:10280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        6⤵
        
        PID:14884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41732.exe
        5⤵
        
        PID:9712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        5⤵
        
        PID:14060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50420.exe
        5⤵
        
        PID:17120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20301.exe
        5⤵
        
        PID:18324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63464.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3163.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45732.exe
        7⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63926.exe
        8⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        9⤵
        
        PID:14148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53911.exe
        9⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43292.exe
        8⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64071.exe
        8⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45213.exe
        7⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        8⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11798.exe
        7⤵
        
        PID:13388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
        7⤵
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58731.exe
        6⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26594.exe
        7⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34860.exe
        8⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65161.exe
        7⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        7⤵
        
        PID:16316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9363.exe
        6⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6178.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
        6⤵
        
        PID:17228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49465.exe
        6⤵
        
        PID:18376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53800.exe
        5⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40600.exe
        6⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        7⤵
        
        PID:14156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4134.exe
        7⤵
        
        PID:17344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62447.exe
        6⤵
        
        PID:10776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59924.exe
        6⤵
        
        PID:15708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
        5⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65348.exe
        6⤵
        
        PID:13428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2109.exe
        6⤵
        
        PID:14736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10559.exe
        5⤵
        
        PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61393.exe
        5⤵
        
        PID:16220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-617.exe
        5⤵
        
        PID:15212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38503.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58970.exe
        5⤵
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42032.exe
        6⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28348.exe
        7⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61264.exe
        8⤵
        
        PID:13352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42524.exe
        7⤵
        
        PID:11996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        7⤵
        
        PID:16132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-506.exe
        6⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4881.exe
        7⤵
        
        PID:12416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36905.exe
        6⤵
        
        PID:12352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        6⤵
        
        PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56500.exe
        6⤵
        
        PID:10016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50335.exe
        6⤵
        
        PID:14072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40428.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45134.exe
        5⤵
        
        PID:8912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30776.exe
        6⤵
        
        PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64699.exe
        5⤵
        
        PID:13244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16032.exe
        5⤵
        
        PID:17300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5459.exe
        5⤵
        
        PID:18416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15037.exe
      4⤵
      PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
        5⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33880.exe
        6⤵
        
        PID:10824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21291.exe
        6⤵
        
        PID:7084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36172.exe
        5⤵
        
        PID:9968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56049.exe
        6⤵
        
        PID:8020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6344.exe
        5⤵
        
        PID:13500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
        5⤵
        
        PID:1228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48060.exe
      4⤵
      PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
        5⤵
        
        PID:10168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        5⤵
        
        PID:16564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21073.exe
      4⤵
      PID:9280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58167.exe
      4⤵
      PID:13808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65109.exe
      4⤵
      PID:10004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16660.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50698.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51622.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46526.exe
        7⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48638.exe
        8⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30050.exe
        9⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
        9⤵
        
        PID:13928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32479.exe
        9⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6894.exe
        8⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58834.exe
        8⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61530.exe
        8⤵
        
        PID:17480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24880.exe
        7⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15301.exe
        8⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52115.exe
        8⤵
        
        PID:12304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21291.exe
        8⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10323.exe
        7⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64699.exe
        7⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14887.exe
        7⤵
        
        PID:16820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9569.exe
        7⤵
        
        PID:14860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8186.exe
        6⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56614.exe
        7⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29988.exe
        8⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24091.exe
        9⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21291.exe
        8⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47210.exe
        7⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50986.exe
        7⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1056.exe
        6⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32780.exe
        7⤵
        
        PID:16964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13874.exe
        7⤵
        
        PID:16844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62275.exe
        6⤵
        
        PID:10312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45978.exe
        6⤵
        
        PID:16120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10734.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35980.exe
        6⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19604.exe
        7⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30776.exe
        8⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12373.exe
        7⤵
        
        PID:12140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8211.exe
        6⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8363.exe
        7⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26692.exe
        7⤵
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
        6⤵
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24643.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34148.exe
        6⤵
        
        PID:17368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-617.exe
        6⤵
        
        PID:15560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30665.exe
        5⤵
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
        6⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        7⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45675.exe
        7⤵
        
        PID:13264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50377.exe
        7⤵
        
        PID:1204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36172.exe
        6⤵
        
        PID:9916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
        6⤵
        
        PID:15448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
        6⤵
        
        PID:10768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19784.exe
        5⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39718.exe
        6⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28473.exe
        6⤵
        
        PID:9004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59630.exe
        5⤵
        
        PID:9356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23434.exe
        6⤵
        
        PID:15508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62633.exe
        5⤵
        
        PID:13864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29808.exe
        5⤵
        
        PID:16768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39924.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6095.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23039.exe
        6⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12121.exe
        6⤵
        
        PID:10272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53160.exe
        6⤵
        
        PID:17028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45808.exe
        6⤵
        
        PID:18272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44070.exe
        5⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11435.exe
        6⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49422.exe
        7⤵
        
        PID:12368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46293.exe
        7⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12373.exe
        6⤵
        
        PID:11748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2966.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40911.exe
        5⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24700.exe
        6⤵
        
        PID:13668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
        6⤵
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
        5⤵
        
        PID:11316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
        5⤵
        
        PID:16548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23039.exe
        5⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
        6⤵
        
        PID:13704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62275.exe
        5⤵
        
        PID:9728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
        5⤵
        
        PID:16348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11567.exe
        5⤵
        
        PID:16896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55998.exe
        5⤵
        
        PID:17860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36531.exe
      4⤵
      PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50309.exe
        5⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32868.exe
        6⤵
        
        PID:13904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        6⤵
        
        PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36172.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63713.exe
        5⤵
        
        PID:14548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
      4⤵
      PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1513.exe
        5⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3345.exe
        6⤵
        
        PID:10560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24197.exe
        6⤵
        
        PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40848.exe
        5⤵
        
        PID:11240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63833.exe
        6⤵
        
        PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        5⤵
        
        PID:15100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44490.exe
      4⤵
      PID:8224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23356.exe
        5⤵
        
        PID:12344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64558.exe
        5⤵
        
        PID:17296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23735.exe
        5⤵
        
        PID:1196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18079.exe
      4⤵
      PID:11816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
      4⤵
      PID:16420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
      4⤵
      PID:16544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44568.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44568.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59790.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23039.exe
        6⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51016.exe
        6⤵
        
        PID:10056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46234.exe
        6⤵
        
        PID:15644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43970.exe
        6⤵
        
        PID:17772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38799.exe
        5⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27554.exe
        6⤵
        
        PID:8984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44523.exe
        6⤵
        
        PID:12544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15069.exe
        6⤵
        
        PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50502.exe
        5⤵
        
        PID:8948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4134.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-347.exe
        5⤵
        
        PID:14104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36865.exe
        5⤵
        
        PID:16468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6232.exe
        5⤵
        
        PID:15080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39322.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44341.exe
        5⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54414.exe
        6⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25302.exe
        7⤵
        
        PID:12940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4247.exe
        7⤵
        
        PID:16768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56225.exe
        6⤵
        
        PID:10936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6639.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2373.exe
        5⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18182.exe
        6⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
        7⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46251.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
        6⤵
        
        PID:16740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46293.exe
        6⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49759.exe
        5⤵
        
        PID:10880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5977.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-617.exe
        5⤵
        
        PID:16908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15699.exe
      4⤵
      PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29780.exe
        5⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54414.exe
        6⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22178.exe
        7⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
        7⤵
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12373.exe
        6⤵
        
        PID:11756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        6⤵
        
        PID:15804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25375.exe
        6⤵
        
        PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21310.exe
        5⤵
        
        PID:7972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11989.exe
        5⤵
        
        PID:11456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2966.exe
        5⤵
        
        PID:16440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21092.exe
        5⤵
        
        PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46235.exe
      4⤵
      PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26890.exe
        5⤵
        
        PID:9524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28736.exe
        5⤵
        
        PID:14740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17829.exe
      4⤵
      PID:9124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39498.exe
      4⤵
      PID:12324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11567.exe
      4⤵
      PID:17184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33459.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33459.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38528.exe
      4⤵
      PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13059.exe
        5⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45862.exe
        6⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        7⤵
        
        PID:13768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40428.exe
        7⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50884.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17548.exe
        6⤵
        
        PID:15744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15645.exe
        6⤵
        
        PID:7860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        6⤵
        
        PID:16744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28420.exe
        6⤵
        
        PID:17840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59463.exe
        5⤵
        
        PID:11336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
        5⤵
        
        PID:9976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33379.exe
      4⤵
      PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13189.exe
        5⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53532.exe
        6⤵
        
        PID:9556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4885.exe
        6⤵
        
        PID:15468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23360.exe
        5⤵
        
        PID:9640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50640.exe
        5⤵
        
        PID:14752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15069.exe
        5⤵
        
        PID:5676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57055.exe
      4⤵
      PID:8008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
        5⤵
        
        PID:17184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56049.exe
        5⤵
        
        PID:7256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10559.exe
      4⤵
      PID:10472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65220.exe
      4⤵
      PID:17196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48330.exe
      4⤵
      PID:18344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21669.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21669.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23968.exe
      4⤵
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        5⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
        6⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
        7⤵
        
        PID:6496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4885.exe
        6⤵
        
        PID:14784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40334.exe
        5⤵
        
        PID:9260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        6⤵
        
        PID:14228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
        6⤵
        
        PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8263.exe
        5⤵
        
        PID:13732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7216.exe
        5⤵
        
        PID:16812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41756.exe
      4⤵
      PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49894.exe
        5⤵
        
        PID:8864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45675.exe
        5⤵
        
        PID:9772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9721.exe
      4⤵
      PID:9644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33179.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59286.exe
      4⤵
      PID:16824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11330.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11330.exe
    3⤵
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12073.exe
      4⤵
      PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
        5⤵
        
        PID:8488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52115.exe
        5⤵
        
        PID:12204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15645.exe
        5⤵
        
        PID:16744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26546.exe
      4⤵
      PID:8596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38400.exe
        5⤵
        
        PID:9272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34329.exe
      4⤵
      PID:12412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8202.exe
      4⤵
      PID:10920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53222.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53222.exe
    3⤵
    PID:6832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
      4⤵
      PID:10672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
      4⤵
      PID:15572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
    3⤵
    PID:9652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63715.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:14024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7475.exe
    3⤵
    PID:16876
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64709.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64709.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48970.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48970.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7527.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47128.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33698.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-615.exe
        8⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34440.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18182.exe
        10⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7932.exe
        10⤵
        
        PID:13804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54461.exe
        10⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34880.exe
        9⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27313.exe
        9⤵
        
        PID:14052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15069.exe
        9⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
        8⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
        9⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
        10⤵
        
        PID:17348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24091.exe
        10⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4885.exe
        9⤵
        
        PID:15424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44923.exe
        9⤵
        
        PID:14368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40832.exe
        8⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16650.exe
        8⤵
        
        PID:13700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16032.exe
        8⤵
        
        PID:17304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-965.exe
        8⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13614.exe
        7⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10257.exe
        8⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15956.exe
        9⤵
        
        PID:13024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18445.exe
        9⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18098.exe
        8⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        8⤵
        
        PID:13724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5279.exe
        7⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45120.exe
        8⤵
        
        PID:13876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18342.exe
        8⤵
        
        PID:16752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29109.exe
        8⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59463.exe
        7⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
        7⤵
        
        PID:17192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49465.exe
        7⤵
        
        PID:18368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53800.exe
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54414.exe
        7⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20541.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        7⤵
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11938.exe
        6⤵
        
        PID:7444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10559.exe
        6⤵
        
        PID:9800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30666.exe
        6⤵
        
        PID:15532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
        6⤵
        
        PID:9476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45737.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28244.exe
        6⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52338.exe
        7⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59458.exe
        8⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46962.exe
        9⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46827.exe
        9⤵
        
        PID:13988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41964.exe
        9⤵
        
        PID:18224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40848.exe
        8⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7818.exe
        8⤵
        
        PID:17208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6702.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
        7⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61958.exe
        7⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11554.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
        6⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28348.exe
        7⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44248.exe
        8⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23884.exe
        8⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40464.exe
        7⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34843.exe
        7⤵
        
        PID:12872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7346.exe
        7⤵
        
        PID:11644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37184.exe
        6⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6661.exe
        7⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64663.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9135.exe
        7⤵
        
        PID:16988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18472.exe
        7⤵
        
        PID:15080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35945.exe
        6⤵
        
        PID:10868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12391.exe
        6⤵
        
        PID:16192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        6⤵
        
        PID:15948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21921.exe
        5⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19858.exe
        6⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63926.exe
        7⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        8⤵
        
        PID:14220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
        8⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50963.exe
        7⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3323.exe
        7⤵
        
        PID:15116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45213.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        6⤵
        
        PID:12924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7724.exe
        5⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17160.exe
        6⤵
        
        PID:10400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        6⤵
        
        PID:13360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51310.exe
        6⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20543.exe
        5⤵
        
        PID:9288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62633.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37976.exe
        5⤵
        
        PID:17032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18163.exe
        5⤵
        
        PID:18212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27672.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22624.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3163.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17144.exe
        7⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52084.exe
        8⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17160.exe
        9⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1456.exe
        9⤵
        
        PID:16232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53256.exe
        9⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43588.exe
        8⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38928.exe
        8⤵
        
        PID:15668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2644.exe
        7⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4855.exe
        8⤵
        
        PID:13348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53911.exe
        8⤵
        
        PID:17024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16292.exe
        7⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56232.exe
        7⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27812.exe
        6⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4035.exe
        7⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26692.exe
        8⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65161.exe
        7⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        7⤵
        
        PID:16288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35239.exe
        6⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54269.exe
        7⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48442.exe
        6⤵
        
        PID:12988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
        6⤵
        
        PID:17344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21837.exe
        6⤵
        
        PID:9944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53800.exe
        5⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
        6⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        7⤵
        
        PID:14140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4134.exe
        7⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36572.exe
        6⤵
        
        PID:10784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15191.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        6⤵
        
        PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45955.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63050.exe
        5⤵
        
        PID:12292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6865.exe
        5⤵
        
        PID:17076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6204.exe
        5⤵
        
        PID:11856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59472.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7823.exe
        5⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55846.exe
        6⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11435.exe
        7⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6661.exe
        8⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64663.exe
        8⤵
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18445.exe
        8⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12373.exe
        7⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        7⤵
        
        PID:15520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8411.exe
        7⤵
        
        PID:10424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54175.exe
        6⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20349.exe
        6⤵
        
        PID:11824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2966.exe
        6⤵
        
        PID:16480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
        5⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        6⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
        7⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40848.exe
        6⤵
        
        PID:11260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
        6⤵
        
        PID:1836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36687.exe
        5⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
        6⤵
        
        PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5072.exe
        5⤵
        
        PID:9816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34701.exe
        5⤵
        
        PID:15608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24670.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16189.exe
      4⤵
      PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48384.exe
        5⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25302.exe
        6⤵
        
        PID:13052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        6⤵
        
        PID:15608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1186.exe
        5⤵
        
        PID:9532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33.exe
        5⤵
        
        PID:15660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
      4⤵
      PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61264.exe
        5⤵
        
        PID:13400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13874.exe
        5⤵
        
        PID:17048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5617.exe
        5⤵
        
        PID:4104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11089.exe
      4⤵
      PID:11016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26201.exe
      4⤵
      PID:16336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18388.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18388.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15010.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46142.exe
        5⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17144.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46054.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
        8⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40796.exe
        8⤵
        
        PID:14612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45727.exe
        7⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32358.exe
        7⤵
        
        PID:8888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55737.exe
        6⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45073.exe
        6⤵
        
        PID:11416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56232.exe
        6⤵
        
        PID:14476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31375.exe
        6⤵
        
        PID:17448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19644.exe
        5⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54030.exe
        6⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42406.exe
        7⤵
        
        PID:11700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46568.exe
        8⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
        8⤵
        
        PID:15972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18445.exe
        7⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28325.exe
        6⤵
        
        PID:10452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17548.exe
        6⤵
        
        PID:16104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54732.exe
        6⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49052.exe
        5⤵
        
        PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24643.exe
        5⤵
        
        PID:16348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
        5⤵
        
        PID:212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15699.exe
      4⤵
      PID:756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33864.exe
        5⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59458.exe
        6⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2655.exe
        7⤵
        
        PID:14464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65161.exe
        6⤵
        
        PID:11356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62638.exe
        6⤵
        
        PID:15800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10112.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
        5⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31332.exe
        6⤵
        
        PID:12828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16806.exe
        6⤵
        
        PID:17272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
        6⤵
        
        PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-313.exe
        5⤵
        
        PID:12240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21092.exe
        5⤵
        
        PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46235.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-335.exe
        5⤵
        
        PID:8264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33448.exe
        5⤵
        
        PID:11768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62638.exe
        5⤵
        
        PID:16596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15000.exe
        5⤵
        
        PID:17056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15645.exe
        5⤵
        
        PID:7940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14923.exe
      4⤵
      PID:7700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14994.exe
      4⤵
      PID:12640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11567.exe
      4⤵
      PID:17320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38868.exe
      4⤵
      PID:18056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27593.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27593.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46936.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28309.exe
        5⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        6⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40412.exe
        6⤵
        
        PID:13968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13968 -s 468
        7⤵
        Program crash
        
        PID:16972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19597.exe
        6⤵
        
        PID:18068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30595.exe
        5⤵
        
        PID:10476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43068.exe
        5⤵
        
        PID:8844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16930.exe
      4⤵
      PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32494.exe
        5⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13355.exe
        6⤵
        
        PID:7436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13604.exe
        6⤵
        
        PID:12892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65352.exe
        6⤵
        
        PID:17252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15069.exe
        6⤵
        
        PID:16448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13116.exe
        5⤵
        
        PID:9008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12199.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55262.exe
        5⤵
        
        PID:7528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59576.exe
      4⤵
      PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53978.exe
        5⤵
        
        PID:8524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45675.exe
        5⤵
        
        PID:13176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
        5⤵
        
        PID:5848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54481.exe
      4⤵
      PID:9700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24513.exe
      4⤵
      PID:13976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23066.exe
      4⤵
      PID:544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20028.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20028.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25914.exe
      4⤵
      PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56422.exe
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4035.exe
        6⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
        7⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65161.exe
        6⤵
        
        PID:11364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62638.exe
        6⤵
        
        PID:16580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-994.exe
        6⤵
        
        PID:16920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23237.exe
        6⤵
        
        PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        5⤵
        
        PID:9100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31423.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34112.exe
        5⤵
        
        PID:14780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65529.exe
      4⤵
      PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38846.exe
        5⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52598.exe
        6⤵
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65161.exe
        5⤵
        
        PID:11348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62638.exe
        5⤵
        
        PID:16396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        5⤵
        
        PID:7040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50204.exe
      4⤵
      PID:9128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        5⤵
        
        PID:6552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37289.exe
      4⤵
      PID:12904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56232.exe
      4⤵
      PID:16408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43217.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19121.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19121.exe
    3⤵
    PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
      4⤵
      PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54990.exe
        5⤵
        
        PID:7644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52598.exe
        6⤵
        
        PID:17260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40848.exe
        5⤵
        
        PID:11248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        5⤵
        
        PID:14860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23448.exe
      4⤵
      PID:8208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45058.exe
        5⤵
        
        PID:14476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4134.exe
        5⤵
        
        PID:5588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-121.exe
      4⤵
      PID:11716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
      4⤵
      PID:14900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39700.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39700.exe
    3⤵
    PID:6716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27828.exe
      4⤵
      PID:10544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47672.exe
      4⤵
      PID:14496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10112.exe
      4⤵
      PID:3592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46346.exe
    3⤵
    PID:9628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3513.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3513.exe
    3⤵
    PID:14016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-401.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-401.exe
    3⤵
    PID:15912
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16197.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16197.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46339.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40522.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15607.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63822.exe
        6⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        7⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
        8⤵
        
        PID:12608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47210.exe
        7⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12504.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48510.exe
        7⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56644.exe
        6⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36568.exe
        7⤵
        
        PID:12984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24091.exe
        7⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55597.exe
        6⤵
        
        PID:10248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62770.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-682.exe
        6⤵
        
        PID:17328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29374.exe
        5⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20974.exe
        6⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3345.exe
        7⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        7⤵
        
        PID:16308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27096.exe
        6⤵
        
        PID:10104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10785.exe
        6⤵
        
        PID:14448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15069.exe
        6⤵
        
        PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15995.exe
        5⤵
        
        PID:7512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16510.exe
        5⤵
        
        PID:10744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57124.exe
        5⤵
        
        PID:15652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48668.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:18196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61663.exe
      4⤵
      PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12867.exe
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32432.exe
        6⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23548.exe
        7⤵
        
        PID:13248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
        8⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41886.exe
        7⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        7⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
        6⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39962.exe
        7⤵
        
        PID:17356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47672.exe
        6⤵
        
        PID:14456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1447.exe
        6⤵
        
        PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-506.exe
        5⤵
        
        PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16292.exe
        5⤵
        
        PID:9836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
        5⤵
        
        PID:7836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35710.exe
      4⤵
      PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59458.exe
        5⤵
        
        PID:8160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1565.exe
        6⤵
        
        PID:12008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52680.exe
        6⤵
        
        PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65161.exe
        5⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        5⤵
        
        PID:16368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60345.exe
      4⤵
      PID:8824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63050.exe
      4⤵
      PID:12400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17788.exe
        5⤵
        
        PID:16840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34701.exe
      4⤵
      PID:16248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64577.exe
      4⤵
      PID:6284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28745.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28745.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31512.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
        5⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43226.exe
        6⤵
        
        PID:9924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44881.exe
        6⤵
        
        PID:14804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34023.exe
        6⤵
        
        PID:16860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        6⤵
        
        PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5908.exe
        5⤵
        
        PID:9844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44793.exe
        5⤵
        
        PID:13116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25176.exe
        5⤵
        
        PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27863.exe
      4⤵
      PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32868.exe
        5⤵
        
        PID:13760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47429.exe
      4⤵
      PID:10552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44872.exe
      4⤵
      PID:15696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
      4⤵
      PID:6812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23703.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23703.exe
    3⤵
    PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
      4⤵
      PID:448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
        5⤵
        
        PID:9540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24652.exe
        5⤵
        
        PID:14788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
      4⤵
      PID:8944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
      4⤵
      PID:13084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
      4⤵
      PID:17152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49880.exe
      4⤵
      PID:16952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48416.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48416.exe
    3⤵
    PID:6380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6443.exe
      4⤵
      PID:11592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
      4⤵
      PID:7320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16836.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16836.exe
    3⤵
    PID:9892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55578.exe
    3⤵
    PID:13552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36865.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36865.exe
    3⤵
    PID:16932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16618.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16618.exe
    3⤵
    PID:9948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46349.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46349.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15010.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15010.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50226.exe
      4⤵
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
        5⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54414.exe
        6⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39666.exe
        7⤵
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40428.exe
        7⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40464.exe
        6⤵
        
        PID:10840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12861.exe
        6⤵
        
        PID:14348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34041.exe
        6⤵
        
        PID:15940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43869.exe
        5⤵
        
        PID:8092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41830.exe
        6⤵
        
        PID:12644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9135.exe
        6⤵
        
        PID:16992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
        6⤵
        
        PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11989.exe
        5⤵
        
        PID:11656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        5⤵
        
        PID:15840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53144.exe
        5⤵
        
        PID:18260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60869.exe
      4⤵
      PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
        5⤵
        
        PID:7624
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 716
        6⤵
        Program crash
        
        PID:17000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44933.exe
        5⤵
        
        PID:7928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11938.exe
        5⤵
        
        PID:8956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10541.exe
      4⤵
      PID:8248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56941.exe
      4⤵
      PID:11844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59838.exe
      4⤵
      PID:16388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51409.exe
      4⤵
      PID:18292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55581.exe
    3⤵
    PID:5724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54414.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33880.exe
        5⤵
        
        PID:10948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
        5⤵
        
        PID:17236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
        5⤵
        
        PID:9384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4545.exe
        5⤵
        
        PID:17868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5575.exe
      4⤵
      PID:11404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2966.exe
      4⤵
      PID:16464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31223.exe
      4⤵
      PID:16896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50449.exe
      4⤵
      PID:16220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
    3⤵
    PID:7596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
      4⤵
      PID:1436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7428.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7428.exe
    3⤵
    PID:11680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
    3⤵
    PID:16448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36346.exe
    3⤵
    PID:16708
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24793.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24793.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10179.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10179.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5254.exe
      4⤵
      PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4035.exe
        5⤵
        
        PID:7540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37746.exe
        6⤵
        
        PID:12532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61077.exe
        5⤵
        
        PID:11160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        5⤵
        
        PID:14340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35239.exe
      4⤵
      PID:8216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17715.exe
      4⤵
      PID:13060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
      4⤵
      PID:2512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
    3⤵
    PID:2292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56614.exe
      4⤵
      PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4035.exe
        5⤵
        
        PID:7672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61077.exe
        5⤵
        
        PID:11168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        5⤵
        
        PID:15536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
      4⤵
      PID:9108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31423.exe
      4⤵
      PID:12860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33344.exe
      4⤵
      PID:15292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59036.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59036.exe
    3⤵
    PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2255.exe
      4⤵
      PID:9088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45099.exe
      4⤵
      PID:8352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
      4⤵
      PID:6908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61322.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61322.exe
    3⤵
    PID:10456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28336.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28336.exe
    3⤵
    PID:15548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31776.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31776.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21830.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21830.exe
    3⤵
    PID:4044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33864.exe
      4⤵
      PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36900.exe
        5⤵
        
        PID:7976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45058.exe
        6⤵
        
        PID:14636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
        6⤵
        
        PID:6672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65161.exe
        5⤵
        
        PID:11372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62638.exe
        5⤵
        
        PID:16472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57081.exe
      4⤵
      PID:8508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
        5⤵
        
        PID:6612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39208.exe
      4⤵
      PID:12384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26634.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26634.exe
    3⤵
    PID:5992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55566.exe
      4⤵
      PID:8300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32868.exe
        5⤵
        
        PID:13892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        5⤵
        
        PID:6236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe
      4⤵
      PID:12176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23237.exe
      4⤵
      PID:6492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30167.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30167.exe
    3⤵
    PID:8280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31794.exe
      4⤵
      PID:15720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
      4⤵
      PID:6232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
    3⤵
    PID:12088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24617.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24617.exe
    3⤵
    PID:16500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16032.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16032.exe
    3⤵
    PID:17352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64748.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64748.exe
    3⤵
    PID:11444
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19651.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19651.exe
  2⤵
  PID:64
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25612.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25612.exe
    3⤵
    PID:7008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
      4⤵
      PID:13952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
      4⤵
      PID:15448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37096.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37096.exe
    3⤵
    PID:9680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44253.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44253.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:14732
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31691.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31691.exe
  2⤵
  PID:6824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33880.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33880.exe
    3⤵
    PID:10888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
    3⤵
    PID:16272
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46122.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46122.exe
  2⤵
  PID:9672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
    3⤵
    PID:4384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2378.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2378.exe
  2⤵
  PID:14008
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46644.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46644.exe
  2⤵
  PID:16440

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
1⤵
PID:17252
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 7304 -ip 7304
  2⤵
  PID:15428
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 14732 -ip 14732
  2⤵
  PID:16584

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10350.exe

Filesize
468KB

MD5
f4e600fc17b714d5fa5590b1e554dceb

SHA1
9f264421963414ae41b6cb4e470aee8d58d3cf2b

SHA256
794c2ef1088d1d251bcc794e91c15a6eb7f92cf9cd6fa616c5436602984d971d

SHA512
62993696d3633f071a3edaa6868803244e3686dca4df6f8f1ac8dc85f2e8b0fd1914e68a2f5db21cbc9fd2fddca653ca40fa9184230b82a680ebc4fe56a4818a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16197.exe

Filesize
468KB

MD5
a36e12e439b02d91bf3fdee2f4189123

SHA1
9a030898bfdf597aa1f4d978dfd2e4aa46d1e117

SHA256
3602dec9f2c60290f7c80c72d6a590c4b086f839056c999e92665dfd583b1db5

SHA512
60956ccf89abe47d57989537a707726b6c773d7b93683f496013d4efbb1952eb0729d7c1b7002d279964caa366d5648cd9873f0016f69454e931570c88a47c0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16660.exe

Filesize
468KB

MD5
82f725d80b0550bad7102f2a6ae0b8e0

SHA1
28cd27c10514c95625f61fadee41f36c5cd61f3f

SHA256
70c83c5ac9984d283be57bf0ed50c583c3a473b6b4d7cd9a730c11a5fc781900

SHA512
cf8a5720f3d1f484c67c12608b8bf66faa0ef476585e91ccbdb98159ec1763983825f520e4efd25a03d4d1c3152ea88f61ba42eab0b192bf41d1952e1d5b8d1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1715.exe

Filesize
468KB

MD5
c245ef1580d8e061ec464eadc971bb45

SHA1
b31f7113ff47a2a5d0ada34f1b4cb9a662f1b806

SHA256
40f07b651552a62d98db2e521052945082f789b48a6721e74c76c01f35f35a6c

SHA512
23ddd252963d57957a8be6a9a6a5e2f3417724bfe562ac136831dbf341924674e023ada3af83a572c394392e2f652f9737c6598dd7531d7eed57c32c72e48afe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17834.exe

Filesize
468KB

MD5
7d059d40acddc982e3ec35c982e7e261

SHA1
d4ae2be89633ed50b95c5397838c9f81ea468d6f

SHA256
93a805ee29999096dfb5f63aa3b94de5e3234047b9708de82d50ae35aa234b12

SHA512
b69ea6f25b1ccb4b958ab0043b80772b1de1577e0c2e81ac04656a4ebba012ff15bdb1c75508e6e6fe019b0814e3d97d4cbd6cd25671a33b1826654257f62d23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18388.exe

Filesize
468KB

MD5
f309ef9423b33239275039eb0111055e

SHA1
cc9d7a7015b574096139acd294bfdccc03facb09

SHA256
1e51751b1742b0340056819153411b6e68bef053cbbb6d53080dcebb1f017ab3

SHA512
c392ba6262db4b690aa5ad63d26a06c2497cc78747e4deab43c892af6cc9beca1298b43f66aef9c3adcafdaadc11d16f209c8e67ccdc7bdc70d4d5f1bf31c261

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24793.exe

Filesize
468KB

MD5
22c45e454ec589f95aded6fbcfcea61d

SHA1
20c60208b25432d998c73444a9f8c4b18c6e271b

SHA256
70274add2fcb13620433ca7f4a8a0c29591c2369e65ac9e88f42598a513d8e95

SHA512
a905a01c7a12d91b52f83ddbbb8a7daf8a637de645c66bb6b47d43e3d79949e0687299a86fdecea629054148118a890133b7d6cd61d26db8c7809a3144703496

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27593.exe

Filesize
468KB

MD5
5494018d97468e840b4498a2ae90c27a

SHA1
ff4dc688a552702960762da52ad1c38846049d57

SHA256
576234206748462ead499dcb97e1413fd2d5510f13242b2307cb124ee5b612b5

SHA512
f47bec7b2cec31fb1919821f542b92504e18b8cb7bfdfb5fdae64dacb5ab7b95124f9ab763955afbdb0fd96cd88ba4094cf6e46cf421d7fe9f508f310d61ba57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27672.exe

Filesize
468KB

MD5
78d678d26462ca6632fddd399071950c

SHA1
f900b7cf54b0e52882f5d253bab80f0e5bceb62c

SHA256
0b728ccfe59e0ad5f2eb41852d0803088a36d42a6700abd825d031657221f610

SHA512
9ead06437515cb5023c108762698ef557aecb6de683463961d272aaf31f24bc1bbb2e8a9970dfac804378c805b6db5b74167baee7e1254fdacfb23fb8dddc8a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28745.exe

Filesize
468KB

MD5
775f040799a70918c236bd534247d9b5

SHA1
1587a82969d40e58d1fcfa32ca56dfd64d99e056

SHA256
0e63c4a54a801dfbdd81c07f4b208ffb692fbefc77227eafdc7612756e491ad4

SHA512
1859ad4702126a3957a973a118b0f46601e93bb615360c2bc21e4bc7a75f9de8ed4aa732ceb0ebb7a699467741320e831f99de69504a5881e9a1bab669ca4091

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33459.exe

Filesize
468KB

MD5
613f7b5cd82e045cb73c6364f9d44f92

SHA1
b496f7d1248eefb2bde21905387bdcae754e8cbb

SHA256
d7ebe66884b56550641774d2df042bf0c468621110157176745ffc7baf7491f4

SHA512
bae0e02731486cc1dddff5041ddb7b11dbace2aee3736cb58b3d8ad56e5794095f23376cbb5a25ac15c5b1e30e16c794f9b73f0410a0992a527f27f56d959344

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39924.exe

Filesize
468KB

MD5
5bf6774d9de30eb6e7e10dfc6282bccb

SHA1
f1604c309b2a3145ad2ded172d991af479084051

SHA256
a6b4290f29b451cf305258e7a6b49b449233697d5bd023a8e0109a81fc553c9c

SHA512
943914dfe1a41e54f7e3959a6438f95a03f10491a4193ed9de2647b32ec4215213253c4eda259c930de30f49f57398a2a0822a21b3f4ad46eb0cf79de30fef20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40522.exe

Filesize
468KB

MD5
9ac09da477480f6d0a4b188f09543131

SHA1
b0b106152ff3b579488631a9b96184a0a3202eb1

SHA256
d68eb3e6bb0127fa3988428295cc93c798b616c8c904b1dc807c8534933283e0

SHA512
529b2d655fe78b977971de940136d3a79b3ea1cc8c15c667e2a35bb29706967f09ceccdcb9f1f48be2503622173dded87d4ef08429e3d305b3a0597e44aba560

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41512.exe

Filesize
468KB

MD5
4b9f31f0679ef3075c7f6cbade7e4c53

SHA1
1f9552a7d254aee14cd19c481783ecdf4cae4d4b

SHA256
a668d201ef4661b969a415d1b6f410c7481632bf11dc4e0e7eb55ffcea0f47cd

SHA512
e670ab89cf2642b6cf35e5e99b014f3c64d1fb2cbbd822c6bae917ffed96cb67d2c6f7715453f2f69095a220b83f8a119d1c40625c94d32a325a0b4785c3e5cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44070.exe

Filesize
468KB

MD5
87bde8b32416e0f81a44b86978a2783f

SHA1
9bcffc31bb8e8dbf850eef67117739fda6daba5e

SHA256
75fb659b31591349e24f07596bcd9d91496fd1be246e8aceb33a0798d94c2d62

SHA512
46b7d36f84205f3fa29b8ec13c88e54714c7b0eda8f11f2970064e33b88d851f18fc9682d5c8b95074623e984c5396726cbbdcebf7d0287cc2afb7e072e8b23e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44568.exe

Filesize
468KB

MD5
7e7b069844abff20fb12a6d8a15844bc

SHA1
6af775757d5158b365c2990b9afb9d2a4e3b8ac8

SHA256
8c144eab6dee3cdab3512a919f7ec44a57cfd7b0ada1a5ce44d2ba3ed5e2a5b0

SHA512
8c775655b584ec4d5ac9bc3f3f11ffba5ea71d7c1762108790f50bd75b1e2eebb4844cd8dae7d941d08c74cd0708ad11b46faae2421d5cf554a71af5a3b2de7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46339.exe

Filesize
468KB

MD5
46ccd967a54e725ac83e944071b86372

SHA1
cfaabffdc5aa90b805890d5ab275bd03f8ad99b0

SHA256
3a9ecc720eae1f5c7d6330bc43eeed055595ebd30cdf25844dbc0e674451f6d6

SHA512
5800f82978d6ea585e0150561afce1de836d02dacb3b21fb9ebdacd064494f29a95fae2f45ec360aa90ab0991470f10c4eade3f9fd1472879968e5fd0a24f581

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46349.exe

Filesize
468KB

MD5
b482d9cbd22040963df3b1a1e859c046

SHA1
278071a5c60da57d2166df3189cb1a02b5ec2c3e

SHA256
952423b158df349fc6182c3b3c317b1c4c92f224cf7bf75ae8e46ac022a3fa26

SHA512
e35b8741539ac437f9b560efc60e4c4cbf3a164eb471e32eb9e76a586fff1faddb958f1d5e517cfc19cc074e4e629f395c3d52ad9821ed38cc802ab577496cc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe

Filesize
468KB

MD5
f723e1971875bd924e08cad30bf44a63

SHA1
9562cbf1fd416a91f9e8d5072ce2f81096a27f3c

SHA256
df82016ea56a558b4f410fa3b625f8ac84585fb4781fe60e7ebef041a6ea4a61

SHA512
b3c07756c87a763125d8200d4392f2cc48e0012ab3de7f2e16149a124d8a03c57d640c0a4e2c982561e97aacf6da24a41cc12455d344ab4e3e737923cd1de60a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47730.exe

Filesize
468KB

MD5
2c5b9e1aeac6768eb1df02413571fe5f

SHA1
38342eaea57ae9562fe08e0464084803c0a78c44

SHA256
336bc6da5985fdfda0051dc4d3572b907b77347df3fa2e46d6d5d2c1210ae8c1

SHA512
2fe054ea793f7f6ee8f7859bcfe4c8be6bc90623d0914eefd41dc445bb4698b9058ebabcf81823d6fd290679fe7a1a1ef500d1498303829d54d8ed1629879851

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48970.exe

Filesize
468KB

MD5
5647c79405a3bc75f347124d03914625

SHA1
9a93fe4ca93a977f480cfc4a9078fb0d39684369

SHA256
43c8742d5fb73d6103d3ca1abba561e7d5eda6d44382d10bd9e24d972797e883

SHA512
ac28bc09b51461be328babe2f71308853e3a2343ae59c679052f6167b5b51eb2040d6d3cd9510936ad1bafb521e3dcacd81b086059e524d9e19aae1c11a488b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50698.exe

Filesize
468KB

MD5
cc84bf2080d5a0b75b7912ccc8b7b8ee

SHA1
0fcb67a79a7124f653c570898dd45d5417c6dd65

SHA256
93b2e88256681edecb025ffe9c96f95b95ea2b111598f98925e849b23c170f75

SHA512
dc6c50bdf82b7531a83c85cb2b273ca65e74c0c0a91af42703f6322e13b79015a04aa28588078e560d55d95c4bfc8e57c19d536252a8aee756e5b14ef0d50c6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51622.exe

Filesize
468KB

MD5
6eec46d560b5f390f1f91554641166dd

SHA1
8b72cd185bd4e8eed04eea9f785b8cbdebf3e01e

SHA256
f2020ea91d57d79db09ea3240816e2c758d23a921ae700ab26953928234b4f65

SHA512
9e436c71aceb0f7c79c6389f658d0dcb65a06c3920cf0e17704008086196d43694951151ae188ba67af99d5c016aa487dcc596d78b85dd6e79a0a07518cdb0b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52177.exe

Filesize
468KB

MD5
6107d3405a497cb53fd7b373308517f5

SHA1
d64dde727a29fb86d79391748351514621145cff

SHA256
412fb7b661625af77e0e279b547cc4abd873d4ba8471e6997fe1411b5c2a6b67

SHA512
7858789fe7a56709bfd0e6a8591fad22232ec29501081b9452319ea77012b68d7cb5ef1806fa61ecceb6436a5cc527c69d1b12e616ca27baa0dc60321d3c5d55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53848.exe

Filesize
468KB

MD5
205ae573d0b9e69651a8d23785a097c8

SHA1
57d0a073492b4765e28bec75c860f58d27de0ede

SHA256
dda80e3196f215f6ec271e39ad472fa9e336425500371523ec267dfe093fb4b5

SHA512
414213410a20f2630aba1dbea688ca7a8eb4cbe2baff2491e8cd6901b53d4f2a2e0538b84950158968e4a6a77200bb69bea2a8897e2761095d4501ca040055c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5825.exe

Filesize
468KB

MD5
d9c545f024873ef186a020bbb74eb21c

SHA1
bfa6e369bba0cc761975f84cd2135dfd41547799

SHA256
73e4303532d30901e01e3baa8f34a9b156056d23bac1f9f53739ff1a707906e0

SHA512
c9baafef32ca8579b894f2678bb0a3b25ec46d983294210a784de301b6128a9decbcdec0c9a510d472ff9abbb20122d96b8d35a853ec6d0288914c7890074b38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59790.exe

Filesize
468KB

MD5
a8f99af1131b40473e9d5f7412216c45

SHA1
822edd09767f908f31f8283918cd63a03b1bacb0

SHA256
bf25a3a6449330696079438c4eedae88d78aa83ad0a4bb48c51e664935e6a8b3

SHA512
1ad5166d2723336ace2aae27a576470059789523e550da515fae9c7b5ae9870319d7804e315027759fe716111900483570838d65991ac5c8f749aee6c790347b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6136.exe

Filesize
468KB

MD5
c9517726abc7b93e9bcd23573dc99698

SHA1
67e1053ac3bb0c1e5b502b0ec486fe890b27b97f

SHA256
d33388a7c9fce2ca67186b30e1be600b86212804e94718ff59f31464a38dc699

SHA512
ebc280cea52090b0714cf4b9c2fa294664504bf55dc510853ebbc7507eff2673f99af2b5aa30cfea70c104b7e43cec34ac9b0c8cdb7d7dc4040b6cf7c7cdd5df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64709.exe

Filesize
468KB

MD5
6fed3b54556bd41da941e9cf3c455cb7

SHA1
737e3f0b69ed13fae5ceb129ca658fa89a4cc5ca

SHA256
1cab5b3b9c790b8a357ca11c14b8362f003712d1779eecb43b58152c32afe243

SHA512
863538e0a47b72367f4e047f906d619f27ca0cead2083b43de060c75021b142ca623a2007659a86f124b3b4f7fb467dfa4cb5d82f1fa7a34e307c56244693c5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe

Filesize
468KB

MD5
b472832ea9c0b72e8e1e85628f172d0b

SHA1
a0c4d6cc4c4463c9d7293f5f6c6a5ac66c2c12a8

SHA256
2518abb5fbdba58bfd2bf80b78007b9c6180eaaf36fb99c794026664d1017d38

SHA512
992cc0f4b10eb40643870615f9b56c138003f5bcfa517ea4e8a08f4f7043987550c07e2120a37902b76b3ce869b4e772252be10287c8383962329e9fde44d061

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7527.exe

Filesize
468KB

MD5
6faf685b65a2cf969c41e589f59e83b6

SHA1
dd78d430bc7397c5ee8db1ab4eb113ee63613995

SHA256
b5a5c2a8a45b84d377aad4d5e3e946fc357f7015d919645bce3a8b38d91dff97

SHA512
c7e210837c03f03ca74e17ca0b65c0568237e29a407b76b7a07b3a6176d15811ef88673c95c61c6f37ead0c8899ad782f7b72caa69c4a5e34686737983695e99

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe

Filesize
468KB

MD5
1cebb32b280d70b3625db2d06904fc95

SHA1
61c61216623c290d66fd1f6bc696b5086b294d22

SHA256
5903970a9ba2f71db1ee8756e083785e188a21a7af541ceaad0d032c9a3d0121

SHA512
92d25c662804794ed42952aa5b69321f42474d1002f09c3f29647b2455bbd64ea3cdb0f0244d1f54585556d17b4ac41d0d05b25b9d493fed009a65a182981114

Download Submit
memory/14636-2639-0x0000000074EA0000-0x0000000074F14000-memory.dmp

Filesize
464KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads