8d5f21374418bba0bf863161120206a39431a57e703a334a05d7ee111cb95503

Analysis

max time kernel
118s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2024, 05:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d5f21374418bba0bf863161120206a39431a57e703a334a05d7ee111cb95503N.exe
Size

468KB
MD5

e41203eec89d744bff96c227b5ea4ca0
SHA1

56aa8866f2e0637619143a50c1935f53c4fb078f
SHA256

8d5f21374418bba0bf863161120206a39431a57e703a334a05d7ee111cb95503
SHA512

275f4412181ddc86480b27715889e8462361ace883d9eca38e2ad4127650a02954b91a9ef3c9a04c97c772e89bf4a26d6db9a4e2c6c7ae8e409ca7cfb088e15f
SSDEEP

3072:FbedovI76q5yubYsPYmhff8g/EbCP3p0PmHexVosTJI7md4cqSlU:Fb0oVuyuHPrhffFZeNTJ6O4cq

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4172	Unicorn-60630.exe
344	Unicorn-55918.exe
4820	Unicorn-60749.exe
3628	Unicorn-24118.exe
3456	Unicorn-20588.exe
1724	Unicorn-40454.exe
1168	Unicorn-50852.exe
64	Unicorn-26622.exe
4720	Unicorn-31068.exe
5032	Unicorn-9901.exe
3608	Unicorn-18262.exe
5020	Unicorn-18262.exe
5044	Unicorn-6564.exe
2672	Unicorn-42501.exe
1968	Unicorn-36636.exe
4120	Unicorn-60166.exe
4624	Unicorn-63845.exe
388	Unicorn-42870.exe
1464	Unicorn-39340.exe
2084	Unicorn-34702.exe
3528	Unicorn-63356.exe
5008	Unicorn-28646.exe
1952	Unicorn-20478.exe
692	Unicorn-41260.exe
3584	Unicorn-61126.exe
4628	Unicorn-11852.exe
944	Unicorn-12117.exe
1692	Unicorn-16756.exe
1532	Unicorn-30491.exe
3828	Unicorn-11355.exe
4536	Unicorn-52294.exe
1268	Unicorn-57125.exe
1068	Unicorn-12531.exe
4876	Unicorn-33580.exe
4516	Unicorn-45854.exe
4224	Unicorn-50685.exe
1348	Unicorn-29326.exe
2236	Unicorn-38956.exe
4696	Unicorn-20390.exe
784	Unicorn-35308.exe
1256	Unicorn-22502.exe
5028	Unicorn-46814.exe
2212	Unicorn-59813.exe
1616	Unicorn-38957.exe
1220	Unicorn-39222.exe
3188	Unicorn-55558.exe
5096	Unicorn-14717.exe
4644	Unicorn-22886.exe
4444	Unicorn-32899.exe
5080	Unicorn-27332.exe
3068	Unicorn-18204.exe
980	Unicorn-12604.exe
1284	Unicorn-54406.exe
1564	Unicorn-54406.exe
4236	Unicorn-30862.exe
2332	Unicorn-13300.exe
4384	Unicorn-21734.exe
4392	Unicorn-28947.exe
4760	Unicorn-18012.exe
4728	Unicorn-48084.exe
3392	Unicorn-31438.exe
1188	Unicorn-47582.exe
448	Unicorn-3212.exe
2764	Unicorn-16947.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4844	1348	WerFault.exe	118
7472	5444	WerFault.exe	246

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22134.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30548.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62614.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36949.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20621.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5413.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65110.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3685.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25798.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47790.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45190.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6077.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55918.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12764.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59973.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38814.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9474.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28646.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55629.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29544.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45206.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10037.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45820.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10825.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39027.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5413.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29652.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22276.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53029.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25852.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	5076	dwm.exe
Token: SeChangeNotifyPrivilege	5076	dwm.exe
Token: 33	5076	dwm.exe
Token: SeIncBasePriorityPrivilege	5076	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4104	8d5f21374418bba0bf863161120206a39431a57e703a334a05d7ee111cb95503N.exe
4172	Unicorn-60630.exe
344	Unicorn-55918.exe
4820	Unicorn-60749.exe
3628	Unicorn-24118.exe
3456	Unicorn-20588.exe
1168	Unicorn-50852.exe
1724	Unicorn-40454.exe
64	Unicorn-26622.exe
5032	Unicorn-9901.exe
4720	Unicorn-31068.exe
5044	Unicorn-6564.exe
5020	Unicorn-18262.exe
1968	Unicorn-36636.exe
3608	Unicorn-18262.exe
2672	Unicorn-42501.exe
4120	Unicorn-60166.exe
388	Unicorn-42870.exe
1464	Unicorn-39340.exe
2084	Unicorn-34702.exe
5008	Unicorn-28646.exe
1952	Unicorn-20478.exe
3528	Unicorn-63356.exe
692	Unicorn-41260.exe
1532	Unicorn-30491.exe
3828	Unicorn-11355.exe
944	Unicorn-12117.exe
4628	Unicorn-11852.exe
1692	Unicorn-16756.exe
3584	Unicorn-61126.exe
4536	Unicorn-52294.exe
1268	Unicorn-57125.exe
1068	Unicorn-12531.exe
4876	Unicorn-33580.exe
4516	Unicorn-45854.exe
4224	Unicorn-50685.exe
1348	Unicorn-29326.exe
2236	Unicorn-38956.exe
4696	Unicorn-20390.exe
784	Unicorn-35308.exe
1256	Unicorn-22502.exe
5028	Unicorn-46814.exe
5080	Unicorn-27332.exe
4444	Unicorn-32899.exe
2212	Unicorn-59813.exe
3188	Unicorn-55558.exe
1220	Unicorn-39222.exe
1616	Unicorn-38957.exe
5096	Unicorn-14717.exe
4644	Unicorn-22886.exe
2332	Unicorn-13300.exe
4236	Unicorn-30862.exe
4760	Unicorn-18012.exe
3068	Unicorn-18204.exe
4384	Unicorn-21734.exe
1564	Unicorn-54406.exe
980	Unicorn-12604.exe
1284	Unicorn-54406.exe
4392	Unicorn-28947.exe
4728	Unicorn-48084.exe
3392	Unicorn-31438.exe
1188	Unicorn-47582.exe
2764	Unicorn-16947.exe
448	Unicorn-3212.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4104 wrote to memory of 4172	4104	8d5f21374418bba0bf863161120206a39431a57e703a334a05d7ee111cb95503N.exe	82
PID 4104 wrote to memory of 4172	4104	8d5f21374418bba0bf863161120206a39431a57e703a334a05d7ee111cb95503N.exe	82
PID 4104 wrote to memory of 4172	4104	8d5f21374418bba0bf863161120206a39431a57e703a334a05d7ee111cb95503N.exe	82
PID 4172 wrote to memory of 344	4172	Unicorn-60630.exe	83
PID 4172 wrote to memory of 344	4172	Unicorn-60630.exe	83
PID 4172 wrote to memory of 344	4172	Unicorn-60630.exe	83
PID 4104 wrote to memory of 4820	4104	8d5f21374418bba0bf863161120206a39431a57e703a334a05d7ee111cb95503N.exe	84
PID 4104 wrote to memory of 4820	4104	8d5f21374418bba0bf863161120206a39431a57e703a334a05d7ee111cb95503N.exe	84
PID 4104 wrote to memory of 4820	4104	8d5f21374418bba0bf863161120206a39431a57e703a334a05d7ee111cb95503N.exe	84
PID 344 wrote to memory of 3628	344	Unicorn-55918.exe	85
PID 344 wrote to memory of 3628	344	Unicorn-55918.exe	85
PID 344 wrote to memory of 3628	344	Unicorn-55918.exe	85
PID 4172 wrote to memory of 3456	4172	Unicorn-60630.exe	86
PID 4172 wrote to memory of 3456	4172	Unicorn-60630.exe	86
PID 4172 wrote to memory of 3456	4172	Unicorn-60630.exe	86
PID 4820 wrote to memory of 1724	4820	Unicorn-60749.exe	87
PID 4820 wrote to memory of 1724	4820	Unicorn-60749.exe	87
PID 4820 wrote to memory of 1724	4820	Unicorn-60749.exe	87
PID 4104 wrote to memory of 1168	4104	8d5f21374418bba0bf863161120206a39431a57e703a334a05d7ee111cb95503N.exe	88
PID 4104 wrote to memory of 1168	4104	8d5f21374418bba0bf863161120206a39431a57e703a334a05d7ee111cb95503N.exe	88
PID 4104 wrote to memory of 1168	4104	8d5f21374418bba0bf863161120206a39431a57e703a334a05d7ee111cb95503N.exe	88
PID 3628 wrote to memory of 64	3628	Unicorn-24118.exe	89
PID 3628 wrote to memory of 64	3628	Unicorn-24118.exe	89
PID 3628 wrote to memory of 64	3628	Unicorn-24118.exe	89
PID 344 wrote to memory of 4720	344	Unicorn-55918.exe	90
PID 344 wrote to memory of 4720	344	Unicorn-55918.exe	90
PID 344 wrote to memory of 4720	344	Unicorn-55918.exe	90
PID 1724 wrote to memory of 5032	1724	Unicorn-40454.exe	91
PID 1724 wrote to memory of 5032	1724	Unicorn-40454.exe	91
PID 1724 wrote to memory of 5032	1724	Unicorn-40454.exe	91
PID 1168 wrote to memory of 3608	1168	Unicorn-50852.exe	92
PID 1168 wrote to memory of 3608	1168	Unicorn-50852.exe	92
PID 1168 wrote to memory of 3608	1168	Unicorn-50852.exe	92
PID 3456 wrote to memory of 5020	3456	Unicorn-20588.exe	93
PID 3456 wrote to memory of 5020	3456	Unicorn-20588.exe	93
PID 3456 wrote to memory of 5020	3456	Unicorn-20588.exe	93
PID 4820 wrote to memory of 5044	4820	Unicorn-60749.exe	94
PID 4820 wrote to memory of 5044	4820	Unicorn-60749.exe	94
PID 4820 wrote to memory of 5044	4820	Unicorn-60749.exe	94
PID 4104 wrote to memory of 2672	4104	8d5f21374418bba0bf863161120206a39431a57e703a334a05d7ee111cb95503N.exe	95
PID 4104 wrote to memory of 2672	4104	8d5f21374418bba0bf863161120206a39431a57e703a334a05d7ee111cb95503N.exe	95
PID 4104 wrote to memory of 2672	4104	8d5f21374418bba0bf863161120206a39431a57e703a334a05d7ee111cb95503N.exe	95
PID 4172 wrote to memory of 1968	4172	Unicorn-60630.exe	96
PID 4172 wrote to memory of 1968	4172	Unicorn-60630.exe	96
PID 4172 wrote to memory of 1968	4172	Unicorn-60630.exe	96
PID 64 wrote to memory of 4120	64	Unicorn-26622.exe	97
PID 64 wrote to memory of 4120	64	Unicorn-26622.exe	97
PID 64 wrote to memory of 4120	64	Unicorn-26622.exe	97
PID 3628 wrote to memory of 4624	3628	Unicorn-24118.exe	98
PID 3628 wrote to memory of 4624	3628	Unicorn-24118.exe	98
PID 3628 wrote to memory of 4624	3628	Unicorn-24118.exe	98
PID 5032 wrote to memory of 388	5032	Unicorn-9901.exe	99
PID 5032 wrote to memory of 388	5032	Unicorn-9901.exe	99
PID 5032 wrote to memory of 388	5032	Unicorn-9901.exe	99
PID 1724 wrote to memory of 1464	1724	Unicorn-40454.exe	100
PID 1724 wrote to memory of 1464	1724	Unicorn-40454.exe	100
PID 1724 wrote to memory of 1464	1724	Unicorn-40454.exe	100
PID 5044 wrote to memory of 2084	5044	Unicorn-6564.exe	101
PID 5044 wrote to memory of 2084	5044	Unicorn-6564.exe	101
PID 5044 wrote to memory of 2084	5044	Unicorn-6564.exe	101
PID 4820 wrote to memory of 3528	4820	Unicorn-60749.exe	102
PID 4820 wrote to memory of 3528	4820	Unicorn-60749.exe	102
PID 4820 wrote to memory of 3528	4820	Unicorn-60749.exe	102
PID 5020 wrote to memory of 1952	5020	Unicorn-18262.exe	103

C:\Users\Admin\AppData\Local\Temp\8d5f21374418bba0bf863161120206a39431a57e703a334a05d7ee111cb95503N.exe
"C:\Users\Admin\AppData\Local\Temp\8d5f21374418bba0bf863161120206a39431a57e703a334a05d7ee111cb95503N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55918.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55918.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26622.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:64
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60166.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52294.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31438.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1365.exe
        9⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22326.exe
        10⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        11⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38814.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29588.exe
        10⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27771.exe
        10⤵
        
        PID:15380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
        10⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52149.exe
        9⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33222.exe
        10⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52980.exe
        10⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12867.exe
        9⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37071.exe
        9⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13404.exe
        8⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36166.exe
        9⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36870.exe
        10⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33806.exe
        10⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45733.exe
        9⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45260.exe
        9⤵
        
        PID:14516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33468.exe
        9⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22355.exe
        8⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        9⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34700.exe
        9⤵
        
        PID:17272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43306.exe
        9⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21124.exe
        8⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57639.exe
        8⤵
        
        PID:16728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3212.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34614.exe
        8⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21942.exe
        9⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15451.exe
        9⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23643.exe
        9⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10732.exe
        8⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45318.exe
        9⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
        9⤵
        
        PID:16900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35004.exe
        9⤵
        
        PID:13356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15259.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57034.exe
        8⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
        7⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62782.exe
        8⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20342.exe
        9⤵
        
        PID:13268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58163.exe
        9⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
        8⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9677.exe
        8⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
        7⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        8⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12459.exe
        7⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
        7⤵
        
        PID:9704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57125.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14084.exe
        8⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        9⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4420.exe
        9⤵
        
        PID:13796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3290.exe
        9⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10931.exe
        8⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10171.exe
        8⤵
        
        PID:16200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
        8⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20035.exe
        7⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
        8⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17404.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57667.exe
        8⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48509.exe
        7⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
        7⤵
        
        PID:14152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
        7⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16947.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6876.exe
        7⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9845.exe
        8⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4612.exe
        8⤵
        
        PID:12456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10825.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2763.exe
        7⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60332.exe
        7⤵
        
        PID:16160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49917.exe
        6⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        7⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        8⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11805.exe
        9⤵
        
        PID:17304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55092.exe
        9⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46878.exe
        8⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21420.exe
        7⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
        7⤵
        
        PID:16372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        7⤵
        
        PID:8456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19555.exe
        6⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25438.exe
        7⤵
        
        PID:13896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61461.exe
        6⤵
        
        PID:10896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50890.exe
        6⤵
        
        PID:10436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63845.exe
        5⤵
        Executes dropped EXE
        
        PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31246.exe
        6⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33462.exe
        7⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe
        8⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29780.exe
        8⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50653.exe
        8⤵
        
        PID:14812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28405.exe
        8⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50613.exe
        7⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
        8⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25572.exe
        8⤵
        
        PID:16816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
        8⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
        7⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22882.exe
        7⤵
        
        PID:10916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13980.exe
        6⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe
        7⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54248.exe
        8⤵
        
        PID:116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15451.exe
        7⤵
        
        PID:12252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36013.exe
        7⤵
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32635.exe
        6⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61846.exe
        7⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48925.exe
        7⤵
        
        PID:16880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45534.exe
        7⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21124.exe
        6⤵
        
        PID:10688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24603.exe
        6⤵
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47893.exe
        5⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34422.exe
        6⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22134.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45318.exe
        8⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25572.exe
        8⤵
        
        PID:16804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13821.exe
        8⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62453.exe
        7⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        7⤵
        
        PID:15424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        7⤵
        
        PID:11308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2948.exe
        6⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4315.exe
        6⤵
        
        PID:12476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41331.exe
        6⤵
        
        PID:13004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8003.exe
        5⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe
        6⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58110.exe
        7⤵
        
        PID:12636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54132.exe
        7⤵
        
        PID:8400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15451.exe
        6⤵
        
        PID:12260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44078.exe
        6⤵
        
        PID:7392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13300.exe
        5⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61846.exe
        6⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17404.exe
        6⤵
        
        PID:16744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15445.exe
        6⤵
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59595.exe
        5⤵
        
        PID:10628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        5⤵
        
        PID:1140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33580.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30006.exe
        6⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-597.exe
        7⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45206.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1524.exe
        8⤵
        
        PID:11928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18342.exe
        8⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17660.exe
        7⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32275.exe
        7⤵
        
        PID:13068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30316.exe
        6⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60862.exe
        7⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21192.exe
        8⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45733.exe
        7⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50653.exe
        7⤵
        
        PID:16380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20237.exe
        7⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
        6⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28302.exe
        7⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64005.exe
        7⤵
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2714.exe
        7⤵
        
        PID:12320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12188.exe
        6⤵
        
        PID:10740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
        6⤵
        
        PID:16832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24027.exe
        6⤵
        
        PID:13200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40212.exe
        5⤵
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46757.exe
        6⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
        7⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        8⤵
        
        PID:16812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
        7⤵
        
        PID:12724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
        7⤵
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        6⤵
        
        PID:9076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63892.exe
        6⤵
        
        PID:14552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48531.exe
        6⤵
        
        PID:12944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23021.exe
        5⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4069.exe
        6⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12157.exe
        7⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        7⤵
        
        PID:14780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-794.exe
        7⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47077.exe
        6⤵
        
        PID:10244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12203.exe
        6⤵
        
        PID:15136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8195.exe
        6⤵
        
        PID:12948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45212.exe
        5⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        6⤵
        
        PID:10112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        6⤵
        
        PID:14816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27602.exe
        6⤵
        
        PID:11672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27828.exe
        5⤵
        
        PID:9388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37038.exe
        5⤵
        
        PID:16844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9474.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30491.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30862.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
        6⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52886.exe
        7⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36470.exe
        8⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5292.exe
        8⤵
        
        PID:14912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19761.exe
        8⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21228.exe
        7⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20755.exe
        7⤵
        
        PID:15224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59643.exe
        7⤵
        
        PID:10012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49845.exe
        6⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
        7⤵
        
        PID:11756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
        6⤵
        
        PID:11776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28405.exe
        6⤵
        
        PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
        5⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63358.exe
        6⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18054.exe
        7⤵
        
        PID:16396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12483.exe
        6⤵
        
        PID:11236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59070.exe
        6⤵
        
        PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33019.exe
        5⤵
        
        PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18156.exe
        5⤵
        
        PID:12432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
        5⤵
        
        PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13300.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48070.exe
        5⤵
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        6⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27342.exe
        7⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53341.exe
        7⤵
        
        PID:14944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17130.exe
        7⤵
        
        PID:11128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        6⤵
        
        PID:10568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38052.exe
        6⤵
        
        PID:16360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33468.exe
        6⤵
        
        PID:7620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41484.exe
        5⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36958.exe
        6⤵
        
        PID:11268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
        6⤵
        
        PID:16948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36982.exe
        6⤵
        
        PID:16720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45156.exe
        5⤵
        
        PID:12532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48674.exe
        5⤵
        
        PID:8296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24531.exe
      4⤵
      PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11172.exe
      4⤵
      PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15710.exe
        5⤵
        
        PID:8316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50357.exe
        5⤵
        
        PID:13800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10825.exe
        5⤵
        
        PID:9312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40374.exe
      4⤵
      PID:9796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36539.exe
      4⤵
      PID:14288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20588.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18262.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20478.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39222.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49414.exe
        7⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50286.exe
        8⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37718.exe
        9⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55142.exe
        10⤵
        
        PID:16500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32950.exe
        10⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        9⤵
        
        PID:14164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16747.exe
        9⤵
        
        PID:13020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30628.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50060.exe
        8⤵
        
        PID:14044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63836.exe
        8⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15428.exe
        7⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7741.exe
        8⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe
        8⤵
        
        PID:14208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10825.exe
        8⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18523.exe
        7⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-668.exe
        7⤵
        
        PID:13052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        7⤵
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47037.exe
        6⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43182.exe
        7⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40598.exe
        8⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25852.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42979.exe
        8⤵
        
        PID:12580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12764.exe
        7⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
        7⤵
        
        PID:13168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        7⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29371.exe
        6⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        7⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        7⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        7⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42740.exe
        6⤵
        
        PID:12716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61263.exe
        6⤵
        
        PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27332.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        6⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26846.exe
        7⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
        8⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43902.exe
        9⤵
        
        PID:14956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11563.exe
        9⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53133.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
        8⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55517.exe
        7⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56413.exe
        7⤵
        
        PID:14492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55555.exe
        7⤵
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64837.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        7⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34700.exe
        7⤵
        
        PID:17252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10825.exe
        7⤵
        
        PID:9436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36692.exe
        6⤵
        
        PID:10668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
        6⤵
        
        PID:16464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        6⤵
        
        PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10803.exe
        5⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61054.exe
        6⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8141.exe
        7⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62435.exe
        7⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54093.exe
        6⤵
        
        PID:10356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50653.exe
        6⤵
        
        PID:16148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14522.exe
        6⤵
        
        PID:11188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
        5⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61846.exe
        6⤵
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56478.exe
        6⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12459.exe
        5⤵
        
        PID:11640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
        5⤵
        
        PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41260.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55558.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57582.exe
        6⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17422.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42326.exe
        8⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17404.exe
        8⤵
        
        PID:15232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
        8⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
        7⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57564.exe
        7⤵
        
        PID:14648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25492.exe
        7⤵
        
        PID:12736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47437.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
        7⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe
        7⤵
        
        PID:14072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19351.exe
        7⤵
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37740.exe
        6⤵
        
        PID:8284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16148.exe
        6⤵
        
        PID:14980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25212.exe
        6⤵
        
        PID:9108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39252.exe
        5⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22134.exe
        6⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        7⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        7⤵
        
        PID:14848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
        7⤵
        
        PID:12148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7196.exe
        6⤵
        
        PID:10796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52276.exe
        6⤵
        
        PID:15520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65180.exe
        6⤵
        
        PID:12384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        6⤵
        
        PID:11352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6893.exe
        6⤵
        
        PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34685.exe
        5⤵
        
        PID:12504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46995.exe
        5⤵
        
        PID:11124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32899.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6077.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8485.exe
        6⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48574.exe
        7⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9132.exe
        7⤵
        
        PID:13828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19351.exe
        7⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55133.exe
        6⤵
        
        PID:8720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41892.exe
        6⤵
        
        PID:14000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55668.exe
        6⤵
        
        PID:10724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30036.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        6⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
        7⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe
        7⤵
        
        PID:14132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37564.exe
        6⤵
        
        PID:10388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50653.exe
        6⤵
        
        PID:15372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28405.exe
        6⤵
        
        PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22653.exe
        5⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22086.exe
        6⤵
        
        PID:16648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55092.exe
        6⤵
        
        PID:11836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45812.exe
        5⤵
        
        PID:10448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10630.exe
        5⤵
        
        PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16284.exe
      4⤵
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34054.exe
        5⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32238.exe
        6⤵
        
        PID:7764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61789.exe
        6⤵
        
        PID:12492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60467.exe
        6⤵
        
        PID:8376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12764.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
        5⤵
        
        PID:14084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47692.exe
        5⤵
        
        PID:10180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4651.exe
      4⤵
      PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
        5⤵
        
        PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53341.exe
        5⤵
        
        PID:14936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59349.exe
      4⤵
      PID:11016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25222.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12162.exe
      4⤵
      PID:12772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36636.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36636.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48262.exe
        6⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17422.exe
        7⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47806.exe
        8⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60533.exe
        8⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39758.exe
        8⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49228.exe
        8⤵
        
        PID:12984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19012.exe
        7⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        7⤵
        
        PID:14104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47437.exe
        6⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42326.exe
        7⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1155.exe
        7⤵
        
        PID:14560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6354.exe
        7⤵
        
        PID:11452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36012.exe
        6⤵
        
        PID:8732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55261.exe
        6⤵
        
        PID:14604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39027.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13404.exe
        5⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61438.exe
        6⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10037.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        7⤵
        
        PID:14120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18666.exe
        7⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55525.exe
        6⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8171.exe
        6⤵
        
        PID:14696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6659.exe
        6⤵
        
        PID:10620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56180.exe
        5⤵
        
        PID:7696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
        6⤵
        
        PID:12712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50335.exe
        6⤵
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43363.exe
        6⤵
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21316.exe
        5⤵
        
        PID:12232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44454.exe
        5⤵
        
        PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18012.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56622.exe
        5⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61054.exe
        6⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60014.exe
        7⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5292.exe
        7⤵
        
        PID:14888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62823.exe
        7⤵
        
        PID:9416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54093.exe
        6⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50653.exe
        6⤵
        
        PID:14480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8191.exe
        6⤵
        
        PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49845.exe
        5⤵
        
        PID:6264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
        5⤵
        
        PID:11408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4477.exe
        5⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        5⤵
        
        PID:13208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27331.exe
      4⤵
      PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26078.exe
        5⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50686.exe
        6⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58140.exe
        6⤵
        
        PID:14424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12758.exe
        6⤵
        
        PID:972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22276.exe
        5⤵
        
        PID:9408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8171.exe
        5⤵
        
        PID:14732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        5⤵
        
        PID:7424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9964.exe
      4⤵
      PID:7212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
        5⤵
        
        PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59973.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17130.exe
        5⤵
        
        PID:7652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
      4⤵
      PID:11256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42364.exe
      4⤵
      PID:15164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
      4⤵
      PID:9716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11852.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16742.exe
        5⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17422.exe
        6⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1155.exe
        7⤵
        
        PID:14532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3646.exe
        7⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28908.exe
        6⤵
        
        PID:9804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
        6⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49420.exe
        6⤵
        
        PID:12540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47437.exe
        5⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55982.exe
        6⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40078.exe
        7⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60467.exe
        6⤵
        
        PID:8344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30339.exe
        5⤵
        
        PID:9844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44094.exe
        6⤵
        
        PID:17316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45580.exe
        6⤵
        
        PID:12564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49781.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6738.exe
        5⤵
        
        PID:9188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36756.exe
      4⤵
      PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22326.exe
        5⤵
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60974.exe
        6⤵
        
        PID:7480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5292.exe
        6⤵
        
        PID:15004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28889.exe
        6⤵
        
        PID:9560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37948.exe
        5⤵
        
        PID:10700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        5⤵
        
        PID:16420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4093.exe
        5⤵
        
        PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
      4⤵
      PID:7136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34685.exe
      4⤵
      PID:12512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34366.exe
      4⤵
      PID:16984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28947.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28947.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56622.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62782.exe
        5⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
        6⤵
        
        PID:9124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64005.exe
        6⤵
        
        PID:15144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        5⤵
        
        PID:10560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12971.exe
        5⤵
        
        PID:16188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25300.exe
        5⤵
        
        PID:10776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43404.exe
      4⤵
      PID:7804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61462.exe
        5⤵
        
        PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
        5⤵
        
        PID:16568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10825.exe
        5⤵
        
        PID:9308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28819.exe
      4⤵
      PID:12296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20621.exe
      4⤵
      PID:5552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7996.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7996.exe
    3⤵
    PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe
      4⤵
      PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        5⤵
        
        PID:11328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55902.exe
        5⤵
        
        PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38140.exe
      4⤵
      PID:10456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3267.exe
      4⤵
      PID:15416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9155.exe
      4⤵
      PID:8512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45358.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45358.exe
    3⤵
    PID:7572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
      4⤵
      PID:9860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe
      4⤵
      PID:14204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60363.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60363.exe
    3⤵
    PID:10316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57156.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57156.exe
    3⤵
    PID:15216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18427.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18427.exe
    3⤵
    PID:10996
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60749.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60749.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9901.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42870.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45854.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5309.exe
        7⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
        8⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4069.exe
        9⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42326.exe
        10⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1155.exe
        10⤵
        
        PID:15240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15019.exe
        10⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55525.exe
        9⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8171.exe
        9⤵
        
        PID:14740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50613.exe
        8⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4477.exe
        9⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55902.exe
        9⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
        8⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52045.exe
        7⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54054.exe
        8⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10077.exe
        9⤵
        
        PID:16600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
        9⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        8⤵
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15019.exe
        8⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17363.exe
        7⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61405.exe
        7⤵
        
        PID:13624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33492.exe
        6⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15309.exe
        7⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13773.exe
        8⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
        9⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47389.exe
        9⤵
        
        PID:15336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60467.exe
        9⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46309.exe
        8⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50653.exe
        8⤵
        
        PID:14928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12261.exe
        8⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        8⤵
        
        PID:13220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48117.exe
        7⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63260.exe
        8⤵
        
        PID:11888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
        7⤵
        
        PID:12108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50404.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37718.exe
        7⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
        7⤵
        
        PID:12420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23037.exe
        7⤵
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56669.exe
        6⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53124.exe
        6⤵
        
        PID:13788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63524.exe
        6⤵
        
        PID:11028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50685.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45190.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56726.exe
        7⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60670.exe
        8⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40406.exe
        9⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28156.exe
        9⤵
        
        PID:14036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61965.exe
        8⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
        8⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56052.exe
        8⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23804.exe
        7⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        7⤵
        
        PID:11856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11021.exe
        7⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10820.exe
        6⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3021.exe
        7⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14781.exe
        8⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31124.exe
        7⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44596.exe
        7⤵
        
        PID:16540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37071.exe
        7⤵
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16683.exe
        6⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14285.exe
        7⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46099.exe
        7⤵
        
        PID:9892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10180.exe
        6⤵
        
        PID:12408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55740.exe
        6⤵
        
        PID:9572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47228.exe
        5⤵
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49990.exe
        6⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
        7⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        8⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5292.exe
        8⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exe
        8⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15451.exe
        7⤵
        
        PID:12224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
        7⤵
        
        PID:636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18900.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
        7⤵
        
        PID:10804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29544.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25572.exe
        7⤵
        
        PID:16776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23421.exe
        7⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41252.exe
        7⤵
        
        PID:8940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12867.exe
        6⤵
        
        PID:12904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20734.exe
        6⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30613.exe
        5⤵
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        6⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36958.exe
        7⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
        7⤵
        
        PID:16940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18801.exe
        7⤵
        
        PID:9468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
        6⤵
        
        PID:11628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        6⤵
        
        PID:12928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5715.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50517.exe
        5⤵
        
        PID:12460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46166.exe
        5⤵
        
        PID:17264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51985.exe
        5⤵
        
        PID:9284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39340.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29326.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 720
        6⤵
        Program crash
        
        PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41660.exe
        5⤵
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
        6⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exe
        7⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36870.exe
        8⤵
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26214.exe
        8⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7196.exe
        7⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38052.exe
        7⤵
        
        PID:15332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33468.exe
        7⤵
        
        PID:11680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43404.exe
        6⤵
        
        PID:8368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31317.exe
        6⤵
        
        PID:13484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60518.exe
        6⤵
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24747.exe
        5⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20982.exe
        6⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36958.exe
        7⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14781.exe
        7⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22956.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28835.exe
        6⤵
        
        PID:16512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61767.exe
        6⤵
        
        PID:17280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63005.exe
        5⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38806.exe
        6⤵
        
        PID:16496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4355.exe
        6⤵
        
        PID:9732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26019.exe
        5⤵
        
        PID:12400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65021.exe
        5⤵
        
        PID:9400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38956.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29046.exe
        5⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
        6⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50494.exe
        7⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1155.exe
        7⤵
        
        PID:14568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16306.exe
        7⤵
        
        PID:7676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37068.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39588.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
        6⤵
        
        PID:11284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36092.exe
        5⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18590.exe
        6⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        7⤵
        
        PID:12196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61870.exe
        7⤵
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1716.exe
        6⤵
        
        PID:12216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18534.exe
        6⤵
        
        PID:7120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23507.exe
        5⤵
        
        PID:8252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37726.exe
        6⤵
        
        PID:10596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14781.exe
        6⤵
        
        PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35069.exe
        5⤵
        
        PID:12640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
        5⤵
        
        PID:8212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30686.exe
        5⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37510.exe
        6⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36958.exe
        7⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25572.exe
        7⤵
        
        PID:16764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
        7⤵
        
        PID:9484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12483.exe
        6⤵
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20621.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17940.exe
        5⤵
        
        PID:8268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
        6⤵
        
        PID:9060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51805.exe
        6⤵
        
        PID:14672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19971.exe
        5⤵
        
        PID:10252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34893.exe
        5⤵
        
        PID:14592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24802.exe
        5⤵
        
        PID:9208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40588.exe
      4⤵
      PID:760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29358.exe
        5⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40710.exe
        6⤵
        
        PID:12812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25638.exe
        6⤵
        
        PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
        5⤵
        
        PID:12144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31205.exe
        5⤵
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16555.exe
        5⤵
        
        PID:12488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
      4⤵
      PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41790.exe
        5⤵
        
        PID:14864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47790.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45026.exe
      4⤵
      PID:11636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34702.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20390.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6653.exe
        6⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38854.exe
        7⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20318.exe
        8⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61846.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25572.exe
        9⤵
        
        PID:16712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14869.exe
        9⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe
        8⤵
        
        PID:12312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2198.exe
        8⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58309.exe
        7⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        7⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13142.exe
        7⤵
        
        PID:728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38012.exe
        6⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40598.exe
        7⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17492.exe
        7⤵
        
        PID:13736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3523.exe
        6⤵
        
        PID:8664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6148.exe
        6⤵
        
        PID:13940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40179.exe
        6⤵
        
        PID:12576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27436.exe
        5⤵
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22710.exe
        6⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36654.exe
        7⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57077.exe
        7⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20646.exe
        7⤵
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11115.exe
        6⤵
        
        PID:7304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65245.exe
        6⤵
        
        PID:12868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49828.exe
        5⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4173.exe
        6⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
        7⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43829.exe
        7⤵
        
        PID:14640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
        7⤵
        
        PID:1296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55629.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20843.exe
        6⤵
        
        PID:12700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32311.exe
        6⤵
        
        PID:9672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
        5⤵
        
        PID:9132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53980.exe
        5⤵
        
        PID:9036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20142.exe
        5⤵
        
        PID:5984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35308.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63830.exe
        5⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47598.exe
        6⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13581.exe
        7⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        8⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5292.exe
        8⤵
        
        PID:14896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29138.exe
        8⤵
        
        PID:13564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
        7⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12971.exe
        7⤵
        
        PID:15508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15019.exe
        7⤵
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16787.exe
        6⤵
        
        PID:9192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46309.exe
        6⤵
        
        PID:12888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32311.exe
        6⤵
        
        PID:9712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29652.exe
        5⤵
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62414.exe
        6⤵
        
        PID:8772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49484.exe
        6⤵
        
        PID:13916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        6⤵
        
        PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58780.exe
        5⤵
        
        PID:8616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63892.exe
        5⤵
        
        PID:14524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63524.exe
        5⤵
        
        PID:8308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-715.exe
      4⤵
      PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55958.exe
        5⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60198.exe
        6⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8037.exe
        7⤵
        
        PID:13084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1518.exe
        7⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9116.exe
        6⤵
        
        PID:10988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39308.exe
        6⤵
        
        PID:16788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15019.exe
        6⤵
        
        PID:11684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49845.exe
        5⤵
        
        PID:7040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33030.exe
        6⤵
        
        PID:13424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
        5⤵
        
        PID:12448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53102.exe
        5⤵
        
        PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57613.exe
      4⤵
      PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4173.exe
        5⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23902.exe
        6⤵
        
        PID:14312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4739.exe
        6⤵
        
        PID:12104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1524.exe
        5⤵
        
        PID:10768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19686.exe
        5⤵
        
        PID:7300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53100.exe
      4⤵
      PID:9140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37444.exe
      4⤵
      PID:10312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51240.exe
      4⤵
      PID:16744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63356.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63356.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46814.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6845.exe
        5⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31070.exe
        6⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        7⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        8⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17514.exe
        8⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29588.exe
        7⤵
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38052.exe
        7⤵
        
        PID:16284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8195.exe
        7⤵
        
        PID:8540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48117.exe
        6⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        7⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5292.exe
        7⤵
        
        PID:14904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53510.exe
        7⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47164.exe
        6⤵
        
        PID:11468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29652.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29358.exe
        6⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65318.exe
        7⤵
        
        PID:11312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35260.exe
        6⤵
        
        PID:12528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
        6⤵
        
        PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11691.exe
        5⤵
        
        PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55925.exe
        5⤵
        
        PID:14108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-490.exe
        5⤵
        
        PID:12892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53669.exe
      4⤵
      PID:1192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33374.exe
        5⤵
        
        PID:1292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61846.exe
        7⤵
        
        PID:11276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        7⤵
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64757.exe
        6⤵
        
        PID:11104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        6⤵
        
        PID:16276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16306.exe
        6⤵
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
        5⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        6⤵
        
        PID:11376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53510.exe
        6⤵
        
        PID:16716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
        6⤵
        
        PID:8452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5275.exe
        5⤵
        
        PID:12168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35412.exe
      4⤵
      PID:5444
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 720
        5⤵
        Program crash
        
        PID:7472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22549.exe
      4⤵
      PID:7904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20742.exe
        5⤵
        
        PID:16852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53556.exe
        5⤵
        
        PID:10260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1515.exe
      4⤵
      PID:12424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6692.exe
      4⤵
      PID:11140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32118.exe
      4⤵
      PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17910.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7741.exe
        6⤵
        
        PID:9980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe
        6⤵
        
        PID:13092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25298.exe
        6⤵
        
        PID:10816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13828.exe
        5⤵
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10283.exe
        5⤵
        
        PID:14988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61767.exe
        5⤵
        
        PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55901.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36958.exe
        5⤵
        
        PID:11432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7700.exe
        5⤵
        
        PID:17224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28889.exe
        5⤵
        
        PID:5816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38996.exe
      4⤵
      PID:11484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
      4⤵
      PID:1008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24339.exe
    3⤵
    PID:5248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44334.exe
      4⤵
      PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7092.exe
        5⤵
        
        PID:8032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25851.exe
        5⤵
        
        PID:14456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
        5⤵
        
        PID:12556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22276.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60326.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45580.exe
        5⤵
        
        PID:12380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49396.exe
      4⤵
      PID:14612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32124.exe
      4⤵
      PID:7092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27716.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27716.exe
    3⤵
    PID:7188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20742.exe
      4⤵
      PID:16736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
      4⤵
      PID:6432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12989.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12989.exe
    3⤵
    PID:11100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57350.exe
    3⤵
    PID:8072
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50852.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50852.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18262.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61126.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22886.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57582.exe
        6⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8973.exe
        7⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42326.exe
        8⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
        8⤵
        
        PID:14508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
        8⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        7⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8171.exe
        7⤵
        
        PID:14688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51085.exe
        6⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
        7⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        7⤵
        
        PID:14804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2330.exe
        7⤵
        
        PID:12960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35156.exe
        6⤵
        
        PID:10644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25469.exe
        6⤵
        
        PID:15404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57994.exe
        6⤵
        
        PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14748.exe
        5⤵
        
        PID:1204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61438.exe
        6⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25798.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1155.exe
        7⤵
        
        PID:15248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
        7⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22276.exe
        6⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49396.exe
        6⤵
        
        PID:14620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33468.exe
        6⤵
        
        PID:11492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47628.exe
        5⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61654.exe
        6⤵
        
        PID:10632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25572.exe
        6⤵
        
        PID:16796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53510.exe
        6⤵
        
        PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21892.exe
        5⤵
        
        PID:11948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24198.exe
        5⤵
        
        PID:7736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18204.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29076.exe
        5⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35998.exe
        7⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39478.exe
        7⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
        6⤵
        
        PID:744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16634.exe
        6⤵
        
        PID:8416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53300.exe
        5⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        6⤵
        
        PID:8328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        6⤵
        
        PID:14796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53029.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
        5⤵
        
        PID:16824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60983.exe
        5⤵
        
        PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42990.exe
        5⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42326.exe
        6⤵
        
        PID:8992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        6⤵
        
        PID:14252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11074.exe
        6⤵
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22468.exe
        5⤵
        
        PID:9532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8171.exe
        5⤵
        
        PID:14704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
        5⤵
        
        PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18708.exe
      4⤵
      PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
        5⤵
        
        PID:8604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37388.exe
        5⤵
        
        PID:15076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60467.exe
        5⤵
        
        PID:13008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60892.exe
      4⤵
      PID:10912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12983.exe
      4⤵
      PID:5480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16756.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16756.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21734.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        5⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42990.exe
        6⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        7⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5292.exe
        7⤵
        
        PID:14872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25298.exe
        7⤵
        
        PID:10380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14212.exe
        6⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12203.exe
        6⤵
        
        PID:15128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15444.exe
        5⤵
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36470.exe
        6⤵
        
        PID:7832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        6⤵
        
        PID:14824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43747.exe
        6⤵
        
        PID:8380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38996.exe
        5⤵
        
        PID:10348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9677.exe
        5⤵
        
        PID:16772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46269.exe
      4⤵
      PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43404.exe
        5⤵
        
        PID:7748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30395.exe
        6⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30933.exe
        5⤵
        
        PID:13392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53486.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55220.exe
      4⤵
      PID:7336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21124.exe
      4⤵
      PID:10528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24411.exe
      4⤵
      PID:10936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
      4⤵
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17998.exe
        5⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56742.exe
        6⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
        6⤵
        
        PID:13948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28908.exe
        5⤵
        
        PID:9824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
        5⤵
        
        PID:14396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48844.exe
        5⤵
        
        PID:11964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64629.exe
      4⤵
      PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
        5⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20948.exe
        5⤵
        
        PID:13448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8962.exe
        5⤵
        
        PID:11136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18523.exe
      4⤵
      PID:10048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60332.exe
      4⤵
      PID:13080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
    3⤵
    PID:5164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exe
      4⤵
      PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
        5⤵
        
        PID:10232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        5⤵
        
        PID:14788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27602.exe
        5⤵
        
        PID:8472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7196.exe
      4⤵
      PID:10788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34701.exe
      4⤵
      PID:16524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3901.exe
      4⤵
      PID:4528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22051.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22051.exe
    3⤵
    PID:8112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52910.exe
      4⤵
      PID:11000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22797.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22797.exe
    3⤵
    PID:13404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39517.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39517.exe
    3⤵
    PID:4004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42501.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42501.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12117.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12117.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22502.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6845.exe
        5⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
        6⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        7⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20326.exe
        8⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        8⤵
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7388.exe
        7⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13355.exe
        7⤵
        
        PID:16244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32124.exe
        7⤵
        
        PID:9812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
        6⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36870.exe
        7⤵
        
        PID:13136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58695.exe
        7⤵
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31595.exe
        6⤵
        
        PID:12284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13700.exe
        5⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12341.exe
        6⤵
        
        PID:8188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1524.exe
        6⤵
        
        PID:11324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21435.exe
        6⤵
        
        PID:17176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-162.exe
        6⤵
        
        PID:9912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
        5⤵
        
        PID:9096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8141.exe
        6⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21267.exe
        6⤵
        
        PID:13024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62837.exe
        5⤵
        
        PID:13056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13212.exe
      4⤵
      PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26846.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23310.exe
        6⤵
        
        PID:9252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53813.exe
        6⤵
        
        PID:11780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
        6⤵
        
        PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55525.exe
        5⤵
        
        PID:9244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8171.exe
        5⤵
        
        PID:14712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23380.exe
        5⤵
        
        PID:8824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13035.exe
      4⤵
      PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50725.exe
      4⤵
      PID:10484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
      4⤵
      PID:16552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52903.exe
      4⤵
      PID:4960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59813.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59813.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63446.exe
      4⤵
      PID:1208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16654.exe
        5⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3021.exe
        6⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4005.exe
        7⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18046.exe
        7⤵
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31124.exe
        6⤵
        
        PID:10452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44596.exe
        6⤵
        
        PID:16480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61767.exe
        6⤵
        
        PID:17268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43404.exe
        5⤵
        
        PID:7784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3779.exe
        6⤵
        
        PID:8624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28819.exe
        5⤵
        
        PID:12268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30036.exe
      4⤵
      PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29358.exe
        5⤵
        
        PID:8816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        5⤵
        
        PID:14156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24148.exe
        5⤵
        
        PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44364.exe
      4⤵
      PID:8904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63892.exe
      4⤵
      PID:14544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49491.exe
      4⤵
      PID:11832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50492.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50492.exe
    3⤵
    PID:4484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59326.exe
      4⤵
      PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe
        5⤵
        
        PID:12036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30548.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51124.exe
      4⤵
      PID:15084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51381.exe
    3⤵
    PID:7556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
    3⤵
    PID:12176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11355.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11355.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14717.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14717.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57582.exe
      4⤵
      PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2460.exe
        5⤵
        
        PID:7108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8717.exe
        6⤵
        
        PID:13412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
        5⤵
        
        PID:10660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
        5⤵
        
        PID:15392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59253.exe
      4⤵
      PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57238.exe
        5⤵
        
        PID:12824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17470.exe
        5⤵
        
        PID:4160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18836.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16826.exe
      4⤵
      PID:8500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14364.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14364.exe
    3⤵
    PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3685.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61566.exe
        5⤵
        
        PID:13284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42550.exe
        5⤵
        
        PID:1380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45733.exe
      4⤵
      PID:10412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50653.exe
      4⤵
      PID:15236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41331.exe
      4⤵
      PID:11936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63580.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63580.exe
    3⤵
    PID:6984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4285.exe
      4⤵
      PID:10656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17404.exe
      4⤵
      PID:16696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39758.exe
      4⤵
      PID:5560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21124.exe
    3⤵
    PID:11600
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
    3⤵
    PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38662.exe
      4⤵
      PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        5⤵
        
        PID:10204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        5⤵
        
        PID:14840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11458.exe
        5⤵
        
        PID:11892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62453.exe
      4⤵
      PID:10748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exe
      4⤵
      PID:16436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12453.exe
      4⤵
      PID:5492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11116.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11116.exe
    3⤵
    PID:7940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36470.exe
      4⤵
      PID:8080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5292.exe
      4⤵
      PID:15012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38996.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38996.exe
    3⤵
    PID:10536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
    3⤵
    PID:16724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50710.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50710.exe
    3⤵
    PID:3916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25062.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25062.exe
  2⤵
  PID:5136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
    3⤵
    PID:7028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9469.exe
      4⤵
      PID:8984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43829.exe
      4⤵
      PID:14660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26258.exe
      4⤵
      PID:7348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exe
    3⤵
    PID:10840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53486.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53486.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48531.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48531.exe
    3⤵
    PID:8392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
  2⤵
  PID:7656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45894.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45894.exe
    3⤵
    PID:11192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
    3⤵
    PID:3152
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
  2⤵
  PID:11568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31667.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31667.exe
  2⤵
  PID:9368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 1348 -ip 1348
1⤵
PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5444 -ip 5444
1⤵
PID:7372

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:5076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11355.exe

Filesize
468KB

MD5
1e48cab17b92bd7e4c391186f73652ee

SHA1
471ab73a4747067995831ec19a76ceea888e7852

SHA256
85d9a5444ed56dc021396f9b59be8b2304705d2f4c56febab04539b8fbe40664

SHA512
57a81ae49784e492321b48ae09df25e35deb40882a0c5f0e2add2eacf501b33f4bf1c80795c9937b7e454263fe2dee7074c5a1f2d4b0ed35d0530459063f92e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11852.exe

Filesize
468KB

MD5
bb5e5061e47a0dcf62a0819153e2c36e

SHA1
1b3fe5e060562e8916d425efe33e486f3d14d761

SHA256
87685dc5bca5295da65ad35b4af69102a999508f7d506b7817dec0d030be40b5

SHA512
53d9c41e99e491f8c9d0eeb12b01c2c2943049ff581ff1daf1ba7f2cf0660796750fdb391397b0d64af41e49d931d77947cceee912c0b080f35b94fe77288224

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12117.exe

Filesize
468KB

MD5
2c1d002c9abb677d81935dc5a9feb8f5

SHA1
f7b880e7f3d35f21e603fd4e3ccc4edaf07942a6

SHA256
8c45d9450f85cb5934bc26d8c4f41a98835a2a89009c89854cf9ecdbda470b24

SHA512
94d47979a04bd3e69dc89e5b22d852d17a97822c6f653b7020ae9ab5318b63cb54306766ac4140da19effe0e941a17796249c6d38dc4b560398cfa4ccc6b98c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16756.exe

Filesize
468KB

MD5
0c44cd7fd27119a77c5abc574ecd1144

SHA1
887afb1254eca420b87672a01d34f277ce192978

SHA256
e93467741181a661f0e933c6928a8a3eac92f043de534ba8c6e864fedbc3ca2c

SHA512
777963d51b774bdc2d8cc8e3afa7726c3eec1dc798432a05d92a20e6a43149f776788f9d3ad142136fd229fbf14c31ad2fa6246900ed0ddc852f3befb0a6c900

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18262.exe

Filesize
468KB

MD5
ce8a2cb39656cabb9eaa9721a2765bda

SHA1
a3dd7f116d2c9994e12949a231a137fca6c42c1e

SHA256
b6bdc5585489e09c1fd7bd75aecb54aa2d012e21527d08b4af930cc8ecbc5183

SHA512
79a8aa6d5d5fd0e6606a78dbf88bf797fd80e712eef69fcefb3121beb7d9958cb1d352e3e1fd9b4a28db4a3a9746bab963570556c31c689a499d18bdb2177e89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20478.exe

Filesize
468KB

MD5
55b2963c9b66e242ca745649533d9838

SHA1
c5482920d41c066ed72bfda53786c48ee87f7b4a

SHA256
243e2e6a91a436d7f218f5997e14c722c5b13a7ae7295a6b0191bf742e85536e

SHA512
ba9173b1fed7f1850c616bba0f44fb1ab220bd7ed73a699538cc10074ed33369f7b9094820e3b68906d3910eda7793b4c3ff9ca36170b15322452e59c7fc1fcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20588.exe

Filesize
468KB

MD5
8107467b6b4c482597c0082f894e662e

SHA1
f7dde9cb1a7cde6d6167cec363c0748d1354cfd8

SHA256
da53eb69532b93662c14d55d40316b134e93b305ed6904886bdd4b81ec134fba

SHA512
59e965ffa28df3f3ad4e7b1fe35800d607cbb737019ba5474d905b8a42a231c8950db6d72f334a70f1ec1245307766c111fa0bfee0f96e67d4a3e43443d057d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe

Filesize
468KB

MD5
2a82b0e3819c39c3f43b58634b60bd94

SHA1
6d9c163e7dc6cfa560cce35bdc6293c3385917fa

SHA256
96dc9295f7cb739c0f860d9f3e8bbc4e5c3d86643e0fc1d9a8402da11f5cf4ac

SHA512
e760d4a0422192714d94783370ad769dd6a2efbb3a9c045f5b0badb54fc8b50d8b633bba0d89c917be04cf53a552c2156d1121e6c515a34dd37f3116e04a2ef7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26622.exe

Filesize
468KB

MD5
3a5651b7da6189609ea70e9b8fd7096e

SHA1
8d23c12818a8f9884167574e10d38ff1225fe661

SHA256
916ea33cd332f12fb33822c899923ab2acff6d909f499a5d73b62a0f7065be54

SHA512
a79fe0352d3a3210eb6c922ab608c98f3e9e4c130eb27aa98a04e1ed90a72d91f2ed1d5062c4227d5f69a00b29fe2026e0cc968d2fc2bb04f0eefb511b331a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe

Filesize
468KB

MD5
a55d170b54b52c6e990f7ab33e74c3c5

SHA1
bd7fd0b5f37cf827d486908220d8c22803c3dc60

SHA256
7a9deed057c7401b2e91bba00c00b9a17409ba113647542bcfd68228641a7779

SHA512
98666f604aae170a87ab98a209bfb409ae06828f70a00f093300697bb21f80aedd77c5dd40dc592a9b89036c2f8574baf892828543acf5a834bddfbe036fb48f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30491.exe

Filesize
468KB

MD5
b90a61ea4d796f42fd1e27e03809cae0

SHA1
ac1ff10cf734907316ef300305605e9813a4e52b

SHA256
e2ed888c0a5a37273553ca7ff36dc754fd1244052db9edf8deb1e2a62b2e3416

SHA512
74a658e3052626290be0404436481a81b56d138c8c0ccb195dd1bd571f26c963dfba862db4f468a02745db9292b5e3231c9829baa76a0781ae1c353d4f97564b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe

Filesize
468KB

MD5
fac6f45676fd93ee08fe69d7e769aba9

SHA1
34f795c0e1fab4ec83263250125486582887b5d0

SHA256
087850df021a0a423fabc42eaa528fd930b7bc8a6fe33c513701f860d2a4a7b0

SHA512
ae9d356635d5f1b5a9adfa24eda9a287eee2a9a6f8054a34eb8a5a4193f6f47845bc162c5c90ca8eb91b2d4f620ddea46556f38c45f7efe96d88a8c7e76b0e29

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34702.exe

Filesize
468KB

MD5
2a42749a7219b25ce0d54ba60de792f0

SHA1
337e11a0c62586cffbf51e264a0a07d591dd60b3

SHA256
223adb673d4cff888ab9aa9580f60644ba4dc522be5aa16bc2c95c058cc4eb83

SHA512
fd893020ef191319d493cdf0432ef52851e48f42287395b30f977ecfb35e98e4b4d0c4faba509be0cff9cec9f19bbd916c662ad47d06f2c7640beeca3925077c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36636.exe

Filesize
468KB

MD5
cceed375dcfb37fb75e59b397a2c755f

SHA1
a47ea7b573f1bf75dbd6fc79738fae022665d433

SHA256
d0465742a53bc4c8e163b02c573ef627dae149979dd7485574251870e4b42e5a

SHA512
c4abe3a1f79476051645d6b1bf3ee847ea1c4e5a28fe6de2d756f0154278f38c4a9e37dde6a5f0ff091931f885eab88b228997449368f4d52be9f6cb3c7c6b42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39340.exe

Filesize
468KB

MD5
cda4ea17b83f7e1b9d4962bec13b4060

SHA1
05446ee9e4c9c1d631c8c370fb023bc778a097f4

SHA256
2f29d9bf463b31f759c0929697d8dcd07ee6bcd25a79ac7143e8e8df6b6a090b

SHA512
08cdd9d5c5c0b97ed4d180503dcc620b3e361f043f5b0fcaa6a50f21888a88695524ab83eaac10bb29e50d2f001a3d6efaea93984ef18eea06850b0b516c653c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe

Filesize
468KB

MD5
dfbae98f6ab9f75afca0c39e1756315d

SHA1
8a3e07d20d9dcbe87b1b36c68feffaf2252ee89d

SHA256
b98ea805065c23dcf4bdb6ae49737a6dedb61d7350bc5f9175079910e0b71751

SHA512
150f5f9e8433cbbcc8005a6aea430a7fac691970eabf87bffff447d2e743b555ba805d45bf599bd563ef21d31e235fc33989a60c67e47c0efdb7984bd5031b85

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41260.exe

Filesize
468KB

MD5
96571b605176f8b4c6b77d7cc7b794b0

SHA1
ba70e4066c837448812c6ca8776ca607a3fe23b9

SHA256
5e1c4663e4106586ffa9376e41927f159ec209b300585fb4267b79b9c4330f71

SHA512
96ebf521dee980fdf93255e3b6c40ee49a337207dd7260417538bc7bfacf8f0711b107723b68f7c38f1d82d12900ad07381d1cfc8718ba1d1f55aed240e30439

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42501.exe

Filesize
468KB

MD5
d5a543a30a9e7eb1f674a0b86f204d01

SHA1
b017ad7130c0702c3a1c75d4c99e01793e8f46e2

SHA256
ea81fea0b23f2bb67d03b4f279ce914864838d4bd87fc52f35dd7a5c14ceb943

SHA512
9d2e916dbce1e420cc5bbd2dba15aac0dc775cdd0e3b61a1fb62ceb3724efea41dddd8fbc8a2759ed897a65cae183e2e1f7353ea7ce36e5b232f76c45d69ac47

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42870.exe

Filesize
468KB

MD5
462f2b45a600d19c3f5320ff3cf53f76

SHA1
db4ac4626100b2a3a2bc1ed892b9341feaf6cdd7

SHA256
0740af18b8f63126075b7590d7b6ce5d48901088341dd4c5729fe513ecb356cb

SHA512
d85e5aa3e90a975d8e6cdf592417262defbc06031f68dcc3ef67b8caa09b087f2a4f12f84d070e5e6dcfa83c01247f9071d96c0b8267f3878ea6b1eb15b5daf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50852.exe

Filesize
468KB

MD5
3954acd7b434ae4f2bb5cc7beb0e602f

SHA1
a746898ec41e51ae3689c5fae985b47b89567e0d

SHA256
5cf049cc321f05ccd3d6c4e6aec3cbbc67271303b1fba835d42a14e4dc156c5a

SHA512
bda208ed8886b91ce3fe3df1b6d8c9159aaee22f07da01897a414e7d26f46a47afeff14ebec3412578f43b1673a21229cdfb9a820243938f1eb6fb343ff857d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52294.exe

Filesize
468KB

MD5
0e19c4863f7ca160960a24cefedd2ff2

SHA1
1235ac538a002f3a8e15cc3e8bb27b4f10756859

SHA256
fc24447dd18485e68929158b762b6923d6bad1713ef528f2831450ab2f95f4be

SHA512
1d73134ece8aa4e5af65f2fce367025eb32421a8160d2b5196a4ac33f70470e894c868ef63168ebe02d8a752e03155b47aea9d28ae81b1e265170367a9e5b312

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55902.exe

Filesize
468KB

MD5
9da8a33b4f97c83445c7e5aea3971dcd

SHA1
a3b80cf3683dc30c8a41dc294a8684fb84376b56

SHA256
76ed8b74db59f4aefaa7236baebf2559e3d953ab2943126f730c4c268a59f635

SHA512
15069592d4d363a5c4b6681f21558e5ea0691ae9db1a783c68e149d654eacb6cad1ad5a0bd06d41532b0e3222111b73e1c512ab31b1d7ca300e377a75d9274cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55918.exe

Filesize
468KB

MD5
fd2a438eb55a26e2bf56311f5061782b

SHA1
064fd93a0628fdd3e09c6cb492831aeb45c06c96

SHA256
3a64f5147dddc16d20db11f3152a39373c1f0f8fc686d36e4d07b35e4ed7186d

SHA512
a381303a4081605e182c8fe4749c0f1a41a7eaffa918e877a00b8e61c1cbd3abd5cfc84aa3996f76e29de118af4630b944f7efe03155ea067642ac0a57eac0eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57125.exe

Filesize
468KB

MD5
dc455b3fd0cb67d06d5e905f41a25ba3

SHA1
cdd301b46057e9c0a37698afcc4f20ea4e9397e0

SHA256
f89fed7961ff9666cea13ec458c3047ef60ae2bed1a5e8d504575b35220819ab

SHA512
44d86260cbc685da887ce1bc8c4ffd9e369eb3f5ea27e4dfdbafc590a86f62d752b9a28ad50a768af88c135c9e8e3778195abd46f7b21fe0f7cf98e2a8f42a41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60166.exe

Filesize
468KB

MD5
c7d8fb979757a08b6d9223a06875373a

SHA1
14babd6f656c5a2a665670e3fb12a38477559597

SHA256
90f0b7670ee5bde444d98f3edbbc7c58968cd50bb25b513e3fd26d2cb28570ab

SHA512
96374e90fc4e9b5ecf9a730dca2be1b4450322f868596a66a37c745cb49a7a1b9624c59bd632d6ea1c5521f14396ab60f2e80b0896e37f4096ba46e893d0288c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe

Filesize
468KB

MD5
5ca07e7b3669eb1f016e09f3b74cb950

SHA1
a915120c6b37fbbdd96e0d88ce18fcfc9cef9f10

SHA256
b05690db39f2e947d9c6281ed644ec92969f541574762f046bb2fb9b5cfe0222

SHA512
6242afdfbf6cee9e8822bde5ea4e773f6d5dc735e1078be312d2ee07e36912de230a36e6a2b4ab87a2fb1f6f38c1e2dee73d6afc45534260f7b15b9dff9fc114

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60749.exe

Filesize
468KB

MD5
873660d0377c75b058afaa8e8b5c6c17

SHA1
9b088e646769566da510f5b98ae1fb6c94c81d07

SHA256
8c8b8ce2c000250fd83b9900b01ead482bbc10e633fae504c0b88183f8285149

SHA512
5e8df8a7e2f1fcdc6df484cc3239ff663bafbab3fe2af5466f582dacd584dab8c57fa2222a75b19f7d2918f6050596b409d0fe750f57983240d7676a3ee3f502

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61126.exe

Filesize
468KB

MD5
7437ee712630ade07844288e85c2f8c3

SHA1
648f98fd30bdeb1dcd633821dff6833278746eff

SHA256
b48018ebdef6d48c97a6e1a4153d9f0e9f6101490c78c2ebe69df06f94d0d0af

SHA512
dd68e2c38144bce510a507d27002ce602f7c022257543f57666e8e8a00df10294ace969a79ec5251e58c96bc06d14c41f3ef8e5a35737213f8a4c04c95f0ccd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63356.exe

Filesize
468KB

MD5
1a0c029859eb7fef2c47144df28125b0

SHA1
0bc7e8b0f14a398f8fba584b5cb73965ad419d7f

SHA256
075b0c073ada640159aed5db866da28999f8630af6520ad98eae1f511f4cfa97

SHA512
0702f91a6ddaab72c56c66cd31e9e210c7a4f86091b12fa3f639228fa6ea55f4219022b514ce3986c36c8e8fdd7ad12c80f7f8ce494916bb292074b3efb52087

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63845.exe

Filesize
468KB

MD5
2655b0bef1cbd94ac538d3202d988e45

SHA1
feadce0f4e49286cf05f4f583839c085cdc947c7

SHA256
da97876e9f6680ee58928aea9c13f3b561c4f6218970c9d44b435606136364e7

SHA512
7731a604e43d32ca8362d50cda0017a3427fc63bfb51d5583034a44895a13869e20a5d05c281985a077916926d109cd2727a7e8adca4ba397d2006ea9989d9cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe

Filesize
468KB

MD5
fca095a9717fc9c245d8690606e07d5a

SHA1
662846c1021ca7e3ba08965383afe001a1036a10

SHA256
a67ac23320b49ce6623cba111c6015baaa992ef62062d31f2a8f68ee11fdfc7e

SHA512
5e31a9c87f25b1de1ddd5fbab108c7422bb7f3ce6ffa195642505c75cef244195e1e063098d2b439822dd8f10fd8707f48cccd2ef2a7876677ff1d0a7d9234f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9901.exe

Filesize
468KB

MD5
ad3a32b9facd17483901898fa37a193e

SHA1
7162e51891e08af0292eaaab7cafcff6d838799c

SHA256
458f373ec6574c3894ffabcd90b8e5e030c1a3956f7f8d4ee672a0a199c83022

SHA512
880aceec3ec07ffe1c46feb095176b55139e95338db693bb45195e2f3668c6f3f81a08b9efd2f07aa136b0a934cfe7812b445a8cc6b0cbd6cdc252c2e5733ea5

Download Submit
memory/16600-2478-0x00007FF906300000-0x00007FF906359000-memory.dmp

Filesize
356KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads