51cc7a6dfaa29f5b1f50f7b5101f56ffb1cbd1c65ea76b5e7bc6b5b818c8a2d0

Analysis

max time kernel
143s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2024, 21:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

51cc7a6dfaa29f5b1f50f7b5101f56ffb1cbd1c65ea76b5e7bc6b5b818c8a2d0.exe
Size

468KB
MD5

9ca1101c9ffa69659a2ad55278095b39
SHA1

53d13f4f25db36e22329dea94d31d4dd59df5425
SHA256

51cc7a6dfaa29f5b1f50f7b5101f56ffb1cbd1c65ea76b5e7bc6b5b818c8a2d0
SHA512

4df8f0b7c115ac9747723052fab6bf390d30e85a76a230e9d87b54ed3c6dede09ea7c3c10bfab2ca192572e69b5e0bb46e80bd843b182b49a9df9693d3f4f9ec
SSDEEP

3072:/owDovIuU35/tbYJPgH5OfY/45RpnIKXLmHdnSxErVowqRXr6yls:/ooouJ/tiPu5OfVT6/rV1CXr6

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3304	Unicorn-29607.exe
3576	Unicorn-49041.exe
2852	Unicorn-8755.exe
3088	Unicorn-7082.exe
3864	Unicorn-48670.exe
3544	Unicorn-17389.exe
2640	Unicorn-7174.exe
2536	Unicorn-48774.exe
3988	Unicorn-2266.exe
1640	Unicorn-38145.exe
3740	Unicorn-58011.exe
4016	Unicorn-58011.exe
1628	Unicorn-22936.exe
2260	Unicorn-17070.exe
2408	Unicorn-39297.exe
4968	Unicorn-8400.exe
3700	Unicorn-29567.exe
1696	Unicorn-22791.exe
3856	Unicorn-61585.exe
3596	Unicorn-36989.exe
4624	Unicorn-32905.exe
2208	Unicorn-32905.exe
4384	Unicorn-10346.exe
4216	Unicorn-62869.exe
3328	Unicorn-6262.exe
2636	Unicorn-787.exe
2912	Unicorn-16303.exe
1396	Unicorn-10438.exe
4228	Unicorn-62240.exe
1672	Unicorn-43787.exe
1872	Unicorn-33572.exe
1036	Unicorn-34057.exe
1788	Unicorn-40833.exe
3056	Unicorn-44747.exe
4076	Unicorn-26380.exe
5032	Unicorn-22189.exe
2464	Unicorn-18105.exe
4208	Unicorn-8867.exe
4432	Unicorn-5660.exe
2240	Unicorn-48731.exe
1724	Unicorn-54861.exe
840	Unicorn-38333.exe
4400	Unicorn-14383.exe
1356	Unicorn-14383.exe
1228	Unicorn-11425.exe
400	Unicorn-11690.exe
512	Unicorn-53278.exe
2476	Unicorn-22551.exe
1288	Unicorn-36287.exe
924	Unicorn-2131.exe
4464	Unicorn-13066.exe
4408	Unicorn-17647.exe
4840	Unicorn-42801.exe
748	Unicorn-42801.exe
4184	Unicorn-35437.exe
5040	Unicorn-63968.exe
3632	Unicorn-18873.exe
2396	Unicorn-55307.exe
1852	Unicorn-58644.exe
2200	Unicorn-14688.exe
232	Unicorn-3989.exe
4284	Unicorn-9697.exe
3148	Unicorn-54067.exe
4304	Unicorn-64928.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
5828	5376	WerFault.exe	195
3668	5932	WerFault.exe	214
6912	5940	WerFault.exe	215
15636	4528	WerFault.exe	798

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42905.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47535.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33912.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10346.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46387.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34566.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1106.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14014.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14261.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17389.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50580.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12056.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4394.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61537.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33995.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47892.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33946.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56180.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50580.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47072.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45188.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35028.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44410.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42782.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54446.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63034.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6289.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52381.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50580.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3684.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30928.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42801.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	8480	Process not Found
Token: SeChangeNotifyPrivilege	8480	Process not Found
Token: 33	8480	Process not Found
Token: SeIncBasePriorityPrivilege	8480	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4420	51cc7a6dfaa29f5b1f50f7b5101f56ffb1cbd1c65ea76b5e7bc6b5b818c8a2d0.exe
3304	Unicorn-29607.exe
3576	Unicorn-49041.exe
2852	Unicorn-8755.exe
3088	Unicorn-7082.exe
3544	Unicorn-17389.exe
3864	Unicorn-48670.exe
2640	Unicorn-7174.exe
2536	Unicorn-48774.exe
3988	Unicorn-2266.exe
1640	Unicorn-38145.exe
1628	Unicorn-22936.exe
4016	Unicorn-58011.exe
2260	Unicorn-17070.exe
3740	Unicorn-58011.exe
2408	Unicorn-39297.exe
4968	Unicorn-8400.exe
3700	Unicorn-29567.exe
1696	Unicorn-22791.exe
3856	Unicorn-61585.exe
4624	Unicorn-32905.exe
4216	Unicorn-62869.exe
3596	Unicorn-36989.exe
2912	Unicorn-16303.exe
4384	Unicorn-10346.exe
4228	Unicorn-62240.exe
2208	Unicorn-32905.exe
1396	Unicorn-10438.exe
3328	Unicorn-6262.exe
2636	Unicorn-787.exe
1672	Unicorn-43787.exe
1872	Unicorn-33572.exe
1036	Unicorn-34057.exe
1788	Unicorn-40833.exe
3056	Unicorn-44747.exe
4076	Unicorn-26380.exe
2464	Unicorn-18105.exe
4208	Unicorn-8867.exe
5032	Unicorn-22189.exe
4432	Unicorn-5660.exe
2240	Unicorn-48731.exe
1724	Unicorn-54861.exe
1356	Unicorn-14383.exe
840	Unicorn-38333.exe
4400	Unicorn-14383.exe
400	Unicorn-11690.exe
1228	Unicorn-11425.exe
1288	Unicorn-36287.exe
924	Unicorn-2131.exe
2476	Unicorn-22551.exe
4464	Unicorn-13066.exe
4408	Unicorn-17647.exe
512	Unicorn-53278.exe
5040	Unicorn-63968.exe
748	Unicorn-42801.exe
4184	Unicorn-35437.exe
4840	Unicorn-42801.exe
3632	Unicorn-18873.exe
2200	Unicorn-14688.exe
2396	Unicorn-55307.exe
1852	Unicorn-58644.exe
232	Unicorn-3989.exe
4284	Unicorn-9697.exe
4304	Unicorn-64928.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4420 wrote to memory of 3304	4420	51cc7a6dfaa29f5b1f50f7b5101f56ffb1cbd1c65ea76b5e7bc6b5b818c8a2d0.exe	82
PID 4420 wrote to memory of 3304	4420	51cc7a6dfaa29f5b1f50f7b5101f56ffb1cbd1c65ea76b5e7bc6b5b818c8a2d0.exe	82
PID 4420 wrote to memory of 3304	4420	51cc7a6dfaa29f5b1f50f7b5101f56ffb1cbd1c65ea76b5e7bc6b5b818c8a2d0.exe	82
PID 3304 wrote to memory of 3576	3304	Unicorn-29607.exe	83
PID 3304 wrote to memory of 3576	3304	Unicorn-29607.exe	83
PID 3304 wrote to memory of 3576	3304	Unicorn-29607.exe	83
PID 4420 wrote to memory of 2852	4420	51cc7a6dfaa29f5b1f50f7b5101f56ffb1cbd1c65ea76b5e7bc6b5b818c8a2d0.exe	84
PID 4420 wrote to memory of 2852	4420	51cc7a6dfaa29f5b1f50f7b5101f56ffb1cbd1c65ea76b5e7bc6b5b818c8a2d0.exe	84
PID 4420 wrote to memory of 2852	4420	51cc7a6dfaa29f5b1f50f7b5101f56ffb1cbd1c65ea76b5e7bc6b5b818c8a2d0.exe	84
PID 3576 wrote to memory of 3088	3576	Unicorn-49041.exe	85
PID 3576 wrote to memory of 3088	3576	Unicorn-49041.exe	85
PID 3576 wrote to memory of 3088	3576	Unicorn-49041.exe	85
PID 3304 wrote to memory of 3864	3304	Unicorn-29607.exe	86
PID 3304 wrote to memory of 3864	3304	Unicorn-29607.exe	86
PID 3304 wrote to memory of 3864	3304	Unicorn-29607.exe	86
PID 2852 wrote to memory of 3544	2852	Unicorn-8755.exe	87
PID 2852 wrote to memory of 3544	2852	Unicorn-8755.exe	87
PID 2852 wrote to memory of 3544	2852	Unicorn-8755.exe	87
PID 4420 wrote to memory of 2640	4420	51cc7a6dfaa29f5b1f50f7b5101f56ffb1cbd1c65ea76b5e7bc6b5b818c8a2d0.exe	88
PID 4420 wrote to memory of 2640	4420	51cc7a6dfaa29f5b1f50f7b5101f56ffb1cbd1c65ea76b5e7bc6b5b818c8a2d0.exe	88
PID 4420 wrote to memory of 2640	4420	51cc7a6dfaa29f5b1f50f7b5101f56ffb1cbd1c65ea76b5e7bc6b5b818c8a2d0.exe	88
PID 3088 wrote to memory of 2536	3088	Unicorn-7082.exe	93
PID 3088 wrote to memory of 2536	3088	Unicorn-7082.exe	93
PID 3088 wrote to memory of 2536	3088	Unicorn-7082.exe	93
PID 3576 wrote to memory of 3988	3576	Unicorn-49041.exe	94
PID 3576 wrote to memory of 3988	3576	Unicorn-49041.exe	94
PID 3576 wrote to memory of 3988	3576	Unicorn-49041.exe	94
PID 2852 wrote to memory of 1640	2852	Unicorn-8755.exe	95
PID 2852 wrote to memory of 1640	2852	Unicorn-8755.exe	95
PID 2852 wrote to memory of 1640	2852	Unicorn-8755.exe	95
PID 2640 wrote to memory of 3740	2640	Unicorn-7174.exe	96
PID 2640 wrote to memory of 3740	2640	Unicorn-7174.exe	96
PID 2640 wrote to memory of 3740	2640	Unicorn-7174.exe	96
PID 3864 wrote to memory of 4016	3864	Unicorn-48670.exe	97
PID 3864 wrote to memory of 4016	3864	Unicorn-48670.exe	97
PID 3864 wrote to memory of 4016	3864	Unicorn-48670.exe	97
PID 4420 wrote to memory of 1628	4420	51cc7a6dfaa29f5b1f50f7b5101f56ffb1cbd1c65ea76b5e7bc6b5b818c8a2d0.exe	98
PID 4420 wrote to memory of 1628	4420	51cc7a6dfaa29f5b1f50f7b5101f56ffb1cbd1c65ea76b5e7bc6b5b818c8a2d0.exe	98
PID 4420 wrote to memory of 1628	4420	51cc7a6dfaa29f5b1f50f7b5101f56ffb1cbd1c65ea76b5e7bc6b5b818c8a2d0.exe	98
PID 3304 wrote to memory of 2260	3304	Unicorn-29607.exe	99
PID 3304 wrote to memory of 2260	3304	Unicorn-29607.exe	99
PID 3304 wrote to memory of 2260	3304	Unicorn-29607.exe	99
PID 3544 wrote to memory of 2408	3544	Unicorn-17389.exe	101
PID 3544 wrote to memory of 2408	3544	Unicorn-17389.exe	101
PID 3544 wrote to memory of 2408	3544	Unicorn-17389.exe	101
PID 2536 wrote to memory of 4968	2536	Unicorn-48774.exe	102
PID 2536 wrote to memory of 4968	2536	Unicorn-48774.exe	102
PID 2536 wrote to memory of 4968	2536	Unicorn-48774.exe	102
PID 3088 wrote to memory of 3700	3088	Unicorn-7082.exe	103
PID 3088 wrote to memory of 3700	3088	Unicorn-7082.exe	103
PID 3088 wrote to memory of 3700	3088	Unicorn-7082.exe	103
PID 3988 wrote to memory of 1696	3988	Unicorn-2266.exe	104
PID 3988 wrote to memory of 1696	3988	Unicorn-2266.exe	104
PID 3988 wrote to memory of 1696	3988	Unicorn-2266.exe	104
PID 3576 wrote to memory of 3856	3576	Unicorn-49041.exe	105
PID 3576 wrote to memory of 3856	3576	Unicorn-49041.exe	105
PID 3576 wrote to memory of 3856	3576	Unicorn-49041.exe	105
PID 1628 wrote to memory of 3596	1628	Unicorn-22936.exe	106
PID 1628 wrote to memory of 3596	1628	Unicorn-22936.exe	106
PID 1628 wrote to memory of 3596	1628	Unicorn-22936.exe	106
PID 4016 wrote to memory of 4624	4016	Unicorn-58011.exe	107
PID 4016 wrote to memory of 4624	4016	Unicorn-58011.exe	107
PID 4016 wrote to memory of 4624	4016	Unicorn-58011.exe	107
PID 2260 wrote to memory of 2208	2260	Unicorn-17070.exe	108

C:\Users\Admin\AppData\Local\Temp\51cc7a6dfaa29f5b1f50f7b5101f56ffb1cbd1c65ea76b5e7bc6b5b818c8a2d0.exe
"C:\Users\Admin\AppData\Local\Temp\51cc7a6dfaa29f5b1f50f7b5101f56ffb1cbd1c65ea76b5e7bc6b5b818c8a2d0.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29607.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29607.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49041.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49041.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7082.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48774.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8400.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34057.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18873.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        9⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2448.exe
        10⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3206.exe
        11⤵
        
        PID:13772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3948.exe
        11⤵
        
        PID:16568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        10⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5847.exe
        10⤵
        
        PID:14400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16419.exe
        10⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42782.exe
        10⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
        9⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47160.exe
        9⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
        9⤵
        
        PID:15592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38861.exe
        9⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43485.exe
        8⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43625.exe
        9⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22737.exe
        9⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
        9⤵
        
        PID:14560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21363.exe
        8⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11789.exe
        9⤵
        
        PID:17296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
        9⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1162.exe
        8⤵
        
        PID:11320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
        8⤵
        
        PID:15656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
        8⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19657.exe
        10⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29827.exe
        10⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32566.exe
        10⤵
        
        PID:17164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-166.exe
        10⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25606.exe
        10⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34112.exe
        9⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24898.exe
        9⤵
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16419.exe
        9⤵
        
        PID:17060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58537.exe
        9⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12056.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
        8⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10829.exe
        9⤵
        
        PID:17280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23200.exe
        9⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9992.exe
        8⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32874.exe
        8⤵
        
        PID:14932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21764.exe
        8⤵
        
        PID:16772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
        8⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41762.exe
        7⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
        8⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15292.exe
        9⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20346.exe
        9⤵
        
        PID:15600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        8⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        8⤵
        
        PID:14252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        8⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38146.exe
        7⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
        8⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
        8⤵
        
        PID:15156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24564.exe
        8⤵
        
        PID:17036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7276.exe
        7⤵
        
        PID:12724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44406.exe
        7⤵
        
        PID:16392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5187.exe
        7⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40833.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58644.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
        8⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50087.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        9⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18264.exe
        9⤵
        
        PID:14200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60626.exe
        9⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46033.exe
        8⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13418.exe
        8⤵
        
        PID:11764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
        8⤵
        
        PID:15412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60891.exe
        7⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
        8⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9843.exe
        9⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10777.exe
        9⤵
        
        PID:13072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
        9⤵
        
        PID:16892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55214.exe
        8⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33448.exe
        8⤵
        
        PID:12720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6682.exe
        8⤵
        
        PID:17332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32280.exe
        7⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3684.exe
        7⤵
        
        PID:12140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-400.exe
        7⤵
        
        PID:15716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20023.exe
        7⤵
        
        PID:17260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14688.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23148.exe
        7⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
        8⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58094.exe
        8⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34410.exe
        8⤵
        
        PID:16176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52146.exe
        7⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
        7⤵
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe
        7⤵
        
        PID:16456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
        6⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59817.exe
        7⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12282.exe
        8⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59594.exe
        8⤵
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37097.exe
        8⤵
        
        PID:15760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5812.exe
        8⤵
        
        PID:17016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48465.exe
        8⤵
        
        PID:16604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48117.exe
        8⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50938.exe
        7⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
        7⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46408.exe
        7⤵
        
        PID:17144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24670.exe
        7⤵
        
        PID:17216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43929.exe
        7⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3907.exe
        6⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53777.exe
        7⤵
        
        PID:13392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        7⤵
        
        PID:16992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50159.exe
        7⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55618.exe
        6⤵
        
        PID:10484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29015.exe
        6⤵
        
        PID:14656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
        6⤵
        
        PID:16636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39265.exe
        6⤵
        
        PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64928.exe
        6⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46387.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3770.exe
        8⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6231.exe
        8⤵
        
        PID:14996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23108.exe
        8⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46033.exe
        7⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-97.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-97.exe
        7⤵
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57156.exe
        7⤵
        
        PID:15480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2374.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34327.exe
        7⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6484.exe
        7⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26512.exe
        7⤵
        
        PID:16504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35315.exe
        7⤵
        
        PID:17260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36508.exe
        7⤵
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43233.exe
        6⤵
        
        PID:8880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
        6⤵
        
        PID:11756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34251.exe
        6⤵
        
        PID:15452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34396.exe
        6⤵
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22729.exe
        6⤵
        
        PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48731.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        6⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49044.exe
        7⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
        8⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
        9⤵
        
        PID:15488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
        9⤵
        
        PID:17068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        9⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64228.exe
        8⤵
        
        PID:11496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31281.exe
        8⤵
        
        PID:15632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        8⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55048.exe
        7⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
        7⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19827.exe
        7⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22724.exe
        7⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30330.exe
        6⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        7⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58529.exe
        7⤵
        
        PID:13684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28126.exe
        7⤵
        
        PID:17184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5729.exe
        7⤵
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34714.exe
        6⤵
        
        PID:9768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
        6⤵
        
        PID:13548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19460.exe
        6⤵
        
        PID:17348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43675.exe
        6⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24313.exe
        6⤵
        
        PID:8012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11555.exe
        5⤵
        
        PID:4764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
        6⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16502.exe
        7⤵
        
        PID:14428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11789.exe
        7⤵
        
        PID:17316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
        7⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43820.exe
        7⤵
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57051.exe
        6⤵
        
        PID:10188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13604.exe
        6⤵
        
        PID:14056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46264.exe
        6⤵
        
        PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29480.exe
        5⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29953.exe
        6⤵
        
        PID:16580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55618.exe
        5⤵
        
        PID:10628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18750.exe
        5⤵
        
        PID:15524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1046.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2266.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22791.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8229.exe
        7⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17249.exe
        8⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30243.exe
        9⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26215.exe
        9⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48224.exe
        9⤵
        
        PID:15016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25727.exe
        8⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38005.exe
        8⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30928.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15350.exe
        8⤵
        
        PID:17216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-351.exe
        8⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23807.exe
        7⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57892.exe
        8⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23859.exe
        8⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        8⤵
        
        PID:16096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25552.exe
        8⤵
        
        PID:16588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34113.exe
        8⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39593.exe
        7⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38546.exe
        7⤵
        
        PID:13116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35028.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10429.exe
        6⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52225.exe
        7⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44135.exe
        8⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        8⤵
        
        PID:14780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3509.exe
        8⤵
        
        PID:16680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        7⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        7⤵
        
        PID:14156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57361.exe
        6⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-300.exe
        7⤵
        
        PID:13036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
        7⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60361.exe
        7⤵
        
        PID:17192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54603.exe
        7⤵
        
        PID:1184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55748.exe
        6⤵
        
        PID:12768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14261.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50649.exe
        6⤵
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56087.exe
        6⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        6⤵
        
        PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14383.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14835.exe
        6⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14700.exe
        7⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        8⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37777.exe
        8⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24564.exe
        8⤵
        
        PID:16756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39645.exe
        7⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13604.exe
        7⤵
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33170.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38067.exe
        7⤵
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16407.exe
        6⤵
        
        PID:7476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
        6⤵
        
        PID:12156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
        5⤵
        
        PID:5376
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 248
        6⤵
        Program crash
        
        PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29978.exe
        5⤵
        
        PID:7256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
        5⤵
        
        PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13446.exe
        5⤵
        
        PID:14984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61585.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8867.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11436.exe
        6⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
        7⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44135.exe
        8⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        7⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24898.exe
        7⤵
        
        PID:14448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16419.exe
        7⤵
        
        PID:17024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24790.exe
        7⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42782.exe
        7⤵
        
        PID:132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
        6⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52381.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51033.exe
        7⤵
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
        6⤵
        
        PID:10692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
        6⤵
        
        PID:15684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10429.exe
        5⤵
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
        6⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8966.exe
        7⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18945.exe
        7⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7678.exe
        7⤵
        
        PID:17288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58932.exe
        7⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
        6⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46578.exe
        6⤵
        
        PID:13604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28126.exe
        6⤵
        
        PID:17052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32280.exe
        5⤵
        
        PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3684.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64056.exe
        5⤵
        
        PID:15660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11425.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1514.exe
        5⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59817.exe
        6⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55225.exe
        7⤵
        
        PID:17116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        7⤵
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60258.exe
        6⤵
        
        PID:10104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        6⤵
        
        PID:13964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45348.exe
        5⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
        6⤵
        
        PID:14488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46283.exe
        5⤵
        
        PID:11484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9216.exe
        5⤵
        
        PID:14928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6189.exe
        5⤵
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46264.exe
        5⤵
        
        PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6289.exe
      4⤵
      PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
        5⤵
        
        PID:6604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        6⤵
        
        PID:9040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
        6⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        6⤵
        
        PID:16472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
        5⤵
        
        PID:8588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16345.exe
        5⤵
        
        PID:13876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42689.exe
        5⤵
        
        PID:17220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43078.exe
      4⤵
      PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52516.exe
        5⤵
        
        PID:13044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
        5⤵
        
        PID:16528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35665.exe
        5⤵
        
        PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        5⤵
        
        PID:16648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39736.exe
        5⤵
        
        PID:6936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31308.exe
      4⤵
      PID:10572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
      4⤵
      PID:14408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49213.exe
      4⤵
      PID:16608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48670.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48670.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58011.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32905.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36147.exe
        6⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28925.exe
        7⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 488
        8⤵
        Program crash
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14399.exe
        7⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5240.exe
        8⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        8⤵
        
        PID:14860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24564.exe
        8⤵
        
        PID:17040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33126.exe
        7⤵
        
        PID:11960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1353.exe
        7⤵
        
        PID:15608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10542.exe
        6⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
        7⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        7⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13046.exe
        7⤵
        
        PID:17376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10055.exe
        7⤵
        
        PID:16440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14230.exe
        7⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28354.exe
        6⤵
        
        PID:7920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4992.exe
        6⤵
        
        PID:12368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13677.exe
        6⤵
        
        PID:16168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26358.exe
        6⤵
        
        PID:1184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53278.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58883.exe
        6⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
        7⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        8⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37777.exe
        8⤵
        
        PID:14892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24564.exe
        8⤵
        
        PID:17260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21860.exe
        7⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
        7⤵
        
        PID:14360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41708.exe
        7⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45188.exe
        6⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9978.exe
        7⤵
        
        PID:15376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
        6⤵
        
        PID:9368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4970.exe
        6⤵
        
        PID:14300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21490.exe
        6⤵
        
        PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24548.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-886.exe
        6⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51406.exe
        7⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        6⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        6⤵
        
        PID:14276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        6⤵
        
        PID:16676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5857.exe
        5⤵
        
        PID:7768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19937.exe
        5⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11949.exe
        5⤵
        
        PID:14672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        5⤵
        
        PID:1464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62240.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22189.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33995.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51291.exe
        7⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
        8⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        8⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13002.exe
        8⤵
        
        PID:14464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54603.exe
        8⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57954.exe
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18893.exe
        7⤵
        
        PID:12892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5722.exe
        7⤵
        
        PID:16744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29370.exe
        6⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-668.exe
        7⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        8⤵
        
        PID:12172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        8⤵
        
        PID:15720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48394.exe
        8⤵
        
        PID:16504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
        7⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
        7⤵
        
        PID:15396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
        7⤵
        
        PID:17156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48939.exe
        6⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
        6⤵
        
        PID:12520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48002.exe
        6⤵
        
        PID:16484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43675.exe
        6⤵
        
        PID:16676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3260.exe
        6⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46982.exe
        6⤵
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57108.exe
        5⤵
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
        6⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19652.exe
        8⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
        8⤵
        
        PID:16748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
        7⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19827.exe
        7⤵
        
        PID:15020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22724.exe
        7⤵
        
        PID:17180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40973.exe
        7⤵
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43516.exe
        6⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55794.exe
        6⤵
        
        PID:10264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47648.exe
        6⤵
        
        PID:14352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        6⤵
        
        PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37543.exe
        5⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8966.exe
        6⤵
        
        PID:9036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18945.exe
        6⤵
        
        PID:13136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
        6⤵
        
        PID:16900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
        6⤵
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40580.exe
        5⤵
        
        PID:9776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43778.exe
        5⤵
        
        PID:13564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2925.exe
        5⤵
        
        PID:17268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22144.exe
        5⤵
        
        PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31173.exe
        5⤵
        
        PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18207.exe
        5⤵
        
        PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
      4⤵
      PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14534.exe
        5⤵
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52007.exe
        6⤵
        
        PID:8328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
        6⤵
        
        PID:10652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17086.exe
        6⤵
        
        PID:14588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33946.exe
        5⤵
        
        PID:9300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19879.exe
        5⤵
        
        PID:10464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4878.exe
        5⤵
        
        PID:17304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53435.exe
      4⤵
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15734.exe
        6⤵
        
        PID:15024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10829.exe
        6⤵
        
        PID:16816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40727.exe
        6⤵
        
        PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3962.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56200.exe
        5⤵
        
        PID:15072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58195.exe
        5⤵
        
        PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5052.exe
      4⤵
      PID:8228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65475.exe
      4⤵
      PID:10668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61537.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39367.exe
      4⤵
      PID:17300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25140.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17070.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17070.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32905.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19619.exe
        5⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41177.exe
        6⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52884.exe
        7⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42634.exe
        7⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26899.exe
        7⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33946.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19879.exe
        6⤵
        
        PID:11284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4878.exe
        6⤵
        
        PID:17296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39821.exe
        6⤵
        
        PID:17400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23576.exe
        6⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
        6⤵
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12872.exe
        5⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe
        6⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8748.exe
        7⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-445.exe
        7⤵
        
        PID:14304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9214.exe
        7⤵
        
        PID:17324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50653.exe
        7⤵
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23693.exe
        6⤵
        
        PID:9676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31504.exe
        6⤵
        
        PID:15164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21764.exe
        6⤵
        
        PID:16148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34062.exe
        5⤵
        
        PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7276.exe
        5⤵
        
        PID:12736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
        5⤵
        
        PID:16592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60966.exe
        5⤵
        
        PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17018.exe
      4⤵
      PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41177.exe
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30243.exe
        6⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26215.exe
        6⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10480.exe
        6⤵
        
        PID:13832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
        6⤵
        
        PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25727.exe
        5⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        6⤵
        
        PID:10476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13164.exe
        6⤵
        
        PID:15184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7818.exe
        6⤵
        
        PID:16624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38005.exe
        5⤵
        
        PID:10768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30928.exe
        5⤵
        
        PID:14744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15350.exe
        5⤵
        
        PID:17348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-351.exe
        5⤵
        
        PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18737.exe
      4⤵
      PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52007.exe
        5⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54929.exe
        6⤵
        
        PID:13512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8612.exe
        6⤵
        
        PID:16588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24191.exe
        6⤵
        
        PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        5⤵
        
        PID:11988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
        5⤵
        
        PID:14636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54814.exe
        5⤵
        
        PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58583.exe
      4⤵
      PID:8508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43687.exe
      4⤵
      PID:12480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2730.exe
      4⤵
      PID:15788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62419.exe
      4⤵
      PID:3964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5660.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33995.exe
        5⤵
        
        PID:1164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
        6⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42826.exe
        7⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49650.exe
        7⤵
        
        PID:15728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47090.exe
        7⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60258.exe
        6⤵
        
        PID:10124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32270.exe
        6⤵
        
        PID:13984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42782.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45188.exe
        5⤵
        
        PID:7296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
        5⤵
        
        PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4970.exe
        5⤵
        
        PID:14228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36495.exe
      4⤵
      PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42905.exe
        5⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26097.exe
        6⤵
        
        PID:9132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54586.exe
        6⤵
        
        PID:11248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4040.exe
        6⤵
        
        PID:16112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9329.exe
        5⤵
        
        PID:7668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32680.exe
        5⤵
        
        PID:13152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13543.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1249.exe
        5⤵
        
        PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55332.exe
      4⤵
      PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8966.exe
        5⤵
        
        PID:8764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18945.exe
        5⤵
        
        PID:13124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
        5⤵
        
        PID:16908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41212.exe
        5⤵
        
        PID:4308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
      4⤵
      PID:9876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56682.exe
      4⤵
      PID:13880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1106.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
      4⤵
      PID:3520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13066.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13066.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30295.exe
      4⤵
      PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
        5⤵
        
        PID:6708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        6⤵
        
        PID:8288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        6⤵
        
        PID:12924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        6⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11454.exe
        6⤵
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34300.exe
        5⤵
        
        PID:9828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47072.exe
        5⤵
        
        PID:13928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
      4⤵
      PID:7624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
      4⤵
      PID:12116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
      4⤵
      PID:15816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57922.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57922.exe
    3⤵
    PID:5160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35697.exe
      4⤵
      PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12282.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        5⤵
        
        PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30456.exe
        5⤵
        
        PID:16756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22257.exe
        5⤵
        
        PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49167.exe
        5⤵
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34905.exe
        5⤵
        
        PID:3520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1737.exe
      4⤵
      PID:8788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46408.exe
      4⤵
      PID:17136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55397.exe
      4⤵
      PID:17224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54899.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54899.exe
    3⤵
    PID:7868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51152.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51152.exe
    3⤵
    PID:10584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2149.exe
    3⤵
    PID:14628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12000.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12000.exe
    3⤵
    PID:2132
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8755.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8755.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17389.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39297.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43787.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41286.exe
        7⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37259.exe
        8⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3922.exe
        9⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41119.exe
        9⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35535.exe
        9⤵
        
        PID:16172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43145.exe
        9⤵
        
        PID:16572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40973.exe
        9⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51179.exe
        9⤵
        
        PID:17316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17004.exe
        8⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
        8⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46408.exe
        8⤵
        
        PID:17128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61401.exe
        8⤵
        
        PID:16576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
        8⤵
        
        PID:16692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45188.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36372.exe
        8⤵
        
        PID:13372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31883.exe
        8⤵
        
        PID:116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9160.exe
        8⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
        7⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4970.exe
        7⤵
        
        PID:14328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14897.exe
        6⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26237.exe
        8⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12400.exe
        8⤵
        
        PID:15828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58932.exe
        8⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57544.exe
        7⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        7⤵
        
        PID:13956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6707.exe
        6⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5946.exe
        7⤵
        
        PID:13284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24093.exe
        7⤵
        
        PID:16884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
        7⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
        7⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15281.exe
        6⤵
        
        PID:10600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28484.exe
        6⤵
        
        PID:14620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-170.exe
        6⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63968.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41286.exe
        6⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
        7⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54519.exe
        8⤵
        
        PID:15304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29578.exe
        8⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64201.exe
        8⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
        7⤵
        
        PID:14388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18249.exe
        7⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
        6⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24068.exe
        7⤵
        
        PID:16320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9992.exe
        6⤵
        
        PID:10920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25360.exe
        6⤵
        
        PID:15692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9089.exe
        5⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15276.exe
        6⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        6⤵
        
        PID:9284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        6⤵
        
        PID:14244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47889.exe
        6⤵
        
        PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63034.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3192.exe
        5⤵
        
        PID:12752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
        5⤵
        
        PID:16696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33572.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48577.exe
        6⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
        7⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43009.exe
        8⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        8⤵
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32864.exe
        8⤵
        
        PID:17256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6189.exe
        8⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46264.exe
        8⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9905.exe
        7⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
        7⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46408.exe
        7⤵
        
        PID:17120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61401.exe
        7⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
        7⤵
        
        PID:17020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
        6⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
        6⤵
        
        PID:11000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46850.exe
        6⤵
        
        PID:15808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10813.exe
        5⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
        6⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe
        7⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5297.exe
        7⤵
        
        PID:14456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43450.exe
        7⤵
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39645.exe
        6⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13604.exe
        6⤵
        
        PID:14076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64359.exe
        6⤵
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32280.exe
        5⤵
        
        PID:7428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3684.exe
        5⤵
        
        PID:12044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30314.exe
        5⤵
        
        PID:15768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35437.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29863.exe
        5⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
        6⤵
        
        PID:8364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7216.exe
        6⤵
        
        PID:12128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
        6⤵
        
        PID:15388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54814.exe
        6⤵
        
        PID:17400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
        6⤵
        
        PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61383.exe
        5⤵
        
        PID:8632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
        5⤵
        
        PID:12508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37242.exe
        5⤵
        
        PID:16420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6289.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62339.exe
        5⤵
        
        PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        5⤵
        
        PID:9496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        5⤵
        
        PID:14216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        5⤵
        
        PID:4104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38025.exe
      4⤵
      PID:7712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
      4⤵
      PID:12032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31889.exe
      4⤵
      PID:15564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34773.exe
      4⤵
      PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
      4⤵
      PID:5724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38145.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38145.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10346.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38333.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48769.exe
        6⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42905.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7622.exe
        8⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4192.exe
        9⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38867.exe
        9⤵
        
        PID:16544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34014.exe
        9⤵
        
        PID:16560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50653.exe
        9⤵
        
        PID:16624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40543.exe
        8⤵
        
        PID:11872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34081.exe
        8⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-689.exe
        8⤵
        
        PID:17052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24670.exe
        8⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        8⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54446.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22374.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46408.exe
        7⤵
        
        PID:17100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41596.exe
        6⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13050.exe
        7⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9708.exe
        7⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-195.exe
        7⤵
        
        PID:16668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34784.exe
        7⤵
        
        PID:15540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16789.exe
        7⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48036.exe
        6⤵
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
        6⤵
        
        PID:13572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19460.exe
        6⤵
        
        PID:17192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-696.exe
        6⤵
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36373.exe
        6⤵
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43485.exe
        5⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29859.exe
        6⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39693.exe
        7⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2609.exe
        7⤵
        
        PID:12904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        7⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38594.exe
        7⤵
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20979.exe
        6⤵
        
        PID:9792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47072.exe
        6⤵
        
        PID:13904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14766.exe
        5⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5894.exe
        6⤵
        
        PID:15400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
        5⤵
        
        PID:10908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45698.exe
        5⤵
        
        PID:14968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5229.exe
        5⤵
        
        PID:15848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27906.exe
        5⤵
        
        PID:7236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22551.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
        5⤵
        
        PID:1088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
        6⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65131.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52168.exe
        7⤵
        
        PID:15004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43040.exe
        7⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64162.exe
        7⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        6⤵
        
        PID:10248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
        6⤵
        
        PID:14380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16419.exe
        6⤵
        
        PID:17000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54432.exe
        6⤵
        
        PID:17024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
        5⤵
        
        PID:7616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8427.exe
        6⤵
        
        PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
        5⤵
        
        PID:12148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46850.exe
        5⤵
        
        PID:15752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8212.exe
      4⤵
      PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
        5⤵
        
        PID:6776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39693.exe
        6⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52516.exe
        7⤵
        
        PID:13060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
        7⤵
        
        PID:16704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18735.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
        6⤵
        
        PID:12844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
        6⤵
        
        PID:16612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-742.exe
        6⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30823.exe
        6⤵
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20979.exe
        5⤵
        
        PID:9960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
        5⤵
        
        PID:13852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32594.exe
        5⤵
        
        PID:16688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1420.exe
        5⤵
        
        PID:7612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44944.exe
      4⤵
      PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37913.exe
        5⤵
        
        PID:10176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe
        5⤵
        
        PID:13708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39375.exe
        5⤵
        
        PID:736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4111.exe
        5⤵
        
        PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52686.exe
      4⤵
      PID:12108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47380.exe
      4⤵
      PID:15744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10438.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10438.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19619.exe
      4⤵
      PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14534.exe
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58468.exe
        6⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3948.exe
        7⤵
        
        PID:16212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3096.exe
        7⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59698.exe
        7⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51234.exe
        6⤵
        
        PID:12636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35535.exe
        6⤵
        
        PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        5⤵
        
        PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7792.exe
        5⤵
        
        PID:12064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42962.exe
        5⤵
        
        PID:16232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56235.exe
      4⤵
      PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21882.exe
        5⤵
        
        PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54855.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10865.exe
        5⤵
        
        PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54804.exe
      4⤵
      PID:8688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60223.exe
      4⤵
      PID:12560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16199.exe
      4⤵
      PID:4528
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 492
        5⤵
        Program crash
        
        PID:15636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22144.exe
      4⤵
      PID:16832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17647.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
      4⤵
      PID:988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
        5⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48219.exe
        6⤵
        
        PID:10728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        6⤵
        
        PID:14752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        5⤵
        
        PID:9516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        5⤵
        
        PID:14232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58509.exe
      4⤵
      PID:7660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13424.exe
        5⤵
        
        PID:16640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65509.exe
        5⤵
        
        PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
      4⤵
      PID:11152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46850.exe
      4⤵
      PID:15800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6289.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6289.exe
    3⤵
    PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
      4⤵
      PID:6632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9075.exe
        5⤵
        
        PID:8792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        5⤵
        
        PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6682.exe
        5⤵
        
        PID:17196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19738.exe
        5⤵
        
        PID:17388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
      4⤵
      PID:9328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
      4⤵
      PID:12320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46408.exe
      4⤵
      PID:17152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61401.exe
      4⤵
      PID:15656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15761.exe
      4⤵
      PID:872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
    3⤵
    PID:7456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7146.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7146.exe
    3⤵
    PID:10560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7484.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7484.exe
    3⤵
    PID:14608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16446.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16446.exe
    3⤵
    PID:16636
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58011.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58011.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6262.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11690.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1514.exe
        6⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59817.exe
        7⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43153.exe
        7⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45893.exe
        7⤵
        
        PID:13920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32594.exe
        7⤵
        
        PID:16756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23217.exe
        7⤵
        
        PID:16736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45348.exe
        6⤵
        
        PID:8564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9827.exe
        6⤵
        
        PID:11336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47535.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10241.exe
        5⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        6⤵
        
        PID:7924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24269.exe
        6⤵
        
        PID:10784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25062.exe
        6⤵
        
        PID:14772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63117.exe
        5⤵
        
        PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        5⤵
        
        PID:10320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        5⤵
        
        PID:2304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2131.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44109.exe
        5⤵
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35531.exe
        6⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
        7⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        7⤵
        
        PID:11932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49184.exe
        7⤵
        
        PID:15776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16988.exe
        7⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
        6⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7792.exe
        6⤵
        
        PID:10828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42962.exe
        6⤵
        
        PID:16240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54814.exe
        6⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9635.exe
        5⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60969.exe
        6⤵
        
        PID:7344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61218.exe
        6⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31284.exe
        6⤵
        
        PID:14592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10759.exe
        6⤵
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58129.exe
        5⤵
        
        PID:7996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16061.exe
        6⤵
        
        PID:11892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26807.exe
        6⤵
        
        PID:17076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64201.exe
        6⤵
        
        PID:17020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39736.exe
        6⤵
        
        PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61659.exe
        5⤵
        
        PID:11240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38983.exe
        5⤵
        
        PID:14468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26358.exe
        5⤵
        
        PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51876.exe
      4⤵
      PID:368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
        5⤵
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39195.exe
        6⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        5⤵
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
        5⤵
        
        PID:14372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42548.exe
      4⤵
      PID:8520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35773.exe
      4⤵
      PID:10580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13254.exe
      4⤵
      PID:14576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-787.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54861.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60445.exe
        5⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15530.exe
        6⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
        6⤵
        
        PID:10704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46850.exe
        6⤵
        
        PID:15792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45348.exe
        5⤵
        
        PID:8696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28878.exe
        5⤵
        
        PID:11512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        5⤵
        
        PID:14828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6189.exe
        5⤵
        
        PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10429.exe
      4⤵
      PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        6⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2609.exe
        6⤵
        
        PID:12952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21492.exe
        6⤵
        
        PID:16984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17784.exe
        6⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
        5⤵
        
        PID:9220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16345.exe
        5⤵
        
        PID:13780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51049.exe
        5⤵
        
        PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
      4⤵
      PID:7372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38495.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41689.exe
      4⤵
      PID:15552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55927.exe
      4⤵
      PID:1444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42794.exe
      4⤵
      PID:5616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36287.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36287.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8229.exe
      4⤵
      PID:1376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58857.exe
        5⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35479.exe
        6⤵
        
        PID:8408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
        6⤵
        
        PID:12212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
        6⤵
        
        PID:14900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4477.exe
        5⤵
        
        PID:8744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54855.exe
        5⤵
        
        PID:12528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56667.exe
        5⤵
        
        PID:16432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45597.exe
        5⤵
        
        PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4111.exe
        5⤵
        
        PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23807.exe
      4⤵
      PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26097.exe
        5⤵
        
        PID:9140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36756.exe
        6⤵
        
        PID:13836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12993.exe
        6⤵
        
        PID:16656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54586.exe
        5⤵
        
        PID:11428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44881.exe
        5⤵
        
        PID:16140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44410.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31214.exe
        5⤵
        
        PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58125.exe
        5⤵
        
        PID:5528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14019.exe
      4⤵
      PID:8712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30378.exe
      4⤵
      PID:13172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37742.exe
      4⤵
      PID:17108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9313.exe
      4⤵
      PID:16920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30030.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30030.exe
    3⤵
    PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12754.exe
      4⤵
      PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8966.exe
        5⤵
        
        PID:9344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25551.exe
        5⤵
        
        PID:12408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40543.exe
        5⤵
        
        PID:17092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14477.exe
        5⤵
        
        PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
      4⤵
      PID:9236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16345.exe
      4⤵
      PID:13884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51049.exe
      4⤵
      PID:17216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27342.exe
    3⤵
    PID:7528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55618.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55618.exe
    3⤵
    PID:10636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18750.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18750.exe
    3⤵
    PID:15516
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22936.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22936.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36989.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36989.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64928.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
        5⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52007.exe
        6⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42781.exe
        7⤵
        
        PID:16976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20279.exe
        7⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11923.exe
        7⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7216.exe
        6⤵
        
        PID:12004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
        6⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49297.exe
        6⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51563.exe
        6⤵
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14399.exe
        5⤵
        
        PID:7556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23552.exe
        5⤵
        
        PID:11472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
        5⤵
        
        PID:15764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30823.exe
        5⤵
        
        PID:8012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64622.exe
      4⤵
      PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38411.exe
        5⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23985.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5951.exe
        6⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
        6⤵
        
        PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6484.exe
        5⤵
        
        PID:12080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26512.exe
        5⤵
        
        PID:16496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58633.exe
        5⤵
        
        PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37923.exe
      4⤵
      PID:7744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36458.exe
      4⤵
      PID:10280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39513.exe
      4⤵
      PID:14348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28267.exe
      4⤵
      PID:536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14383.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14383.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11581.exe
      4⤵
      PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46387.exe
        5⤵
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39693.exe
        6⤵
        
        PID:8496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25167.exe
        6⤵
        
        PID:12880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7294.exe
        6⤵
        
        PID:16628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54603.exe
        6⤵
        
        PID:696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20979.exe
        5⤵
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47072.exe
        5⤵
        
        PID:13820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51049.exe
        5⤵
        
        PID:17088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
      4⤵
      PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22833.exe
        5⤵
        
        PID:14956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10829.exe
        5⤵
        
        PID:556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64930.exe
        5⤵
        
        PID:16540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45816.exe
      4⤵
      PID:9204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7680.exe
      4⤵
      PID:13784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
      4⤵
      PID:1560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3552.exe
    3⤵
    PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56667.exe
        5⤵
        
        PID:9908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57460.exe
        5⤵
        
        PID:13632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28126.exe
        5⤵
        
        PID:15540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49167.exe
        5⤵
        
        PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
      4⤵
      PID:9860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47072.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12572.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12572.exe
    3⤵
    PID:7332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56180.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6616.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6616.exe
    3⤵
    PID:10544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13638.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13638.exe
    3⤵
    PID:15624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44747.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3989.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47892.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54171.exe
        6⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62993.exe
        7⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52744.exe
        7⤵
        
        PID:15308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59375.exe
        7⤵
        
        PID:9432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        6⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        6⤵
        
        PID:14260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47889.exe
        6⤵
        
        PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43433.exe
        5⤵
        
        PID:7860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9416.exe
        5⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
        5⤵
        
        PID:14568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58537.exe
        5⤵
        
        PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42782.exe
        5⤵
        
        PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
      4⤵
      PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27913.exe
        5⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
        6⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15219.exe
        6⤵
        
        PID:14016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40029.exe
        5⤵
        
        PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58228.exe
        5⤵
        
        PID:14180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        5⤵
        
        PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27018.exe
      4⤵
      PID:8020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37633.exe
        5⤵
        
        PID:12652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59864.exe
        5⤵
        
        PID:16848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25057.exe
        5⤵
        
        PID:17004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13143.exe
      4⤵
      PID:10816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61157.exe
      4⤵
      PID:14792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64352.exe
      4⤵
      PID:16560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17416.exe
      4⤵
      PID:16980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9697.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
      4⤵
      PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61462.exe
        5⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3372.exe
        6⤵
        
        PID:14944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        5⤵
        
        PID:9488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        5⤵
        
        PID:14284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23217.exe
        5⤵
        
        PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
        5⤵
        
        PID:16736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25343.exe
      4⤵
      PID:7688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
      4⤵
      PID:12024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46850.exe
      4⤵
      PID:15780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41132.exe
      4⤵
      PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12056.exe
      4⤵
      PID:4512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57605.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57605.exe
    3⤵
    PID:6008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
      4⤵
      PID:8572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6144.exe
      4⤵
      PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63994.exe
      4⤵
      PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25223.exe
      4⤵
      PID:4920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63034.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63034.exe
    3⤵
    PID:8144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56201.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56201.exe
    3⤵
    PID:10960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7673.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7673.exe
    3⤵
    PID:14916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22294.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22294.exe
    3⤵
    PID:16828
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26380.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26380.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
    3⤵
    - Executes dropped EXE
    PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
      4⤵
      PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
        5⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20721.exe
        6⤵
        
        PID:12812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53258.exe
        6⤵
        
        PID:17336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25846.exe
        6⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39736.exe
        6⤵
        
        PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        5⤵
        
        PID:9528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14180.exe
        5⤵
        
        PID:14320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46519.exe
        5⤵
        
        PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61335.exe
        5⤵
        
        PID:16788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29755.exe
      4⤵
      PID:11992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9977.exe
      4⤵
      PID:16512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40573.exe
      4⤵
      PID:2252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11197.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11197.exe
    3⤵
    PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46387.exe
      4⤵
      PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        5⤵
        
        PID:10848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        5⤵
        
        PID:14812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61017.exe
        5⤵
        
        PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40266.exe
        5⤵
        
        PID:3116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9303.exe
      4⤵
      PID:9600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58228.exe
      4⤵
      PID:14172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21363.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21363.exe
    3⤵
    PID:8600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48406.exe
      4⤵
      PID:14048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40057.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40057.exe
    3⤵
    PID:11432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
    3⤵
    PID:14536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
    3⤵
    PID:4456
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53835.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53835.exe
  2⤵
  PID:2104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28925.exe
    3⤵
    PID:5940
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 464
      4⤵
      Program crash
      PID:6912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14399.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14399.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14809.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14809.exe
    3⤵
    PID:12576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14992.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14992.exe
    3⤵
    PID:1064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
    3⤵
    PID:5764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42518.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42518.exe
    3⤵
    PID:5652
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19414.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19414.exe
  2⤵
  PID:4020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45977.exe
    3⤵
    PID:7400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42058.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42058.exe
    3⤵
    PID:10340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41783.exe
    3⤵
    PID:13952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30823.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30823.exe
    3⤵
    PID:532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24079.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24079.exe
  2⤵
  PID:8300
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48393.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48393.exe
  2⤵
  PID:12088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49962.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49962.exe
  2⤵
  PID:16104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5376 -ip 5376
1⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5932 -ip 5932
1⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5940 -ip 5940
1⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 16908 -ip 16908
1⤵
PID:3308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10346.exe

Filesize
468KB

MD5
a7efd6df2b477d5d79a463b501c1ff28

SHA1
d947ad857b608aa71648ca39988b85ca8d277672

SHA256
f203ea5aec7ace2bc689996bd348eb02abf1a4b11b0f36f0234af5c9449fcef9

SHA512
7a923079f051106d524ac3e4155c0619fee6c65bd1934cb8d228499e989edf14fad0a9b418d7dc400129d2ccb0e7a9cbc3ef3e211e333e4b351261aa9d28968b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10438.exe

Filesize
468KB

MD5
83e32621ecf3a4dc003c5587459c69ac

SHA1
19845547853c2790f7bcc7a62e4bb9c40496f50e

SHA256
536c5c96f8bafb2f86e633ba77fbaf1f4abb0958e631686191de1e11819be291

SHA512
0da5acb338670d87e54562059e39e87635cd0236b45ddb5321ececf0820bf8d727e7b4d06311002c9b49637c9ba7935f854996c2607c123f6b8d82b1e5a03255

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe

Filesize
468KB

MD5
8ed2a2606e57c1d00585c9cf1a27438d

SHA1
bc54ab766611ec805c4214355ecda3180aee2e98

SHA256
ade71f8e0d0d1a45b2dea4cdeab7a3d9ca26863954bbe689ed0230804133ab43

SHA512
0012667a7ad7bc64f7dba720f42b7beb6a2bf26609d3567c7da5375424ea74f10e5aca30d270e5101c8817d0419106e5391bb87135e8b5bdab0938cdb64e2098

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17070.exe

Filesize
468KB

MD5
506994f3a3c13e6981eea6db296fb810

SHA1
dddbd42111af3ae434c3bcc45d783607ccfb0829

SHA256
f7a15b32eb21a7c5f09dc2c9735adce979b4d8717f38f2cb714f5001ec7bfdd8

SHA512
c31a4db575006f7f98a5080851f5d7dad04e74bcecd97d50d7dad6ac70766359b7b60c018ef2b560e0d600d1129d0085e60e36e370f204d4602e4c2bc635917b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17389.exe

Filesize
468KB

MD5
caea53de2b13bb85246a50176ed695b0

SHA1
80c068d40b7019b7d87650bbc4f01f1f7be73f1c

SHA256
75e984d51635b461797f6b9e12d9415c6b66659763cc666bdb8367a0e845a20c

SHA512
d77d8b5eaf080380806f1ef317af9bf4ce0fdc724137530888df88572acb59d8a59ffa51c94982dc53bc3cb57fc961bec35e5aa1fdbfcfea452f7117b9398635

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19726.exe

Filesize
468KB

MD5
554eb4970ad10a84b203f1fe30dcba52

SHA1
a587a1078e4fe484b179e4854b58ff4eefbca432

SHA256
897c54a3e10d7b68669210ddefcb0bc49228a602c67011854ad3043b6ea862ba

SHA512
59f0745b1ade03ac6bc61048904af2c1aa1289d16548a13bd3955b27886404a8246c365a00f37bddca58ded36777e2e813a027fdd6d25c457007cba4833d7752

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2266.exe

Filesize
468KB

MD5
4a5f64a5113153ac534a4573c6124838

SHA1
cfdf50e9b1045f4b58e80d517a4df158486816f0

SHA256
17e6f49618c497330f26b6bbe26b9d5cd3605e5bf750083ec4907bbe48492003

SHA512
c9574dd99e7847bc9bb45a48c0132b9c32ffe6954f3eefb70c66fe4d8006b68c0075bd8fe9f1e036a682d469edade662e16a6d93d9091ca754be2e39020751d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22791.exe

Filesize
468KB

MD5
e82a891cda9c503e5e6f141a104df235

SHA1
2b206f1879f70890cc58bb84f8b6dbada3de1323

SHA256
9585321aaebd17cae17ee6b0bf74db9873cc52298533368df52c40f2591b7b68

SHA512
ea42763899fa917b1cbf946b6d571f3bc2f8b21c1c0f6d3777de3e52dd4d50b9f22af5c500c2d272087066fc626075e19904b293c39485f50fe0517d0379e4f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22936.exe

Filesize
468KB

MD5
88acded50eb84b2759e3fdd972973c18

SHA1
dc04095f66822e422acdda46a18ae1fa1743ea01

SHA256
b6446aad05ed37a7f9820cdc7774abc81cba63cc3146d1b19c378444b2f82cd0

SHA512
613d709dd7e1a633a7be4a7531832a286ddae0d1269a90f36962c84947548ec14e959bfab98c374a9d512fbb869ff6ccd20cd6489fff2b5eb8cfae73c8ef08de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe

Filesize
468KB

MD5
f21ef8d6a46e9affdf2f4bd193ccaa43

SHA1
fca806cd3807cb80365c13622e75a1e15f84bd1f

SHA256
89928cb2cd80036185439f3bfff99040a98c367f45de5ba2522a43d367c9be04

SHA512
282588fcdeccf129f22a0945632971a053f6b1e2d302c12ee265e0ca1ece2cc4807872dad7398d6a0474d398318b6fa71d725cc46dc1b3a12b607071c7a5a275

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29607.exe

Filesize
468KB

MD5
2737591c63e68b607c0266a5fe5d03a7

SHA1
ae1f65114208a21508b14652338619cea2dcb096

SHA256
95886088abdf3d387cb4601a9fd9b3769e00653fc1b49aa4d1d5f875f01d7be6

SHA512
e8bb16bf1b4f81f8aca7eb6b20fb42b76c5b8a7ec20a0bd47fe44811c3f945420097e77ff210bf9f2855b849db70ee7dc19bd08e93aab6f103aa429e0db8cb4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32905.exe

Filesize
468KB

MD5
7ca82eb247debd9554d756b53bbc294a

SHA1
ab96dad091f1f5f3f3beb2371e0da3f411cd19bb

SHA256
3cb50371620fd314d28404e59a077b590c80211d287433ac4c6f4dee2dfb9eae

SHA512
79fa4ad5985834578a8688fd4e1df20d3d5018653d1def15e5c19458ee1f155f95727d0bf98542e24a78a91c8c02699b2ce82b778e4e571a37d4b6f362970999

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33572.exe

Filesize
468KB

MD5
8010661e9e87e809971154c7cc901300

SHA1
d6a6ee8d584e9278f258407b858bbec5243c6c9b

SHA256
3a653fe8c73e0527c7498c92fd7803f950df172807250c9a2832b5189d42d117

SHA512
cf8637a38c3bf46effa1e8ced9b69f2e6bee019a093065f54536bdbb8534de2c67f695582beb0ee08a97328c8095a90d330479d5bced54bbc26b93ee235bdb59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34057.exe

Filesize
468KB

MD5
cb375cb5d04a3ab942831db381d00106

SHA1
40049b8cb62b09f7adc551e8e7c3384268254670

SHA256
baf9a361319db67078ddbf44d0ca21840676a43a1e5d8cf9364459152bf81415

SHA512
4613b6a77d306a737d9a7751cab64014beebedb021bfa0e0e9ed07957df8beb07d3890ecffecfd32f30459dc565a88957d029be228b3fe34b7f50aac2ee07f23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36989.exe

Filesize
468KB

MD5
55407775389ca15a4cab7a8d2582cfd0

SHA1
15eee121418f9b7de9b63f7546ae8a9ecd5cdcdd

SHA256
070b237be5a3d0dea8208fc152de2dc55c83d3d0f4cd1263861bf9a3279f0880

SHA512
e3e2a27de603efe1727809c6ecc900d98025943148d7d19524bcbeb5d8932d1978bfd832ba0ed4ec74f17eb43f0693da1ed65ff001d29bc43b95cdd3de2fa8d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38145.exe

Filesize
468KB

MD5
455f7276d6dd00b6190209b710a16668

SHA1
43518ebb5d5f387ab8eda8c6788e9a418ea72d84

SHA256
3a01936d2bb68bd0127fe17539268a7cdb14912ea13e2658ab1f5ce5e9666ae8

SHA512
b53fa7012345761ab5f291cfc7716d41b16d734c7457c2bcdb20df247c87713a5453fcc6f2bfaff9dedc978fd73c782159b5914b258c103207dce32515161bd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39297.exe

Filesize
468KB

MD5
850bd4f5419b7859bad6164629737ec2

SHA1
ab0559d5e9ad52cd0a7c854d92fc7f843ba97134

SHA256
56ca32869a76a0be191d4ee5056bbd1342d63cdd44c20588ef73d99eb2bc7472

SHA512
d37fd6e0f1ab20e94fecb0b9460e1e8bdf4bcab5ee29dc6af34c6b658e3b591ddc967c7c9c8d56eca8bb9829d5d7ecba152a83f9c9ff87f8781e35bfbaed7680

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39645.exe

Filesize
468KB

MD5
46160a11fc9f65522f5cfc7aa3686265

SHA1
25ce6667f785e893c7e1bd5ef95d420ac14bd588

SHA256
6df8206be81629b3da4f333811c7f082ea2fd29b639bbdca70e87971819000d8

SHA512
dcd9ffbd2ac9d9b996d298ce183ea482a3cb8c5e267d6247925c292a53cd6261fe36134ed7c5ea472184710751c02182a74a901d3645f1d47811dfdb2e60631e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40833.exe

Filesize
468KB

MD5
b329e1ef47c3933963022f1afd91302e

SHA1
34e85ede2d2e15b852b9f2590e85984c53a22dc4

SHA256
8493aa6f12b4191a38534c269aace5528264dae6669b04227083f63aa3205021

SHA512
29fa173c574c87eb7ccb661eea043d1e26aa4f2e4927c71e5e86905d92eec166b847dcbda0e5946cc2118b95a6a09d59aee0c7a8dc4b926c94aa4209cdf6775e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43787.exe

Filesize
468KB

MD5
e0072ecf5e669832f067fc9210300abc

SHA1
7af2b798091011e05e163f2603174faa4bfc87c7

SHA256
2d501f071d52de429cc095a9f08bd95fe8eb1edff6ada32cd7aa503eabfaca65

SHA512
71df58a7927a3a7035d99fa54f6045df28f72e34c876d152162c1ca3bdf564224b77defb89b0bde3126b8970b2b4ae25d46b5bdc5a44ecfe3105b69a39207153

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48670.exe

Filesize
468KB

MD5
9b09f869048b2bdf90283663e70e0beb

SHA1
1a330cd592d65e11bcbcb6277c61d6f72acc9d5e

SHA256
74c11e4b499517f873cfa204a14e28980a11098ccaa991e6f244c5e3080ff62c

SHA512
8b7054b8fc2d44201ed8ee9c064caddb5ef6f94e75bbac9cfb65031a70adda969029337e7c6be6891148b4c948857d7791649c0eb4930d462133c04a0d446f13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48774.exe

Filesize
468KB

MD5
b77d83413023258c6c515db1083c3ee5

SHA1
c9fad892fd0bd9402d1be1d98aecb46171eafd46

SHA256
bc4722a0478516cfbf2414378e9d135d3df342385079933ecfdcea334d31c279

SHA512
6dcc157d2f00a7e06e210b89fd981eb207d612f24c0bd17afdee715ae7fcaa294d88470efc8025637c80c10027cba885da3a67a0c89f3b15717a667fcd2466e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49041.exe

Filesize
468KB

MD5
f65780f12f2af36763dd2b0750a55e81

SHA1
171e964ed2a95d098915122a643deec0b8b96479

SHA256
f916fc5375328703dc8e43f43e358f60d6e32d606c77a7a45728b8a3f58fe123

SHA512
938a181668b96c1690fc765ad260576b8a28afea63adfdc27ee8f39fb85a9c128ebd8fe13fd3e95bfb591c10b995d9bfeac6375a00f93d8545d3f5094e52b8d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58011.exe

Filesize
468KB

MD5
fcc94cdabcfb19c67acd8d59aac224a0

SHA1
7b1c7ea0bc589b24a55bfe3dea0fc521315afd59

SHA256
f4786da34c6e0f35eff601b3ecbf99ad50bb24128330d2d9615a40b115b55b4c

SHA512
dc5d75396f191b3161bf9639ebf88ea6ce31f4d9acfeba81ad49bd6d09f4ca71967d930b3f4a1fd078a7113f441a18dfb459cc09efc6abd6ddd2997c7321fae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61585.exe

Filesize
468KB

MD5
990379ff0efbe3e021ec95530cfe94b3

SHA1
2384ea70a3dee38a9a0490335daac7262f249450

SHA256
c802f89672addb4fbcf699f3888be31b30a35f12659d93aefc1ab99a28d81033

SHA512
c1edbf9c0da77350c1f8f7ce8a7ccb73e07634a12d105817a24c0e683845ca3fe9d1c8b65ac2173c5ce0f5bdb4fd36cbab022564aedb2d7dbfc1cde06001044d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62240.exe

Filesize
468KB

MD5
445f2349fdd23264ad79c0eecf2836df

SHA1
6cccaaba8eebe63ad3a91b7656dbab82bc6daade

SHA256
10a10d805b6b08a85bb6ba2a75e559ad8f588756edaf353ba83402efb0063b6e

SHA512
203fdad394edfbbd95d757e9728760f477c3cf33176520636fabcb6bc03395240f7b6e8d544974267574017778841610f9abc123403a7aa5f62d0cb01c164988

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6262.exe

Filesize
468KB

MD5
d44a83b6aa657b23c8b6c2dc31601a4c

SHA1
1a5fc976c7a85f1e0a237f518e0f9e9c972345cf

SHA256
a81274a79eda7161c063ca484ae387ca94d999e148b96388b681dc58a5e80057

SHA512
f87d3c36f805f6f5d919832c0b2e8be10468774a4324db38468541119284654d907bd7e6257f2d785f2446a8ef453da2f1de055a21281a825530fb1d2649b4f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe

Filesize
468KB

MD5
dc962e31d0619e1c82544c4aaea9c096

SHA1
43059aaf1333ee90a3cc913ad1b7a8c306d73537

SHA256
3354964e8687b29c51a8526776ce98a5669901a6caf6fd50ed41b1b438253c56

SHA512
08aa972c0854ebd630ae4dc4eaead09284a182856bba7bf29a9b18c347a517a202caafeadaf4708157ea2db897d397bb5422ca21ecb0aa036335565832acd555

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7082.exe

Filesize
468KB

MD5
55350273087fbd2c3293ccb4c1b5125f

SHA1
20139fcfc04b7b8c9ebe695ce6dba1021c51348f

SHA256
6c595992844332cb6983aa3b827ae1c2b33201fe15fe8425c197fd716230745b

SHA512
d21cfc13a20dbadf2cabe2d354b72e27147be141fbd0c27b50c9725a1e069528adf6081ac759c6bd090001be3e568a935e9f63d3bc77be9616a96961b275aae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe

Filesize
468KB

MD5
f0b844bd7e7986617eb9705d0be6e327

SHA1
522b023d42b000f19acba6bae2f572ce1135cf20

SHA256
bd2d880802ff7943674e2a5a23f162f6b5ad5d4ba37b9a0fd8a1eac27f0ff599

SHA512
e68297266f57449ac45f157230a30920dc0d47ee9d777f218ab445dd0f26af043afab36b8b277c25a0bf3527069aa27ca0f239457a494d5b1847c43dfb9d7c01

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-787.exe

Filesize
468KB

MD5
fe95eaa18d6f263d4602529daffbd8c7

SHA1
9ffead774b1868b728354c14befe301cf9fd846b

SHA256
f3bb798187228919bd60f0f3278481a8991b95aa7def65e923d4ac48d4b4811f

SHA512
3eb4efd92188abe6eb25e120007caed182dfe20be147ee3825ca5e831bf419132123c1691a319dceadded1912b2a24ac44775d37fcc3321f5f8b2e4507c55f90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8062.exe

Filesize
468KB

MD5
387a67cf2e66c3fe30eb40649c2daf2d

SHA1
8e0e0e4a838f86378b5dc52a94fd334a8551215c

SHA256
26707a19289d8f52ff6d7d0d353aff66d0eaa62d7b6ad8552e7219847d0e9649

SHA512
c9796a59786f800967ac0722d5ed366a87565869e4ffed6aae24fe0fe69f2e300f3836120e992f7004eac25e29cb25186730027aa2891d1cb027ee6cfb168179

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8400.exe

Filesize
468KB

MD5
54822534527e9289bdcac08dc79f2deb

SHA1
aa19998200e09c78669c87f855686dabf1865f2c

SHA256
cf93b9be886809113181911a80e2b95422afc7c35d3582cf91c0096503119f9a

SHA512
ab100aaf58529b8aab5669e8b06926b16bc7f0335ce98de02953032e2c3d53b68c865cd6a3c72048be92436e06c0505bc25282441cd85fbc57d97a650681d4fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8755.exe

Filesize
468KB

MD5
80f38bb67031a0a73510a61d3270598b

SHA1
2aa768ae13fb5dd2d3fc09047fbc87986f8487d0

SHA256
63e7b1e2fcb1e4cc5c354c9f96ce860e1b45431e543248caf0783720ff90225f

SHA512
b9fb94741454a09bc68afcdbeb3cd8950283f903841917ec66ddf138552ae4da0048872ce845203c56019c6fde06d657a2ade300908a3fca37163c41aaa4393a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads