a37357084584c8c2fff21080d7f193245726123ba21761bd78dd42dd488735a5

Analysis

max time kernel
150s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/10/2024, 00:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a37357084584c8c2fff21080d7f193245726123ba21761bd78dd42dd488735a5.exe
Size

468KB
MD5

b12ea0f75e2988b2026faf3ee9baba83
SHA1

f739e9d0ba3b8e77aafe3154fff0f15dd981336d
SHA256

a37357084584c8c2fff21080d7f193245726123ba21761bd78dd42dd488735a5
SHA512

a69ff21e88720d94bac9803af8b38cc8c258ca282fbd721a49d1e28bcd103dc3ed47d03aa506ddb1f81771a661735b7b0f70fe84eadd6fa52e0c604e9955e83b
SSDEEP

3072:yu0VogkEIY5AtbYozfjTff8wEChiw6pw/EHCYVgQ7XQLIAtuJwlH:yueotYAtjzrTffTyUa7Xa1tuJ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3468	Unicorn-27439.exe
2432	Unicorn-15663.exe
4868	Unicorn-11282.exe
4444	Unicorn-13953.exe
4132	Unicorn-60310.exe
4196	Unicorn-30124.exe
2428	Unicorn-53267.exe
1884	Unicorn-3905.exe
180	Unicorn-13945.exe
448	Unicorn-20076.exe
2796	Unicorn-20076.exe
4356	Unicorn-20076.exe
4848	Unicorn-47958.exe
2880	Unicorn-65171.exe
1652	Unicorn-19234.exe
3712	Unicorn-49410.exe
1036	Unicorn-45715.exe
4924	Unicorn-48450.exe
2860	Unicorn-48450.exe
4528	Unicorn-18409.exe
2904	Unicorn-22752.exe
2944	Unicorn-16886.exe
3620	Unicorn-23017.exe
4508	Unicorn-3151.exe
1964	Unicorn-46352.exe
2648	Unicorn-52482.exe
4608	Unicorn-52482.exe
3092	Unicorn-3115.exe
2856	Unicorn-48787.exe
3040	Unicorn-12550.exe
2324	Unicorn-41296.exe
5020	Unicorn-39746.exe
4408	Unicorn-40082.exe
4956	Unicorn-18309.exe
468	Unicorn-46714.exe
2868	Unicorn-34562.exe
2252	Unicorn-34562.exe
1948	Unicorn-9092.exe
4316	Unicorn-25922.exe
3588	Unicorn-61152.exe
4396	Unicorn-41551.exe
4152	Unicorn-61417.exe
3632	Unicorn-12164.exe
3108	Unicorn-30530.exe
2644	Unicorn-30530.exe
232	Unicorn-30530.exe
2196	Unicorn-30530.exe
3920	Unicorn-31407.exe
2852	Unicorn-28911.exe
840	Unicorn-9045.exe
2268	Unicorn-26258.exe
4552	Unicorn-37193.exe
2492	Unicorn-9128.exe
1876	Unicorn-38755.exe
3992	Unicorn-62355.exe
1852	Unicorn-43019.exe
1604	Unicorn-48620.exe
2896	Unicorn-2881.exe
1084	Unicorn-1957.exe
1840	Unicorn-23660.exe
548	Unicorn-3218.exe
1752	Unicorn-4417.exe
4516	Unicorn-33782.exe
2956	Unicorn-32002.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
6608	3672	WerFault.exe	169
6944	864	WerFault.exe	170
7912	2852	WerFault.exe	138

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8893.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2817.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33276.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2636.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-494.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4996.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10419.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31696.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56556.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32619.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14006.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18417.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24108.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49410.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49641.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20306.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6097.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27439.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6771.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45158.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57571.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13491.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21849.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51357.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26671.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-124.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2163.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11132.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7756.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57571.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53807.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29686.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19193.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24459.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41296.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8469.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4882.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
18080	svchost.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	17600	dwm.exe
Token: SeChangeNotifyPrivilege	17600	dwm.exe
Token: 33	17600	dwm.exe
Token: SeIncBasePriorityPrivilege	17600	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2788	a37357084584c8c2fff21080d7f193245726123ba21761bd78dd42dd488735a5.exe
3468	Unicorn-27439.exe
2432	Unicorn-15663.exe
4868	Unicorn-11282.exe
4444	Unicorn-13953.exe
4132	Unicorn-60310.exe
4196	Unicorn-30124.exe
2428	Unicorn-53267.exe
1884	Unicorn-3905.exe
2796	Unicorn-20076.exe
2880	Unicorn-65171.exe
180	Unicorn-13945.exe
4848	Unicorn-47958.exe
448	Unicorn-20076.exe
1652	Unicorn-19234.exe
4356	Unicorn-20076.exe
3712	Unicorn-49410.exe
1036	Unicorn-45715.exe
4924	Unicorn-48450.exe
2860	Unicorn-48450.exe
2856	Unicorn-48787.exe
3092	Unicorn-3115.exe
2648	Unicorn-52482.exe
4528	Unicorn-18409.exe
4508	Unicorn-3151.exe
2904	Unicorn-22752.exe
3620	Unicorn-23017.exe
1964	Unicorn-46352.exe
2944	Unicorn-16886.exe
4608	Unicorn-52482.exe
3040	Unicorn-12550.exe
2324	Unicorn-41296.exe
5020	Unicorn-39746.exe
4408	Unicorn-40082.exe
4956	Unicorn-18309.exe
468	Unicorn-46714.exe
2868	Unicorn-34562.exe
2252	Unicorn-34562.exe
1948	Unicorn-9092.exe
3588	Unicorn-61152.exe
4152	Unicorn-61417.exe
4396	Unicorn-41551.exe
4316	Unicorn-25922.exe
3632	Unicorn-12164.exe
3108	Unicorn-30530.exe
3920	Unicorn-31407.exe
840	Unicorn-9045.exe
2644	Unicorn-30530.exe
2852	Unicorn-28911.exe
232	Unicorn-30530.exe
2196	Unicorn-30530.exe
4552	Unicorn-37193.exe
2268	Unicorn-26258.exe
1604	Unicorn-48620.exe
2492	Unicorn-9128.exe
1876	Unicorn-38755.exe
1852	Unicorn-43019.exe
3992	Unicorn-62355.exe
2896	Unicorn-2881.exe
548	Unicorn-3218.exe
1840	Unicorn-23660.exe
1752	Unicorn-4417.exe
4516	Unicorn-33782.exe
1084	Unicorn-1957.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 3468	2788	a37357084584c8c2fff21080d7f193245726123ba21761bd78dd42dd488735a5.exe	82
PID 2788 wrote to memory of 3468	2788	a37357084584c8c2fff21080d7f193245726123ba21761bd78dd42dd488735a5.exe	82
PID 2788 wrote to memory of 3468	2788	a37357084584c8c2fff21080d7f193245726123ba21761bd78dd42dd488735a5.exe	82
PID 3468 wrote to memory of 2432	3468	Unicorn-27439.exe	83
PID 3468 wrote to memory of 2432	3468	Unicorn-27439.exe	83
PID 3468 wrote to memory of 2432	3468	Unicorn-27439.exe	83
PID 2788 wrote to memory of 4868	2788	a37357084584c8c2fff21080d7f193245726123ba21761bd78dd42dd488735a5.exe	84
PID 2788 wrote to memory of 4868	2788	a37357084584c8c2fff21080d7f193245726123ba21761bd78dd42dd488735a5.exe	84
PID 2788 wrote to memory of 4868	2788	a37357084584c8c2fff21080d7f193245726123ba21761bd78dd42dd488735a5.exe	84
PID 2432 wrote to memory of 4444	2432	Unicorn-15663.exe	85
PID 2432 wrote to memory of 4444	2432	Unicorn-15663.exe	85
PID 2432 wrote to memory of 4444	2432	Unicorn-15663.exe	85
PID 3468 wrote to memory of 4132	3468	Unicorn-27439.exe	86
PID 3468 wrote to memory of 4132	3468	Unicorn-27439.exe	86
PID 3468 wrote to memory of 4132	3468	Unicorn-27439.exe	86
PID 4868 wrote to memory of 4196	4868	Unicorn-11282.exe	87
PID 4868 wrote to memory of 4196	4868	Unicorn-11282.exe	87
PID 4868 wrote to memory of 4196	4868	Unicorn-11282.exe	87
PID 2788 wrote to memory of 2428	2788	a37357084584c8c2fff21080d7f193245726123ba21761bd78dd42dd488735a5.exe	88
PID 2788 wrote to memory of 2428	2788	a37357084584c8c2fff21080d7f193245726123ba21761bd78dd42dd488735a5.exe	88
PID 2788 wrote to memory of 2428	2788	a37357084584c8c2fff21080d7f193245726123ba21761bd78dd42dd488735a5.exe	88
PID 4132 wrote to memory of 1884	4132	Unicorn-60310.exe	93
PID 4132 wrote to memory of 1884	4132	Unicorn-60310.exe	93
PID 4132 wrote to memory of 1884	4132	Unicorn-60310.exe	93
PID 3468 wrote to memory of 180	3468	Unicorn-27439.exe	94
PID 3468 wrote to memory of 180	3468	Unicorn-27439.exe	94
PID 3468 wrote to memory of 180	3468	Unicorn-27439.exe	94
PID 2428 wrote to memory of 2796	2428	Unicorn-53267.exe	96
PID 2428 wrote to memory of 2796	2428	Unicorn-53267.exe	96
PID 2428 wrote to memory of 2796	2428	Unicorn-53267.exe	96
PID 4196 wrote to memory of 448	4196	Unicorn-30124.exe	95
PID 4196 wrote to memory of 448	4196	Unicorn-30124.exe	95
PID 4196 wrote to memory of 448	4196	Unicorn-30124.exe	95
PID 4444 wrote to memory of 4356	4444	Unicorn-13953.exe	97
PID 4444 wrote to memory of 4356	4444	Unicorn-13953.exe	97
PID 4444 wrote to memory of 4356	4444	Unicorn-13953.exe	97
PID 4868 wrote to memory of 4848	4868	Unicorn-11282.exe	98
PID 4868 wrote to memory of 4848	4868	Unicorn-11282.exe	98
PID 4868 wrote to memory of 4848	4868	Unicorn-11282.exe	98
PID 2432 wrote to memory of 2880	2432	Unicorn-15663.exe	99
PID 2432 wrote to memory of 2880	2432	Unicorn-15663.exe	99
PID 2432 wrote to memory of 2880	2432	Unicorn-15663.exe	99
PID 2788 wrote to memory of 1652	2788	a37357084584c8c2fff21080d7f193245726123ba21761bd78dd42dd488735a5.exe	100
PID 2788 wrote to memory of 1652	2788	a37357084584c8c2fff21080d7f193245726123ba21761bd78dd42dd488735a5.exe	100
PID 2788 wrote to memory of 1652	2788	a37357084584c8c2fff21080d7f193245726123ba21761bd78dd42dd488735a5.exe	100
PID 2796 wrote to memory of 3712	2796	Unicorn-20076.exe	102
PID 2796 wrote to memory of 3712	2796	Unicorn-20076.exe	102
PID 2796 wrote to memory of 3712	2796	Unicorn-20076.exe	102
PID 2428 wrote to memory of 1036	2428	Unicorn-53267.exe	103
PID 2428 wrote to memory of 1036	2428	Unicorn-53267.exe	103
PID 2428 wrote to memory of 1036	2428	Unicorn-53267.exe	103
PID 180 wrote to memory of 4924	180	Unicorn-13945.exe	104
PID 180 wrote to memory of 4924	180	Unicorn-13945.exe	104
PID 180 wrote to memory of 4924	180	Unicorn-13945.exe	104
PID 2880 wrote to memory of 2860	2880	Unicorn-65171.exe	105
PID 2880 wrote to memory of 2860	2880	Unicorn-65171.exe	105
PID 2880 wrote to memory of 2860	2880	Unicorn-65171.exe	105
PID 1884 wrote to memory of 4528	1884	Unicorn-3905.exe	106
PID 1884 wrote to memory of 4528	1884	Unicorn-3905.exe	106
PID 1884 wrote to memory of 4528	1884	Unicorn-3905.exe	106
PID 3468 wrote to memory of 2904	3468	Unicorn-27439.exe	107
PID 3468 wrote to memory of 2904	3468	Unicorn-27439.exe	107
PID 3468 wrote to memory of 2904	3468	Unicorn-27439.exe	107
PID 4868 wrote to memory of 2944	4868	Unicorn-11282.exe	108

C:\Users\Admin\AppData\Local\Temp\a37357084584c8c2fff21080d7f193245726123ba21761bd78dd42dd488735a5.exe
"C:\Users\Admin\AppData\Local\Temp\a37357084584c8c2fff21080d7f193245726123ba21761bd78dd42dd488735a5.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27439.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27439.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15663.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15663.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13953.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20076.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52482.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37455.exe
        7⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        8⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32303.exe
        9⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34639.exe
        9⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        9⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21849.exe
        9⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40460.exe
        8⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47958.exe
        8⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        8⤵
        
        PID:16276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30774.exe
        8⤵
        
        PID:12432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
        7⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23087.exe
        8⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44694.exe
        9⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        8⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        8⤵
        
        PID:13892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe
        8⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39932.exe
        7⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43046.exe
        7⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6097.exe
        7⤵
        
        PID:16296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8893.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26258.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63746.exe
        7⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        8⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29836.exe
        9⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9557.exe
        9⤵
        
        PID:12932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33632.exe
        9⤵
        
        PID:17128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53807.exe
        9⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21263.exe
        8⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50589.exe
        8⤵
        
        PID:13404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42235.exe
        8⤵
        
        PID:16348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57702.exe
        8⤵
        
        PID:17816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10453.exe
        7⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56715.exe
        8⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
        8⤵
        
        PID:13856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55071.exe
        8⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27830.exe
        7⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21279.exe
        7⤵
        
        PID:13716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        7⤵
        
        PID:18152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52048.exe
        6⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56556.exe
        7⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10113.exe
        8⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4593.exe
        8⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13491.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39831.exe
        8⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24140.exe
        7⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39702.exe
        7⤵
        
        PID:12560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19621.exe
        7⤵
        
        PID:17336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51997.exe
        7⤵
        
        PID:9796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42979.exe
        6⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13416.exe
        7⤵
        
        PID:15020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39740.exe
        7⤵
        
        PID:12468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
        6⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32370.exe
        6⤵
        
        PID:15524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57985.exe
        6⤵
        
        PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48787.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30530.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2817.exe
        7⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57580.exe
        8⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
        9⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65021.exe
        9⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12188.exe
        9⤵
        
        PID:15052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53807.exe
        9⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32819.exe
        8⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47968.exe
        8⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19621.exe
        8⤵
        
        PID:17284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
        8⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9643.exe
        7⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8872.exe
        8⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        8⤵
        
        PID:14604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16789.exe
        8⤵
        
        PID:15664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33276.exe
        7⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65.exe
        7⤵
        
        PID:13768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45307.exe
        7⤵
        
        PID:17488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62186.exe
        7⤵
        
        PID:18068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37651.exe
        6⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34025.exe
        7⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40533.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18425.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15189.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58653.exe
        6⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
        7⤵
        
        PID:7328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
        6⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        6⤵
        
        PID:16824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53377.exe
        6⤵
        
        PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        5⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
        6⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
        7⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48311.exe
        7⤵
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62429.exe
        7⤵
        
        PID:16008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13184.exe
        7⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33356.exe
        6⤵
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51383.exe
        6⤵
        
        PID:12080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        6⤵
        
        PID:16172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57455.exe
        6⤵
        
        PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36386.exe
        5⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
        6⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
        7⤵
        
        PID:17820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5171.exe
        6⤵
        
        PID:12308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        6⤵
        
        PID:16284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42743.exe
        6⤵
        
        PID:16744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38053.exe
        6⤵
        
        PID:8508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43765.exe
        5⤵
        
        PID:8676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45688.exe
        5⤵
        
        PID:11308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1632.exe
        5⤵
        
        PID:16200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49495.exe
        5⤵
        
        PID:17500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65171.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26351.exe
        7⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11310.exe
        8⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27308.exe
        9⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        10⤵
        
        PID:16516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
        10⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
        9⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        9⤵
        
        PID:13864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35923.exe
        9⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50326.exe
        8⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        8⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38978.exe
        8⤵
        
        PID:15096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18169.exe
        8⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34667.exe
        7⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35564.exe
        8⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18083.exe
        9⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19522.exe
        9⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        8⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        8⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35923.exe
        8⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25337.exe
        7⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
        7⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
        7⤵
        
        PID:16776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32524.exe
        7⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        6⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48514.exe
        7⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64422.exe
        8⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53965.exe
        8⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        8⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21273.exe
        8⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5458.exe
        7⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52919.exe
        7⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36192.exe
        7⤵
        
        PID:15092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9596.exe
        7⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38288.exe
        6⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-494.exe
        7⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4751.exe
        7⤵
        
        PID:13944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49872.exe
        7⤵
        
        PID:17656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
        7⤵
        
        PID:12536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39142.exe
        6⤵
        
        PID:9756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62505.exe
        6⤵
        
        PID:13136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48532.exe
        6⤵
        
        PID:16696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
        6⤵
        
        PID:1176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51191.exe
        5⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
        6⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9701.exe
        7⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1807.exe
        7⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3702.exe
        7⤵
        
        PID:14204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45239.exe
        7⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51926.exe
        6⤵
        
        PID:7636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1587.exe
        6⤵
        
        PID:11276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        6⤵
        
        PID:15364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31165.exe
        6⤵
        
        PID:1116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51357.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50437.exe
        6⤵
        
        PID:7784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        6⤵
        
        PID:10288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        6⤵
        
        PID:13572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39831.exe
        6⤵
        
        PID:18420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37410.exe
        5⤵
        
        PID:9004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57531.exe
        5⤵
        
        PID:13024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64158.exe
        5⤵
        
        PID:17220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43732.exe
        5⤵
        
        PID:18320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46352.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9092.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        6⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
        7⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61926.exe
        8⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58774.exe
        8⤵
        
        PID:15684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30739.exe
        8⤵
        
        PID:17056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49366.exe
        7⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47958.exe
        7⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        7⤵
        
        PID:16236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45239.exe
        7⤵
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7756.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
        7⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17122.exe
        7⤵
        
        PID:13020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29123.exe
        7⤵
        
        PID:16744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-930.exe
        7⤵
        
        PID:16516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50813.exe
        6⤵
        
        PID:9148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60320.exe
        6⤵
        
        PID:12400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60818.exe
        6⤵
        
        PID:16864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16270.exe
        6⤵
        
        PID:8156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29775.exe
        5⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        6⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61704.exe
        7⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62035.exe
        7⤵
        
        PID:13996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24108.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25496.exe
        6⤵
        
        PID:10800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10878.exe
        6⤵
        
        PID:15064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33529.exe
        6⤵
        
        PID:9320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16371.exe
        5⤵
        
        PID:7736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56998.exe
        6⤵
        
        PID:10968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32835.exe
        6⤵
        
        PID:16668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58719.exe
        6⤵
        
        PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25885.exe
        5⤵
        
        PID:11036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56586.exe
        5⤵
        
        PID:14840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14630.exe
        5⤵
        
        PID:752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61152.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45033.exe
        5⤵
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15595.exe
        6⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45737.exe
        7⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17679.exe
        7⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
        7⤵
        
        PID:16812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42195.exe
        7⤵
        
        PID:8120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6796.exe
        6⤵
        
        PID:9560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37495.exe
        6⤵
        
        PID:13196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
        6⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47671.exe
        6⤵
        
        PID:9384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24825.exe
        5⤵
        
        PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12636.exe
        5⤵
        
        PID:10280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43884.exe
        5⤵
        
        PID:16424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52801.exe
        5⤵
        
        PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37236.exe
        5⤵
        
        PID:13064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20809.exe
      4⤵
      PID:456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63535.exe
        5⤵
        
        PID:6776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62438.exe
        6⤵
        
        PID:8748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
        6⤵
        
        PID:12996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
        6⤵
        
        PID:14996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39831.exe
        6⤵
        
        PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21263.exe
        5⤵
        
        PID:8844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50589.exe
        5⤵
        
        PID:13396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42235.exe
        5⤵
        
        PID:17456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54054.exe
        5⤵
        
        PID:16904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1205.exe
      4⤵
      PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60174.exe
        5⤵
        
        PID:17832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22594.exe
        5⤵
        
        PID:8132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28566.exe
      4⤵
      PID:8920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29792.exe
      4⤵
      PID:14068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
      4⤵
      PID:9044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60310.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18409.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25922.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49641.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 472
        8⤵
        Program crash
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11477.exe
        7⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59396.exe
        7⤵
        
        PID:12736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3086.exe
        7⤵
        
        PID:17348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25161.exe
        7⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48489.exe
        6⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
        7⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
        8⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1359.exe
        8⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53428.exe
        8⤵
        
        PID:16924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58588.exe
        8⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24405.exe
        7⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54377.exe
        7⤵
        
        PID:14792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32092.exe
        7⤵
        
        PID:8428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25148.exe
        6⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1799.exe
        7⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12431.exe
        7⤵
        
        PID:13332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10416.exe
        7⤵
        
        PID:17424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39831.exe
        7⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32736.exe
        6⤵
        
        PID:10048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        6⤵
        
        PID:13812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60294.exe
        6⤵
        
        PID:1224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9045.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7425.exe
        6⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56556.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16998.exe
        8⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
        8⤵
        
        PID:13520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59620.exe
        8⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        7⤵
        
        PID:11724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64391.exe
        7⤵
        
        PID:15452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24293.exe
        7⤵
        
        PID:18284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58381.exe
        6⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7269.exe
        7⤵
        
        PID:12616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5714.exe
        7⤵
        
        PID:15532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30057.exe
        7⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32152.exe
        6⤵
        
        PID:10672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        6⤵
        
        PID:15304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17276.exe
        6⤵
        
        PID:380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11897.exe
        5⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62700.exe
        6⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25126.exe
        7⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
        7⤵
        
        PID:13368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10416.exe
        7⤵
        
        PID:17448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe
        7⤵
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
        6⤵
        
        PID:9748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22134.exe
        6⤵
        
        PID:13384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50900.exe
        6⤵
        
        PID:17468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39671.exe
        6⤵
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40057.exe
        5⤵
        
        PID:7480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42248.exe
        6⤵
        
        PID:12228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
        6⤵
        
        PID:14896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64287.exe
        6⤵
        
        PID:1252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
        6⤵
        
        PID:12940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9603.exe
        5⤵
        
        PID:10092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52787.exe
        5⤵
        
        PID:13288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34377.exe
        5⤵
        
        PID:12444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3151.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31407.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8001.exe
        6⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46405.exe
        7⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53061.exe
        8⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39183.exe
        8⤵
        
        PID:12224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8536.exe
        8⤵
        
        PID:16000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
        8⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46614.exe
        7⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15701.exe
        7⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe
        7⤵
        
        PID:16672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
        7⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63702.exe
        6⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12117.exe
        6⤵
        
        PID:9308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35805.exe
        6⤵
        
        PID:14160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35735.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:18144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27627.exe
        5⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        6⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29960.exe
        7⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23308.exe
        7⤵
        
        PID:13960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
        7⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
        7⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14671.exe
        6⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16950.exe
        6⤵
        
        PID:13576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53972.exe
        6⤵
        
        PID:17540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5052.exe
        6⤵
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16371.exe
        5⤵
        
        PID:7768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41224.exe
        6⤵
        
        PID:12912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60338.exe
        6⤵
        
        PID:14076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11163.exe
        6⤵
        
        PID:18388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27302.exe
        5⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48906.exe
        5⤵
        
        PID:15632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36311.exe
        5⤵
        
        PID:6048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62355.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23596.exe
        5⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        6⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
        7⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43856.exe
        7⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10419.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21849.exe
        7⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4882.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15804.exe
        6⤵
        
        PID:11056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
        6⤵
        
        PID:400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30546.exe
        5⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47877.exe
        6⤵
        
        PID:9112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
        6⤵
        
        PID:12128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25432.exe
        6⤵
        
        PID:16192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24922.exe
        6⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19285.exe
        5⤵
        
        PID:9156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8006.exe
        5⤵
        
        PID:14004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5582.exe
        5⤵
        
        PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9506.exe
      4⤵
      PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18181.exe
        5⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18760.exe
        6⤵
        
        PID:13256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14031.exe
        6⤵
        
        PID:17244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        6⤵
        
        PID:7516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7598.exe
        5⤵
        
        PID:9840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26166.exe
        5⤵
        
        PID:13356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16281.exe
        5⤵
        
        PID:17212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
        5⤵
        
        PID:5736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32652.exe
      4⤵
      PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42601.exe
        5⤵
        
        PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61429.exe
        5⤵
        
        PID:8032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14453.exe
      4⤵
      PID:10124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38934.exe
      4⤵
      PID:13316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48948.exe
      4⤵
      PID:8224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13945.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26351.exe
        6⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        7⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        8⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61359.exe
        8⤵
        
        PID:12892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22421.exe
        8⤵
        
        PID:17236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53904.exe
        8⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52438.exe
        7⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52919.exe
        7⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        7⤵
        
        PID:16268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13184.exe
        7⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28523.exe
        6⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
        7⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39278.exe
        7⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63382.exe
        7⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29203.exe
        7⤵
        
        PID:17876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63101.exe
        6⤵
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
        6⤵
        
        PID:12280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60818.exe
        6⤵
        
        PID:16852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49094.exe
        6⤵
        
        PID:11628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        5⤵
        
        PID:972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48389.exe
        6⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5230.exe
        7⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39183.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17176.exe
        7⤵
        
        PID:15752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30739.exe
        7⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40424.exe
        6⤵
        
        PID:864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65140.exe
        6⤵
        
        PID:12676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25315.exe
        6⤵
        
        PID:15028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34813.exe
        6⤵
        
        PID:16872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20754.exe
        5⤵
        
        PID:6464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63462.exe
        6⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58399.exe
        7⤵
        
        PID:7868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53965.exe
        6⤵
        
        PID:11240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20211.exe
        6⤵
        
        PID:14504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29203.exe
        6⤵
        
        PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3429.exe
        5⤵
        
        PID:8684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45158.exe
        5⤵
        
        PID:10268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6097.exe
        5⤵
        
        PID:16180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
        5⤵
        
        PID:5868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41551.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30316.exe
        5⤵
        
        PID:1412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        6⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65126.exe
        7⤵
        
        PID:12984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58125.exe
        7⤵
        
        PID:15420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4583.exe
        7⤵
        
        PID:18180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57079.exe
        6⤵
        
        PID:10572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39389.exe
        6⤵
        
        PID:14932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62388.exe
        6⤵
        
        PID:11968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2636.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21436.exe
        5⤵
        
        PID:11232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45239.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35831.exe
      4⤵
      PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40444.exe
      4⤵
      PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28396.exe
        5⤵
        
        PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4593.exe
        5⤵
        
        PID:12084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13491.exe
        5⤵
        
        PID:14480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10581.exe
        5⤵
        
        PID:7156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52621.exe
      4⤵
      PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28975.exe
      4⤵
      PID:12880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
      4⤵
      PID:15976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
      4⤵
      PID:17424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22752.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61417.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35884.exe
        5⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        6⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61926.exe
        7⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5171.exe
        7⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        7⤵
        
        PID:16244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56692.exe
        7⤵
        
        PID:9072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32619.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47958.exe
        6⤵
        
        PID:11780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58781.exe
        6⤵
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28345.exe
        6⤵
        
        PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42322.exe
        5⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7790.exe
        6⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13809.exe
        6⤵
        
        PID:11512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        6⤵
        
        PID:14184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35923.exe
        6⤵
        
        PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38368.exe
        5⤵
        
        PID:6948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61209.exe
        6⤵
        
        PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51469.exe
        5⤵
        
        PID:12648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40812.exe
        5⤵
        
        PID:16684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4942.exe
        5⤵
        
        PID:8420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25167.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        5⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16136.exe
        6⤵
        
        PID:9360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34673.exe
        6⤵
        
        PID:14188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59408.exe
        6⤵
        
        PID:9940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18767.exe
        5⤵
        
        PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54269.exe
        5⤵
        
        PID:12796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        5⤵
        
        PID:16944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4531.exe
        5⤵
        
        PID:18148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33404.exe
      4⤵
      PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20232.exe
        5⤵
        
        PID:9448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48461.exe
        5⤵
        
        PID:12788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27766.exe
        5⤵
        
        PID:16964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25366.exe
        5⤵
        
        PID:9440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
      4⤵
      PID:9896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62666.exe
      4⤵
      PID:13532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
      4⤵
      PID:17012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37193.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37193.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
      4⤵
      PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39298.exe
        5⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36076.exe
        6⤵
        
        PID:8216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4593.exe
        6⤵
        
        PID:11344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13491.exe
        6⤵
        
        PID:14220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27478.exe
        6⤵
        
        PID:8896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37077.exe
        5⤵
        
        PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1139.exe
        5⤵
        
        PID:12576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36991.exe
        5⤵
        
        PID:14108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
        5⤵
        
        PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9643.exe
      4⤵
      PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34025.exe
        5⤵
        
        PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10806.exe
        5⤵
        
        PID:14012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42167.exe
        5⤵
        
        PID:17512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33276.exe
      4⤵
      PID:9740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65.exe
      4⤵
      PID:13736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45307.exe
      4⤵
      PID:17576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57126.exe
      4⤵
      PID:4404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10351.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10351.exe
    3⤵
    PID:5500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
      4⤵
      PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15445.exe
        5⤵
        
        PID:10372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10233.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21849.exe
        5⤵
        
        PID:6472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23244.exe
      4⤵
      PID:10128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33971.exe
      4⤵
      PID:13784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42167.exe
      4⤵
      PID:2312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34844.exe
    3⤵
    PID:7924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
      4⤵
      PID:12168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
      4⤵
      PID:14456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33965.exe
      4⤵
      PID:5836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
    3⤵
    PID:10760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22570.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22570.exe
    3⤵
    PID:14140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9030.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9030.exe
    3⤵
    PID:2916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11282.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11282.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30124.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20076.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52482.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12164.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22379.exe
        7⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31926.exe
        8⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20959.exe
        8⤵
        
        PID:12712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        8⤵
        
        PID:16952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25707.exe
        8⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19193.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58784.exe
        7⤵
        
        PID:12108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22632.exe
        7⤵
        
        PID:16316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        7⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36693.exe
        6⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44780.exe
        7⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
        7⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        7⤵
        
        PID:13848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35923.exe
        7⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27702.exe
        7⤵
        
        PID:11972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34553.exe
        6⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49564.exe
        7⤵
        
        PID:18352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
        6⤵
        
        PID:11564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        6⤵
        
        PID:16388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8893.exe
        6⤵
        
        PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9128.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39400.exe
        6⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61926.exe
        7⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
        8⤵
        
        PID:12824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38732.exe
        8⤵
        
        PID:16888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57331.exe
        8⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63181.exe
        7⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        7⤵
        
        PID:15076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17028.exe
        7⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46355.exe
        6⤵
        
        PID:8728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
        6⤵
        
        PID:12164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22632.exe
        6⤵
        
        PID:16328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16166.exe
        6⤵
        
        PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43516.exe
        5⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21164.exe
        6⤵
        
        PID:7680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        6⤵
        
        PID:10388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50170.exe
        6⤵
        
        PID:15424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        6⤵
        
        PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37986.exe
        5⤵
        
        PID:8984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35695.exe
        5⤵
        
        PID:11496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23162.exe
        5⤵
        
        PID:14148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33530.exe
        5⤵
        
        PID:9188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41296.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35817.exe
        6⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24486.exe
        7⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24459.exe
        8⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
        8⤵
        
        PID:13516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48039.exe
        8⤵
        
        PID:17312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41557.exe
        7⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65466.exe
        7⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53972.exe
        7⤵
        
        PID:17548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20537.exe
        7⤵
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        6⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60151.exe
        6⤵
        
        PID:10160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        6⤵
        
        PID:13324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33529.exe
        6⤵
        
        PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        5⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50790.exe
        7⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56303.exe
        7⤵
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21849.exe
        7⤵
        
        PID:17120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17100.exe
        6⤵
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53593.exe
        6⤵
        
        PID:14116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11132.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16371.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38018.exe
        5⤵
        
        PID:10076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        5⤵
        
        PID:16312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8907.exe
        5⤵
        
        PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51458.exe
        5⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34790.exe
        6⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        7⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3215.exe
        7⤵
        
        PID:13600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30739.exe
        7⤵
        
        PID:17864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52560.exe
        6⤵
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41305.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        6⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        5⤵
        
        PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2163.exe
        5⤵
        
        PID:10296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10294.exe
        5⤵
        
        PID:8088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21513.exe
      4⤵
      PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1799.exe
        6⤵
        
        PID:9800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12431.exe
        6⤵
        
        PID:13456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4443.exe
        6⤵
        
        PID:17508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51408.exe
        6⤵
        
        PID:17860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14095.exe
        5⤵
        
        PID:10104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15414.exe
        5⤵
        
        PID:13724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53972.exe
        5⤵
        
        PID:17568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38053.exe
        5⤵
        
        PID:9908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17778.exe
      4⤵
      PID:7916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16998.exe
        5⤵
        
        PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63571.exe
        5⤵
        
        PID:13916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55071.exe
        5⤵
        
        PID:6184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
      4⤵
      PID:9316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27905.exe
      4⤵
      PID:15480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42956.exe
      4⤵
      PID:4248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47958.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47958.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30530.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45957.exe
        6⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        7⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14671.exe
        7⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16950.exe
        7⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53972.exe
        7⤵
        
        PID:17520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52847.exe
        7⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23378.exe
        6⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6771.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        6⤵
        
        PID:13748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4531.exe
        6⤵
        
        PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15951.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11076.exe
        6⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18760.exe
        7⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14031.exe
        7⤵
        
        PID:17136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
        7⤵
        
        PID:8464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7951.exe
        6⤵
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53593.exe
        6⤵
        
        PID:14124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        6⤵
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64851.exe
        5⤵
        
        PID:7192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1701.exe
        6⤵
        
        PID:16736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24130.exe
        6⤵
        
        PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38018.exe
        5⤵
        
        PID:9692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43884.exe
        5⤵
        
        PID:16416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53525.exe
        5⤵
        
        PID:8916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48620.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36788.exe
        5⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4840.exe
        6⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62898.exe
        6⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8597.exe
        6⤵
        
        PID:16732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3925.exe
        6⤵
        
        PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26397.exe
        5⤵
        
        PID:9572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34694.exe
        5⤵
        
        PID:13276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19308.exe
        5⤵
        
        PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61327.exe
        5⤵
        
        PID:7472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29686.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8461.exe
        6⤵
        
        PID:16768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48829.exe
        6⤵
        
        PID:16680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13135.exe
        5⤵
        
        PID:10064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59737.exe
        5⤵
        
        PID:13796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8700.exe
        5⤵
        
        PID:17212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41701.exe
        5⤵
        
        PID:11560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30217.exe
      4⤵
      PID:7892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
        5⤵
        
        PID:16796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43595.exe
        5⤵
        
        PID:8992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
      4⤵
      PID:11640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48059.exe
      4⤵
      PID:13704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59738.exe
      4⤵
      PID:18020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28911.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49641.exe
        5⤵
        
        PID:3672
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 488
        6⤵
        Program crash
        
        PID:6608
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 624
        5⤵
        Program crash
        
        PID:7912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27340.exe
        5⤵
        
        PID:7744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15094.exe
        5⤵
        
        PID:12692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        5⤵
        
        PID:17144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
        5⤵
        
        PID:9376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53097.exe
      4⤵
      PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        5⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10984.exe
        6⤵
        
        PID:9516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43276.exe
        6⤵
        
        PID:13088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26230.exe
        6⤵
        
        PID:17172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6092.exe
        6⤵
        
        PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25496.exe
        5⤵
        
        PID:10764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10878.exe
        5⤵
        
        PID:15080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
        5⤵
        
        PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6579.exe
      4⤵
      PID:7884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
        5⤵
        
        PID:12556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14031.exe
        5⤵
        
        PID:17272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26220.exe
        5⤵
        
        PID:8928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38018.exe
      4⤵
      PID:10112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43884.exe
      4⤵
      PID:16448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25161.exe
      4⤵
      PID:12600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38755.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14379.exe
      4⤵
      PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12036.exe
        5⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
        6⤵
        
        PID:11388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49647.exe
        6⤵
        
        PID:14612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13094.exe
        6⤵
        
        PID:17292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13135.exe
        5⤵
        
        PID:10056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59737.exe
        5⤵
        
        PID:13804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
        5⤵
        
        PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58957.exe
      4⤵
      PID:8020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32152.exe
      4⤵
      PID:10620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
      4⤵
      PID:13552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26886.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26886.exe
    3⤵
    PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14660.exe
      4⤵
      PID:7576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
        5⤵
        
        PID:13128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12528.exe
        5⤵
        
        PID:17308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe
        5⤵
        
        PID:5764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
      4⤵
      PID:10536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
      4⤵
      PID:14544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41692.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50636.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50636.exe
    3⤵
    PID:6712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9646.exe
      4⤵
      PID:12924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20623.exe
      4⤵
      PID:16324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57331.exe
      4⤵
      PID:8980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42104.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42104.exe
    3⤵
    PID:11484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42724.exe
    3⤵
    PID:16352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58054.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7812
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53267.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53267.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20076.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20076.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49410.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39746.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23660.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
        7⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        8⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29960.exe
        9⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
        9⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48107.exe
        9⤵
        
        PID:17560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30739.exe
        9⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57079.exe
        8⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17022.exe
        8⤵
        
        PID:14948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4531.exe
        8⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
        7⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        7⤵
        
        PID:12972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        7⤵
        
        PID:14032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57985.exe
        7⤵
        
        PID:17832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56979.exe
        6⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27183.exe
        7⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
        7⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        7⤵
        
        PID:15268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37011.exe
        7⤵
        
        PID:18232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16956.exe
        6⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36482.exe
        6⤵
        
        PID:11608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        6⤵
        
        PID:13464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11086.exe
        6⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3218.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56066.exe
        6⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
        7⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
        8⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47474.exe
        8⤵
        
        PID:14496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53543.exe
        8⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46166.exe
        7⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15990.exe
        7⤵
        
        PID:13684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8700.exe
        7⤵
        
        PID:16884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58381.exe
        6⤵
        
        PID:7904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32152.exe
        6⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32523.exe
        7⤵
        
        PID:15724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        6⤵
        
        PID:15380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24630.exe
        6⤵
        
        PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45328.exe
        5⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
        6⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31662.exe
        6⤵
        
        PID:10936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24344.exe
        6⤵
        
        PID:13876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48336.exe
        6⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5989.exe
        5⤵
        
        PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64900.exe
        5⤵
        
        PID:11220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26332.exe
        5⤵
        
        PID:16400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40082.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59714.exe
        6⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        7⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7884.exe
        7⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25718.exe
        7⤵
        
        PID:14312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21849.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51926.exe
        6⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47103.exe
        6⤵
        
        PID:12508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12840.exe
        6⤵
        
        PID:13972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
        6⤵
        
        PID:9596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
        5⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63362.exe
        6⤵
        
        PID:8964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41295.exe
        6⤵
        
        PID:11584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25432.exe
        6⤵
        
        PID:16220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35475.exe
        6⤵
        
        PID:9648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2447.exe
        5⤵
        
        PID:8392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        5⤵
        
        PID:12144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10691.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56486.exe
        5⤵
        
        PID:6156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33782.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2667.exe
        5⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        6⤵
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7951.exe
        6⤵
        
        PID:8324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62627.exe
        6⤵
        
        PID:15148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42167.exe
        6⤵
        
        PID:17096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41701.exe
        6⤵
        
        PID:9500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20306.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6771.exe
        5⤵
        
        PID:10256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        5⤵
        
        PID:14532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34813.exe
        5⤵
        
        PID:18396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11045.exe
      4⤵
      PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19430.exe
        5⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8853.exe
        6⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
        5⤵
        
        PID:10524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
        5⤵
        
        PID:14536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26131.exe
        5⤵
        
        PID:17540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37321.exe
      4⤵
      PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11138.exe
        5⤵
        
        PID:9080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61037.exe
        5⤵
        
        PID:13084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11281.exe
      4⤵
      PID:11596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49436.exe
      4⤵
      PID:15504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9774.exe
      4⤵
      PID:6680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45715.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18309.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
        5⤵
        Executes dropped EXE
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22953.exe
        6⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31718.exe
        7⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        8⤵
        
        PID:11416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
        8⤵
        
        PID:14156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19305.exe
        8⤵
        
        PID:17952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8469.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27733.exe
        7⤵
        
        PID:32
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
        7⤵
        
        PID:14236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65357.exe
        7⤵
        
        PID:10880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51926.exe
        6⤵
        
        PID:7876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2163.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56035.exe
        6⤵
        
        PID:15404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8700.exe
        6⤵
        
        PID:17520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59369.exe
        5⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
        6⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37993.exe
        7⤵
        
        PID:16020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2249.exe
        7⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61776.exe
        6⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
        6⤵
        
        PID:14228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35923.exe
        6⤵
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-124.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58879.exe
        5⤵
        
        PID:11032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43884.exe
        5⤵
        
        PID:16432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8893.exe
        5⤵
        
        PID:6872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46096.exe
      4⤵
      PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50498.exe
        5⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        6⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49254.exe
        7⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12431.exe
        7⤵
        
        PID:13348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2331.exe
        7⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21273.exe
        7⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45590.exe
        6⤵
        
        PID:9916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16950.exe
        6⤵
        
        PID:13620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53807.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17532.exe
        5⤵
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5916.exe
        5⤵
        
        PID:11472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43884.exe
        5⤵
        
        PID:16440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64911.exe
        5⤵
        
        PID:12372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17398.exe
      4⤵
      PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61926.exe
        5⤵
        
        PID:7380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5171.exe
        5⤵
        
        PID:12316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        5⤵
        
        PID:16260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52271.exe
        5⤵
        
        PID:18104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8312.exe
      4⤵
      PID:8384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54148.exe
      4⤵
      PID:12136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59693.exe
      4⤵
      PID:14244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52166.exe
      4⤵
      PID:12632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4996.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54447.exe
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        6⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
        7⤵
        
        PID:14448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33965.exe
        7⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        6⤵
        
        PID:10652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18675.exe
        6⤵
        
        PID:15464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe
        6⤵
        
        PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55785.exe
        5⤵
        
        PID:8240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18328.exe
        5⤵
        
        PID:12096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
        5⤵
        
        PID:14276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30774.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59369.exe
      4⤵
      PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
        5⤵
        
        PID:7256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5171.exe
        5⤵
        
        PID:12292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        5⤵
        
        PID:16228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32701.exe
        5⤵
        
        PID:5804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
      4⤵
      PID:9980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63152.exe
      4⤵
      PID:13588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45837.exe
      4⤵
      PID:17532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31270.exe
      4⤵
      PID:5696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39267.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39267.exe
    3⤵
    PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61926.exe
        5⤵
        
        PID:7248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13809.exe
        5⤵
        
        PID:10360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        5⤵
        
        PID:15324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17028.exe
        5⤵
        
        PID:6984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32502.exe
      4⤵
      PID:7776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60134.exe
      4⤵
      PID:12584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57348.exe
      4⤵
      PID:16660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29599.exe
      4⤵
      PID:11764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
    3⤵
    PID:5552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57318.exe
      4⤵
      PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59030.exe
        5⤵
        
        PID:12488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13809.exe
      4⤵
      PID:10668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
      4⤵
      PID:15252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9164.exe
      4⤵
      PID:10212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34699.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34699.exe
    3⤵
    PID:8576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23671.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23671.exe
    3⤵
    PID:11292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
    3⤵
    PID:15144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
    3⤵
    PID:7084
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19234.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19234.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3115.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30530.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48105.exe
        5⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63535.exe
        6⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65349.exe
        7⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        8⤵
        
        PID:12428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8686.exe
        8⤵
        
        PID:17260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56429.exe
        8⤵
        
        PID:12952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59990.exe
        7⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        7⤵
        
        PID:14020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37011.exe
        7⤵
        
        PID:11960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37077.exe
        6⤵
        
        PID:9160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
        6⤵
        
        PID:12448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        6⤵
        
        PID:16252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52847.exe
        6⤵
        
        PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6805.exe
        5⤵
        
        PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30835.exe
        5⤵
        
        PID:8780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59458.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14239.exe
        5⤵
        
        PID:12408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53673.exe
      4⤵
      PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
        5⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37771.exe
        6⤵
        
        PID:10492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3566.exe
        6⤵
        
        PID:14524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19305.exe
        6⤵
        
        PID:564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24405.exe
        5⤵
        
        PID:9996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
        5⤵
        
        PID:13556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25631.exe
        5⤵
        
        PID:10584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56655.exe
        5⤵
        
        PID:12860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38288.exe
      4⤵
      PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-494.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55379.exe
        5⤵
        
        PID:13884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39142.exe
      4⤵
      PID:9776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2735.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27788.exe
      4⤵
      PID:15552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46007.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46007.exe
    3⤵
    PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
      4⤵
      PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25772.exe
        5⤵
        
        PID:7476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13809.exe
        5⤵
        
        PID:10380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58774.exe
        5⤵
        
        PID:15856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53904.exe
        5⤵
        
        PID:940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5458.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47958.exe
      4⤵
      PID:11848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
      4⤵
      PID:16336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13184.exe
      4⤵
      PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7275.exe
      4⤵
      PID:9764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25660.exe
    3⤵
    PID:6500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19727.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54269.exe
      4⤵
      PID:12768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24291.exe
      4⤵
      PID:16912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55351.exe
      4⤵
      PID:8484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32198.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32198.exe
    3⤵
    PID:8860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12079.exe
    3⤵
    PID:13304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
    3⤵
    PID:16760
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12550.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12550.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30530.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30530.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2817.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50598.exe
        5⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57669.exe
        6⤵
        
        PID:8476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
        6⤵
        
        PID:12180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13491.exe
        6⤵
        
        PID:13376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65357.exe
        6⤵
        
        PID:17032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16302.exe
        5⤵
        
        PID:8792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31414.exe
        5⤵
        
        PID:13292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25090.exe
        5⤵
        
        PID:16748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7603.exe
        5⤵
        
        PID:8304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6120.exe
      4⤵
      PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16367.exe
        5⤵
        
        PID:12548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1905.exe
        5⤵
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55647.exe
        5⤵
        
        PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14006.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53962.exe
      4⤵
      PID:15160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23135.exe
      4⤵
      PID:572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37651.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37651.exe
    3⤵
    PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
      4⤵
      PID:6360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37135.exe
      4⤵
      PID:11296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
      4⤵
      PID:15348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1746.exe
      4⤵
      PID:16632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54332.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54332.exe
    3⤵
    PID:8888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45158.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45158.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:11912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6097.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:16212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5440
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43019.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43019.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14379.exe
    3⤵
    PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19781.exe
      4⤵
      PID:6580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24233.exe
        5⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28367.exe
        5⤵
        
        PID:13148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22421.exe
        5⤵
        
        PID:17328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
        5⤵
        
        PID:7200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2831.exe
      4⤵
      PID:9364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25081.exe
      4⤵
      PID:13300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33632.exe
      4⤵
      PID:17004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36025.exe
      4⤵
      PID:6912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9643.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9643.exe
    3⤵
    PID:7032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45289.exe
      4⤵
      PID:10864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
      4⤵
      PID:14440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55647.exe
      4⤵
      PID:6740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33276.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5633.exe
    3⤵
    PID:13056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57702.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57702.exe
    3⤵
    PID:17560
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48159.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48159.exe
  2⤵
  PID:5648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15846.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15846.exe
    3⤵
    PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exe
      4⤵
      PID:12264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
      4⤵
      PID:14464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62564.exe
      4⤵
      PID:17568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7951.exe
    3⤵
    PID:8760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53593.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53593.exe
    3⤵
    PID:14132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59188.exe
    3⤵
    PID:6940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58107.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58107.exe
  2⤵
  PID:7728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24459.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24459.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:10976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
    3⤵
    PID:14472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30057.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30057.exe
    3⤵
    PID:1012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57956.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57956.exe
  2⤵
  PID:11116
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26770.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26770.exe
  2⤵
  PID:15436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13092.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13092.exe
  2⤵
  PID:8416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3672 -ip 3672
1⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 864 -ip 864
1⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 2852 -ip 2852
1⤵
PID:6876

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
- Suspicious behavior: AddClipboardFormatListener
PID:18080

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:17600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11282.exe

Filesize
468KB

MD5
7b6ca297b3f615546c2b2f3ad27960ba

SHA1
54fd44490e805bfdeb337bb11b1e70f05694e40d

SHA256
0e47620b3e96ad0f206a567cb128db345643d6d6713aedf2ae1014fb46e0b9f6

SHA512
3b23a892505097449b98d77582d3cb0cbd0aca4053880bbdee0e4f4ec368ec57f0fcbbf4cc8abae5c818a222b082e942c5ce13d61563926f1a66515ecd3c3e25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12550.exe

Filesize
468KB

MD5
ebbf2d2075399c73cb64536d1f31bdda

SHA1
fab543eb99f1586a7402b2fc773e7f567f54f9e6

SHA256
539aac95ed3b7ebcde143049566cdb3d1b00029739025bc930d94623287e46a2

SHA512
f6f19fa3a2159b6fa55094d41bd05d412123ee7ea2f5485d964c3d059a4a1f3ae4274184b30ae29131c988b8f944283944cba9eb3dc4e46e5b0968de81464aeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13945.exe

Filesize
468KB

MD5
289e5c769b8f43554453aab2f9ac299e

SHA1
3522fcf7292380bb2622971e2f3c92c97bc64a0b

SHA256
4b7f443f219d6fce022cfc1f3952ddaac3322d730804e73000c05a6c7ef15ba0

SHA512
773df602776b29c89338e225d20e1a6e10003135ceb16cd99b457f4835fc48aa6647a5f4267836f690b2aa9cf376ed09e54b234f87930861a57c9dc229c6125e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13953.exe

Filesize
468KB

MD5
c4203d7b9a8ebbe0cc17a212761163ba

SHA1
933c2f52e7a53593657c59d9e4dbd9dc7889f869

SHA256
ae2d019f95ac3f615837526217e376908cbfb81dfefd4d1b0b6865a5187fa396

SHA512
773b821d23c4ec0059365c5019be320a34f7f36e4c85553985e920e0c2afcda6a7ed901f53c8b618241999526adfb56829673467c75c1ad027a2a216319613d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15663.exe

Filesize
468KB

MD5
1e51c484370e643fc9c19dcdedd6e11f

SHA1
6a43d9683832804083e3db485db6ccd2b641d43e

SHA256
1287d50bfdbb693741b52013713bffeb39d88af3c3397ce5add021120adb4aa8

SHA512
226c3f7da47f97e6f7eb8b893e34b8123b66728acc746d633b2b8dcf449c94cb9547cf7907c83575cb53217d239c31a49a53b78b8d50df3b60c14d6cde3f7e2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe

Filesize
468KB

MD5
0ed207cceba84238b3f55cc04a812ee7

SHA1
7592bab3fa1a3401bcc75294b84e951889608824

SHA256
0ef0cd5754ba1dfabd0769669a8955f1dcad40061a52eb437593e5adfad996ef

SHA512
8f396d40becf7932811b34f864ff62b089e20bb339b32fd6b604b78838a2501ab5b82d44072210834b2886dfd420c469c9484a9c5e994d16f1f43edd7287bc8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18409.exe

Filesize
468KB

MD5
5321e5f889eb9c6c5e0b169b4ba4313a

SHA1
af427b5fac326a2f3b52bc425ac3d0b64164f297

SHA256
341f6cdbd6a86ec16c152ea87f590a8f5e0d4e8d0a7e6a7345379fdf78d9542f

SHA512
4bc670f3d4924286bd29da4720d5144761b10a3f79ed8a0902263f06e63c686152079500efe17791d559cc32ff807666e1299ea2b1bbbd233bfa658fad7b3cb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19234.exe

Filesize
468KB

MD5
57f061bf5ae7073efcf956347972fdae

SHA1
9f13cc4d995855705da964c6297e3ce0cd0f7522

SHA256
d476ee56296f2db363f7558160821a383677c626b93141b18e35ba9da6b64951

SHA512
dc126b2e257c7bff9c1e30cd2617b7d22d809fce921dd6d33845e635ffa7fbabcb38ca6f31603c7caf50b121e808618db225abfea1507d2251770741060fb9cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20076.exe

Filesize
468KB

MD5
8cf94cdb8725de1e9b72940456b8d97a

SHA1
e7ab19f1a9fe5818f05e93de4cbe76b74f78f2ed

SHA256
d97a2b7b2b74cbf386207551716ec316a8df78353c5b8f6d9675e4681d2d0a9d

SHA512
2d90db134d778f7d3c6ba3a68d3faf00547cc040db3b8c28eb6a57671453a76b97a365317073b45aaab141518bcfdfcde3a634ac4c9e822323b818edc4f5e588

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22752.exe

Filesize
468KB

MD5
4d530f9e2592ab6f70722a19ef83d828

SHA1
d05a5af5735ce386b5a98ecb35af79a1f40e941f

SHA256
1d9fb3b979ba33127beb25db2e961b8bc700963a58a23012293ef24ac2c6eb57

SHA512
11797892b7d97954aa923431128f72abf4fa151396180681560d382d6266c32b21e31e34b668d85780ea30dd521cb1447a6303cc831f89dbeba6cadf33a77bdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe

Filesize
468KB

MD5
e4426cf47704228fc2f9341a14bf3227

SHA1
749feb6cf8d20406e13221249b369975cd827bbd

SHA256
93335792fda974365fdf93d01e28397939cc2deaffe492682ebd9c91e3d2931b

SHA512
50c784cf68dccc3b8372cef25a9aa3cb38d8332a2c5c9782f1c11a4bd76990eccec457601041f488c7168c41e4b7ab0a12293124c4added20a6f777303a3404c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25126.exe

Filesize
468KB

MD5
46da536d1c1522b05c572916824e7bf3

SHA1
962782b582f5a103df6cac652fdc881949037cbe

SHA256
0d0b20bb3d4419f958c5f71391582472fe6f025f93c2496da538664fbfd12309

SHA512
3cc8a81e8dfe60d2375a707ee0ad15126f43c10695ab559a6593fee0014c994ec1331a62d054844236b4614b298ce9e05c77b85595ef9bc47a4bcbf99229e65c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27439.exe

Filesize
468KB

MD5
9980d13885c656854fcb197a01894a98

SHA1
2fca953549d3c54207c5f8aba5ecca14e4079bd6

SHA256
ba613335c9831ca2a2defe52f1a885881aa6145bb53eabbd372356a9eaf11ddb

SHA512
ec61c0caadb671d54f5610cf6d6df6850978c6b75463c1cbd260a28053c7181cabc03f6aefa606847b067c2736f5f8db84afa020201e51480d709661a4ec2d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30124.exe

Filesize
468KB

MD5
1ea618b031e5076620b2e09985cea4f4

SHA1
cdd138d51749690cdb9cedcd3c3ade4f159d3162

SHA256
9f56c4d854092ef64060852f29242a02d6df8941fc6ce1564ddeab83ea1b62d1

SHA512
8a2d3b9ae960f4e3b7aedd52f13e0d7d606790c92f1205877cbe8a7cfe2db1744033bbf2f6370d202a44cbda5d209a0d8f3428893b803449ed53228684c024f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3115.exe

Filesize
468KB

MD5
209f401a1fbfc6a5d68b6853ccc3fae5

SHA1
75ea78a2c35e4254d51c2f70b99a0bb27a5a2cd8

SHA256
48de20e90d5b68f3590bcbb331ff78f22d2be8144755ba18adba67d5308fb44e

SHA512
34fec46fc542a0f4188c0d27e3f9c949aa1d34d80373466b8cff768f669e09afa19a4f9ab3740ae48fd3dfa0b57660a0b461915611b777d68360dde2418a4a2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3151.exe

Filesize
468KB

MD5
a209f12af56973c433a5e6f8beed7d69

SHA1
61bdcd0863877201b908d516f62c159acf6935ec

SHA256
b9608a6fdb0db910e9ba1f284d178fc74f3f49d0ea96f7f71a0cfd61bd8afddc

SHA512
79664cc9165e46606e6a9f6d99e3a720cea7eb55217b81b2db564744cfb6e1a6536295c3e5aae210d652df3300671d6b65706be377218169142501be2b76605d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe

Filesize
468KB

MD5
ef45cf46a6bc8dc2a2063521d4683d06

SHA1
06a58659a21ee17664c23ebeb39b67763b9a7ed7

SHA256
a5c609cc5d5db3f1454afe049f19cde377816fb4baed6f9220762bfc868c7c93

SHA512
bb326b117bd375467aa9782024e4748338156fbd84e6ad4475a318dd446c4e0cd4c3e8b599282b5bef9f515d9813b354b27d4d5a99ed8a24f5c40f2c9c362daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39746.exe

Filesize
468KB

MD5
e39988a169f1745a0955f0d53e674527

SHA1
55342bad205de13ea401e63baebf4bc1225f1461

SHA256
787b5f9db78c00f52d8ef74c21cd109aaa3f7404ec505d7aac39e46c85aa5dd9

SHA512
62ddefb0c8452b751602360f5fc99331cedabf2ba959b33e58a409dce4b75c49ff9870288b4a511a10c8cbe93abd52ba869a14820141a3655dc87b4398711a07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40082.exe

Filesize
468KB

MD5
262f19f9621447f884a712bbe91cb921

SHA1
643ad6928308c75eedb04bbf449b8d3d1e0eb181

SHA256
9696b54e1752453d98779f4e26c5473a87cd0d47d3ac5fe2555681cdc0c1253b

SHA512
99ee2600e80ddd85e8bb0dedcdf91658fb2a0c283ea984774ec88e80bc23e5059804fcda759e99794d2bfb9e14283656ca6a14b24b8e610d70caf8617e756722

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41296.exe

Filesize
468KB

MD5
3252433b2f626565696325a353553e88

SHA1
239c37e5e2da91590c02ecc5af0190411e9ffd28

SHA256
909df159f571c689cb3d04da0cfd88ffca4d8dfc78bbdfe1bc3a5a3180d5686c

SHA512
c7d39c5ac5707b48f5f523a09e2a66f6b6e84397c7490223fa4588d0d64c151036b1870b0dd13eb51bf6cad19a29444450bae568df983a016dbc8600e5c8cbd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45715.exe

Filesize
468KB

MD5
c242ff0ff53e2ac11ac34eb4de3d14fb

SHA1
335e9c65015a3122d0a65a1219d1f15782f6953e

SHA256
4cc5b990d08698923c7e9540e7e9c8328b0109112d2cdf05c9b0a375f6ba1062

SHA512
3d65b3e46f10426a2bae5c7bbdc6cf595679678143fab37b6c6e3e51ee8ad6a5b7f45790134da5fc3d3ba9f472c100427d9971f4668630858fc7af749d97c880

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46352.exe

Filesize
468KB

MD5
7eb5e90b47615ab704fe1ea551481546

SHA1
386ccd6de490ce5618f4ca03637ba3964116dc2d

SHA256
a1ef9dcd655b78a102810262973fbc33f27b24ec6a2475cb074cbf56167e03a7

SHA512
1cf800b351c8d0833fd86f01e87dc7e0a27b8e0555012958783f3524bdea040f204bcb09f092b5f3324d4505be2dceb6dd882dedc9b869f87f38ab9c15e85022

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47958.exe

Filesize
468KB

MD5
6c9445bfde58d706f9af21eb4c60416b

SHA1
8a930b96f4341b81a9dafb43c03643bb202668b9

SHA256
cd0152f252ef72fd45bbb13b95e7d4de55505d34bab2e2e3cd5fbf8175f6450f

SHA512
6dacbb4d475cb06d913ab8f63ca9a0d239315d70dcd441292e551bf85f595da9df516c32e3b8b19b16e5a76439d59c8b14a40ea35578ae4e97f58161e2e5200d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe

Filesize
468KB

MD5
43b42e8a8d67b0e013998732676080a1

SHA1
e9d7b078755608d8e195618eed8f7301bf9a6795

SHA256
0c9c0651a0ef4100b4ea302513136ebb69b2548c2a9f5202126717351f73f337

SHA512
144ef5e5e9082be2d7bb6d11e550669e71893a62e285813cf8b483066768cf119a024d189c4420e6e168563b2da917a25274b50c08be8858638c6bf2be7855ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48787.exe

Filesize
468KB

MD5
9eee5f7bee204f28ca65588ec4d2b767

SHA1
7b003513a79af33835f88748077772f727699e61

SHA256
90215d72746d3478101532e933f72626d904eb8ceb8c59690fd1dda96a3f6658

SHA512
13ce81864b7e04fc12350ef120d2f7315abca3726a3b9f837c0d116e4edec7dc800cd8c4ba030fe7584474448c3bda57bafd1f68f5536ab046b09fe85754182f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49410.exe

Filesize
468KB

MD5
74010ec4c1ccd1144ba3678e41c194c1

SHA1
7757b6887243609b9726eea6af392a060d7ff005

SHA256
3426b63e678f762cc2b1380139e059f37c42072e979249d682c95dc18dfa7827

SHA512
dff384729e696318f607e00089d1f637e62308c11e210713fc16f907b7c8311a3bfb930ab250763ead9dbce8bbe43e83da48f2af957cd8f27a1e01295599e83c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50790.exe

Filesize
468KB

MD5
3224fa46e72a46d5157a791e9642cb3a

SHA1
f6373d278d4e90c5b4da2de48b9a79cfab106cea

SHA256
d3de5a22cee48534186dd57d569e30b68bdaf2ac0c2017d4db594d7dba38d7d9

SHA512
48800ad4b95a04be274d78abc48ba7177bc1a379b3c236d223403f29b8e22dc7e2f62f34d4e0458acbabf88653036ad3f2b41f3268330618a1d0f961f92cc1a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52482.exe

Filesize
468KB

MD5
0e2d397838e4cbcf7cc196d460d8f115

SHA1
252f3ad2d0afb5187f60995057da9187217f5bc8

SHA256
d3d2908f26aeb2215b58fb708f7bac237e65236603456623790f12d93c73138c

SHA512
fa400b59ea140ac3ea89420daeee10a0f2399ff3b66e9cf648d043c3d10b154a5531a373e1497f4e92853706100562690dec0af97c51aa6ef7dd629181baa2c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53267.exe

Filesize
468KB

MD5
88008a674190068c39e42ab3231cf8ee

SHA1
355cb8c3982a5f9c227f1fc67157705e637a4694

SHA256
b8d9bf15afca416ddab4dcccaeb79421ef0252ed1d089e075528afaab6ba3cdc

SHA512
710bc7ab710e9070c756252d01861113afe2f1f17e1b946da55ef4a8c7c7e9ebf30e949b2ab3959c7d1f3a50ebccdaf7e4dd68aadbe0206d35f9981f09895bd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55071.exe

Filesize
468KB

MD5
fabe11770b0e183ac00d74bab2cef9d4

SHA1
7bef8c146f785335c591a667cefd1e1cc56e0354

SHA256
a23cdff604291c74382e42dff4d79a473fbf980f99ef0f5c4d788dbddeb9cce9

SHA512
9be7386bb1f2566a6154b33e9f9ef7a67d4d582e18cb11124989413b717147dacdaa585465ed29bd1d0652845d5960d9a3e6421b87fc7c4c8eb5a9d92dd72eae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59714.exe

Filesize
468KB

MD5
040566392df308b8bab67b3194ec04d6

SHA1
9e5b0da8ec3d258a04176fc2444a0404c408e3bf

SHA256
788c51b4e82a1e9893d43c4e3f2d6d598d1380110fc9f6fde7a4f7217385a0a3

SHA512
7c757693636962f6a2d1ee23a42290ffc160e448fccae037284c863802cf4687d0e15e1cab7225487d47976f4c002bc656b8b2f9a5e512d8aa7af68586f470a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60310.exe

Filesize
468KB

MD5
09891bb399c7ac072d3e5265c20fbcc0

SHA1
78f6875b3db78632b74cfe6f0ecc3765a68871bd

SHA256
bbf75725a794ceae2cdbfdc22a49023165ee63a0e22a585777094be2bb3457b3

SHA512
455d4e25292ab834e8d0ce3dd0e014515645ab667e4a3098e509167a8f1eadadbb36de7bc22c3fdddb1ef9253f07fc03a8a4ed55848ec50329b85da05022031c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65171.exe

Filesize
468KB

MD5
53f5b37a02412bd6e1599a02fe161e53

SHA1
b0575c4dad41b1e2636a7573419b77b342364fe7

SHA256
dc282c67a2e2a10d697d2a6af19e1c32407b7a90ca8e5201a9ff1f3c2de5fe9d

SHA512
720fdb855d491ad10b233cdc6a3536fa399de54f28e354a156e96e723f547ceb42d874a6a47e812929cd0a60c6fd4f78e0eb6d5cdda8af5ff05831abefb5aca1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads