ed31fc2a316131449920560d7f3a940fd97f7870ceb6b0a324ccd9ab3edc78f4

Analysis

max time kernel
120s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 09:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ed31fc2a316131449920560d7f3a940fd97f7870ceb6b0a324ccd9ab3edc78f4N.exe
Size

468KB
MD5

67f66c84d4309e072e33d0489ec67270
SHA1

6ba7b1cf0705aa9252c66df2485ffcb9660b3598
SHA256

ed31fc2a316131449920560d7f3a940fd97f7870ceb6b0a324ccd9ab3edc78f4
SHA512

b84dd7bf9e8a4a95663451736db9a3f6b1d64e4d6b365ebdb4ae7d9e632ab8b9adeb53ccefc4c37c0f81f1b79207228067b30fdd84941385d32680694538ea16
SSDEEP

3072:7+mnogBCj28U2by9P73/qf8/oDtjyIplPmHBZTDfG6U+BTSNrvlR:7+WoFXU2kPr/qfw0slG6jBSNr

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1540	Unicorn-9755.exe
3016	Unicorn-36528.exe
5020	Unicorn-12578.exe
1056	Unicorn-38640.exe
5076	Unicorn-40678.exe
3764	Unicorn-35110.exe
3612	Unicorn-54976.exe
4840	Unicorn-13471.exe
220	Unicorn-19593.exe
3840	Unicorn-5858.exe
4360	Unicorn-29808.exe
4992	Unicorn-5858.exe
2648	Unicorn-33627.exe
4832	Unicorn-33892.exe
2540	Unicorn-61447.exe
3624	Unicorn-61852.exe
1968	Unicorn-62407.exe
940	Unicorn-4291.exe
4692	Unicorn-16544.exe
2812	Unicorn-20362.exe
4796	Unicorn-762.exe
2788	Unicorn-32880.exe
2016	Unicorn-41048.exe
1984	Unicorn-43086.exe
3636	Unicorn-29350.exe
3360	Unicorn-40286.exe
4420	Unicorn-49216.exe
2400	Unicorn-47170.exe
1900	Unicorn-50752.exe
4800	Unicorn-48706.exe
3232	Unicorn-39424.exe
4524	Unicorn-27726.exe
2988	Unicorn-63928.exe
3404	Unicorn-57798.exe
3028	Unicorn-64483.exe
948	Unicorn-55568.exe
2152	Unicorn-2646.exe
544	Unicorn-7135.exe
208	Unicorn-23472.exe
4492	Unicorn-7690.exe
4740	Unicorn-27556.exe
3672	Unicorn-43892.exe
4644	Unicorn-43892.exe
5012	Unicorn-45930.exe
2296	Unicorn-60228.exe
2468	Unicorn-51298.exe
2224	Unicorn-43892.exe
3504	Unicorn-8981.exe
1508	Unicorn-23280.exe
4860	Unicorn-18930.exe
2020	Unicorn-31448.exe
5052	Unicorn-11582.exe
2796	Unicorn-27364.exe
4828	Unicorn-19750.exe
3204	Unicorn-60783.exe
1592	Unicorn-22318.exe
4100	Unicorn-47519.exe
3264	Unicorn-40576.exe
2272	Unicorn-24794.exe
3792	Unicorn-44660.exe
4264	Unicorn-60731.exe
1780	Unicorn-49512.exe
316	Unicorn-2349.exe
1600	Unicorn-16648.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
9212	14320	WerFault.exe	710

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32002.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55213.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12510.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7777.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48721.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46948.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28685.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37696.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13988.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56276.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48840.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30110.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43892.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47413.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3375.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37818.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55309.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6804.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34474.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59872.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9375.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55006.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11994.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9520.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7283.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-179.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55309.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28877.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11359.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	6888	dwm.exe
Token: SeChangeNotifyPrivilege	6888	dwm.exe
Token: 33	6888	dwm.exe
Token: SeIncBasePriorityPrivilege	6888	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
468	ed31fc2a316131449920560d7f3a940fd97f7870ceb6b0a324ccd9ab3edc78f4N.exe
1540	Unicorn-9755.exe
3016	Unicorn-36528.exe
5020	Unicorn-12578.exe
1056	Unicorn-38640.exe
3612	Unicorn-54976.exe
3764	Unicorn-35110.exe
5076	Unicorn-40678.exe
4840	Unicorn-13471.exe
220	Unicorn-19593.exe
4832	Unicorn-33892.exe
2648	Unicorn-33627.exe
3840	Unicorn-5858.exe
4360	Unicorn-29808.exe
4992	Unicorn-5858.exe
2540	Unicorn-61447.exe
3624	Unicorn-61852.exe
1968	Unicorn-62407.exe
4692	Unicorn-16544.exe
940	Unicorn-4291.exe
2812	Unicorn-20362.exe
1984	Unicorn-43086.exe
4420	Unicorn-49216.exe
2788	Unicorn-32880.exe
3636	Unicorn-29350.exe
4796	Unicorn-762.exe
2016	Unicorn-41048.exe
2400	Unicorn-47170.exe
3360	Unicorn-40286.exe
1900	Unicorn-50752.exe
4800	Unicorn-48706.exe
4524	Unicorn-27726.exe
3232	Unicorn-39424.exe
2988	Unicorn-63928.exe
3404	Unicorn-57798.exe
3028	Unicorn-64483.exe
948	Unicorn-55568.exe
2152	Unicorn-2646.exe
544	Unicorn-7135.exe
208	Unicorn-23472.exe
4492	Unicorn-7690.exe
4740	Unicorn-27556.exe
4644	Unicorn-43892.exe
5012	Unicorn-45930.exe
2468	Unicorn-51298.exe
2296	Unicorn-60228.exe
3672	Unicorn-43892.exe
1592	Unicorn-22318.exe
2020	Unicorn-31448.exe
4100	Unicorn-47519.exe
2224	Unicorn-43892.exe
3504	Unicorn-8981.exe
4860	Unicorn-18930.exe
5052	Unicorn-11582.exe
1508	Unicorn-23280.exe
4828	Unicorn-19750.exe
2796	Unicorn-27364.exe
3204	Unicorn-60783.exe
3792	Unicorn-44660.exe
3264	Unicorn-40576.exe
4264	Unicorn-60731.exe
2272	Unicorn-24794.exe
1780	Unicorn-49512.exe
316	Unicorn-2349.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 468 wrote to memory of 1540	468	ed31fc2a316131449920560d7f3a940fd97f7870ceb6b0a324ccd9ab3edc78f4N.exe	86
PID 468 wrote to memory of 1540	468	ed31fc2a316131449920560d7f3a940fd97f7870ceb6b0a324ccd9ab3edc78f4N.exe	86
PID 468 wrote to memory of 1540	468	ed31fc2a316131449920560d7f3a940fd97f7870ceb6b0a324ccd9ab3edc78f4N.exe	86
PID 1540 wrote to memory of 3016	1540	Unicorn-9755.exe	87
PID 1540 wrote to memory of 3016	1540	Unicorn-9755.exe	87
PID 1540 wrote to memory of 3016	1540	Unicorn-9755.exe	87
PID 468 wrote to memory of 5020	468	ed31fc2a316131449920560d7f3a940fd97f7870ceb6b0a324ccd9ab3edc78f4N.exe	88
PID 468 wrote to memory of 5020	468	ed31fc2a316131449920560d7f3a940fd97f7870ceb6b0a324ccd9ab3edc78f4N.exe	88
PID 468 wrote to memory of 5020	468	ed31fc2a316131449920560d7f3a940fd97f7870ceb6b0a324ccd9ab3edc78f4N.exe	88
PID 5020 wrote to memory of 1056	5020	Unicorn-12578.exe	89
PID 5020 wrote to memory of 1056	5020	Unicorn-12578.exe	89
PID 5020 wrote to memory of 1056	5020	Unicorn-12578.exe	89
PID 468 wrote to memory of 5076	468	ed31fc2a316131449920560d7f3a940fd97f7870ceb6b0a324ccd9ab3edc78f4N.exe	90
PID 468 wrote to memory of 5076	468	ed31fc2a316131449920560d7f3a940fd97f7870ceb6b0a324ccd9ab3edc78f4N.exe	90
PID 468 wrote to memory of 5076	468	ed31fc2a316131449920560d7f3a940fd97f7870ceb6b0a324ccd9ab3edc78f4N.exe	90
PID 1540 wrote to memory of 3764	1540	Unicorn-9755.exe	91
PID 1540 wrote to memory of 3764	1540	Unicorn-9755.exe	91
PID 1540 wrote to memory of 3764	1540	Unicorn-9755.exe	91
PID 3016 wrote to memory of 3612	3016	Unicorn-36528.exe	92
PID 3016 wrote to memory of 3612	3016	Unicorn-36528.exe	92
PID 3016 wrote to memory of 3612	3016	Unicorn-36528.exe	92
PID 3764 wrote to memory of 4840	3764	Unicorn-35110.exe	93
PID 3764 wrote to memory of 4840	3764	Unicorn-35110.exe	93
PID 3764 wrote to memory of 4840	3764	Unicorn-35110.exe	93
PID 1056 wrote to memory of 4360	1056	Unicorn-38640.exe	94
PID 1056 wrote to memory of 4360	1056	Unicorn-38640.exe	94
PID 1056 wrote to memory of 4360	1056	Unicorn-38640.exe	94
PID 1540 wrote to memory of 220	1540	Unicorn-9755.exe	95
PID 1540 wrote to memory of 220	1540	Unicorn-9755.exe	95
PID 1540 wrote to memory of 220	1540	Unicorn-9755.exe	95
PID 3016 wrote to memory of 4992	3016	Unicorn-36528.exe	96
PID 3016 wrote to memory of 4992	3016	Unicorn-36528.exe	96
PID 3016 wrote to memory of 4992	3016	Unicorn-36528.exe	96
PID 5020 wrote to memory of 3840	5020	Unicorn-12578.exe	97
PID 5020 wrote to memory of 3840	5020	Unicorn-12578.exe	97
PID 5020 wrote to memory of 3840	5020	Unicorn-12578.exe	97
PID 468 wrote to memory of 2648	468	ed31fc2a316131449920560d7f3a940fd97f7870ceb6b0a324ccd9ab3edc78f4N.exe	98
PID 468 wrote to memory of 2648	468	ed31fc2a316131449920560d7f3a940fd97f7870ceb6b0a324ccd9ab3edc78f4N.exe	98
PID 468 wrote to memory of 2648	468	ed31fc2a316131449920560d7f3a940fd97f7870ceb6b0a324ccd9ab3edc78f4N.exe	98
PID 5076 wrote to memory of 4832	5076	Unicorn-40678.exe	99
PID 5076 wrote to memory of 4832	5076	Unicorn-40678.exe	99
PID 5076 wrote to memory of 4832	5076	Unicorn-40678.exe	99
PID 3612 wrote to memory of 2540	3612	Unicorn-54976.exe	100
PID 3612 wrote to memory of 2540	3612	Unicorn-54976.exe	100
PID 3612 wrote to memory of 2540	3612	Unicorn-54976.exe	100
PID 4840 wrote to memory of 3624	4840	Unicorn-13471.exe	101
PID 4840 wrote to memory of 3624	4840	Unicorn-13471.exe	101
PID 4840 wrote to memory of 3624	4840	Unicorn-13471.exe	101
PID 3764 wrote to memory of 1968	3764	Unicorn-35110.exe	102
PID 3764 wrote to memory of 1968	3764	Unicorn-35110.exe	102
PID 3764 wrote to memory of 1968	3764	Unicorn-35110.exe	102
PID 4360 wrote to memory of 940	4360	Unicorn-29808.exe	103
PID 4360 wrote to memory of 940	4360	Unicorn-29808.exe	103
PID 4360 wrote to memory of 940	4360	Unicorn-29808.exe	103
PID 220 wrote to memory of 4692	220	Unicorn-19593.exe	104
PID 220 wrote to memory of 4692	220	Unicorn-19593.exe	104
PID 220 wrote to memory of 4692	220	Unicorn-19593.exe	104
PID 1056 wrote to memory of 4796	1056	Unicorn-38640.exe	106
PID 1056 wrote to memory of 4796	1056	Unicorn-38640.exe	106
PID 1056 wrote to memory of 4796	1056	Unicorn-38640.exe	106
PID 1540 wrote to memory of 2812	1540	Unicorn-9755.exe	105
PID 1540 wrote to memory of 2812	1540	Unicorn-9755.exe	105
PID 1540 wrote to memory of 2812	1540	Unicorn-9755.exe	105
PID 4832 wrote to memory of 2788	4832	Unicorn-33892.exe	107

C:\Users\Admin\AppData\Local\Temp\ed31fc2a316131449920560d7f3a940fd97f7870ceb6b0a324ccd9ab3edc78f4N.exe
"C:\Users\Admin\AppData\Local\Temp\ed31fc2a316131449920560d7f3a940fd97f7870ceb6b0a324ccd9ab3edc78f4N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:468
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9755.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9755.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36528.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36528.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54976.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61447.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50752.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40576.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
        8⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61829.exe
        9⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21773.exe
        10⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26787.exe
        11⤵
        
        PID:13968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2987.exe
        10⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20739.exe
        9⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59011.exe
        9⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        8⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        9⤵
        
        PID:13768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23141.exe
        9⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31892.exe
        8⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17414.exe
        8⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40197.exe
        8⤵
        
        PID:14216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57999.exe
        8⤵
        
        PID:18360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
        7⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe
        8⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        9⤵
        
        PID:13664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
        9⤵
        
        PID:16960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54999.exe
        8⤵
        
        PID:11468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
        8⤵
        
        PID:15604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52679.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27066.exe
        7⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28169.exe
        7⤵
        
        PID:17484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47732.exe
        7⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        8⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3872.exe
        9⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10983.exe
        8⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
        8⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45855.exe
        7⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        8⤵
        
        PID:13536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
        8⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19041.exe
        7⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21949.exe
        6⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        7⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35295.exe
        8⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35426.exe
        8⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        7⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
        7⤵
        
        PID:15408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exe
        6⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64828.exe
        7⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46519.exe
        6⤵
        
        PID:13148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21364.exe
        6⤵
        
        PID:14384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60565.exe
        6⤵
        
        PID:17404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48706.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44660.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26726.exe
        7⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50553.exe
        8⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12431.exe
        8⤵
        
        PID:13676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10199.exe
        8⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52592.exe
        7⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57877.exe
        7⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29658.exe
        6⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56505.exe
        7⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2047.exe
        8⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54735.exe
        8⤵
        
        PID:15744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        7⤵
        
        PID:11448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
        7⤵
        
        PID:15780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52183.exe
        6⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54496.exe
        6⤵
        
        PID:11312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14052.exe
        6⤵
        
        PID:17756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60731.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
        6⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44445.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65109.exe
        8⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
        8⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39571.exe
        7⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63988.exe
        7⤵
        
        PID:15200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44787.exe
        7⤵
        
        PID:7400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18715.exe
        6⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33598.exe
        7⤵
        
        PID:19924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18435.exe
        6⤵
        
        PID:13172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20834.exe
        6⤵
        
        PID:13512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56847.exe
        6⤵
        
        PID:16672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19149.exe
        5⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55581.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55213.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33811.exe
        7⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16426.exe
        7⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7267.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49607.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59011.exe
        6⤵
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43585.exe
        5⤵
        
        PID:8336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26528.exe
        6⤵
        
        PID:16020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49454.exe
        5⤵
        
        PID:12792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29620.exe
        5⤵
        
        PID:15400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49216.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60228.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27312.exe
        7⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40937.exe
        8⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30917.exe
        9⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64312.exe
        9⤵
        
        PID:16740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13059.exe
        8⤵
        
        PID:12088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52530.exe
        8⤵
        
        PID:16888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24335.exe
        7⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5784.exe
        8⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
        8⤵
        
        PID:17360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20354.exe
        7⤵
        
        PID:12560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        7⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25574.exe
        6⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4180.exe
        7⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26528.exe
        8⤵
        
        PID:15988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
        7⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
        7⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55309.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58544.exe
        6⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49785.exe
        7⤵
        
        PID:14324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8916.exe
        7⤵
        
        PID:17584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16594.exe
        6⤵
        
        PID:11624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
        6⤵
        
        PID:16516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11582.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31897.exe
        7⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48093.exe
        8⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
        8⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59872.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13988.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
        6⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21773.exe
        7⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16515.exe
        7⤵
        
        PID:13568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4136.exe
        7⤵
        
        PID:17732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27896.exe
        6⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63484.exe
        7⤵
        
        PID:15856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18188.exe
        6⤵
        
        PID:15556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
        5⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61829.exe
        6⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51985.exe
        7⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32889.exe
        8⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44713.exe
        8⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47076.exe
        7⤵
        
        PID:13092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44976.exe
        7⤵
        
        PID:16728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26219.exe
        6⤵
        
        PID:10068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47547.exe
        6⤵
        
        PID:14236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55309.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51616.exe
        5⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61077.exe
        6⤵
        
        PID:13360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3872.exe
        6⤵
        
        PID:15568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16874.exe
        5⤵
        
        PID:10692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9974.exe
        5⤵
        
        PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55989.exe
        5⤵
        
        PID:15504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47170.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23280.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15251.exe
        6⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52317.exe
        7⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24793.exe
        8⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43064.exe
        9⤵
        
        PID:15996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61492.exe
        8⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53079.exe
        8⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
        8⤵
        
        PID:13768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28218.exe
        8⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64600.exe
        7⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19512.exe
        8⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19394.exe
        7⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
        7⤵
        
        PID:13856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15539.exe
        6⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59940.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        8⤵
        
        PID:13744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        8⤵
        
        PID:15680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39431.exe
        7⤵
        
        PID:12456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63211.exe
        7⤵
        
        PID:14780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
        7⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32066.exe
        6⤵
        
        PID:8724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52696.exe
        6⤵
        
        PID:11416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31575.exe
        6⤵
        
        PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36034.exe
        5⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        6⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13760.exe
        7⤵
        
        PID:14512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32653.exe
        7⤵
        
        PID:1292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
        6⤵
        
        PID:11808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6619.exe
        6⤵
        
        PID:15196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-319.exe
        6⤵
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13993.exe
        6⤵
        
        PID:18372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
        5⤵
        
        PID:8224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26528.exe
        6⤵
        
        PID:16004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
        5⤵
        
        PID:11992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55788.exe
        5⤵
        
        PID:17776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47636.exe
        5⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35893.exe
        6⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22134.exe
        7⤵
        
        PID:11508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19323.exe
        7⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49415.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62153.exe
        6⤵
        
        PID:13968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51948.exe
        6⤵
        
        PID:20112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32066.exe
        5⤵
        
        PID:8732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10199.exe
        6⤵
        
        PID:15584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52696.exe
        5⤵
        
        PID:11372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59011.exe
        5⤵
        
        PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52206.exe
      4⤵
      PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51497.exe
        5⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46433.exe
        6⤵
        
        PID:14568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63249.exe
        6⤵
        
        PID:20192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6899.exe
        5⤵
        
        PID:10876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
      4⤵
      PID:7868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43064.exe
        5⤵
        
        PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61281.exe
      4⤵
      PID:12244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13912.exe
      4⤵
      PID:6456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35110.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13471.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39424.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16648.exe
        7⤵
        Executes dropped EXE
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25893.exe
        8⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2047.exe
        10⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe
        10⤵
        
        PID:20204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
        9⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39743.exe
        9⤵
        
        PID:15492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34946.exe
        8⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45149.exe
        9⤵
        
        PID:16840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53600.exe
        8⤵
        
        PID:15788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
        7⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18633.exe
        8⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44305.exe
        9⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        9⤵
        
        PID:15980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
        8⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58609.exe
        8⤵
        
        PID:15268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52955.exe
        8⤵
        
        PID:17556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32644.exe
        7⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50561.exe
        7⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
        6⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53640.exe
        7⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24601.exe
        8⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49785.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:13712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32653.exe
        9⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
        8⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26528.exe
        8⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24858.exe
        7⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56269.exe
        8⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62016.exe
        7⤵
        
        PID:11796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51803.exe
        7⤵
        
        PID:16228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48159.exe
        6⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46853.exe
        8⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        8⤵
        
        PID:14312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
        8⤵
        
        PID:15956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
        7⤵
        
        PID:13368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
        7⤵
        
        PID:14212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59989.exe
        7⤵
        
        PID:17792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61668.exe
        6⤵
        
        PID:8284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60751.exe
        6⤵
        
        PID:12252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5731.exe
        6⤵
        
        PID:13516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
        6⤵
        
        PID:15592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52968.exe
        7⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        8⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37813.exe
        9⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43064.exe
        10⤵
        
        PID:16012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50008.exe
        9⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
        9⤵
        
        PID:17520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23567.exe
        8⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6612.exe
        9⤵
        
        PID:15836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
        8⤵
        
        PID:11856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
        8⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9099.exe
        7⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
        8⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        9⤵
        
        PID:15364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47547.exe
        8⤵
        
        PID:14244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26528.exe
        8⤵
        
        PID:15816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
        7⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63881.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36802.exe
        6⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22717.exe
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22349.exe
        8⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        8⤵
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
        8⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
        7⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51803.exe
        7⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55803.exe
        6⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19469.exe
        7⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46948.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3687.exe
        6⤵
        
        PID:11340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15047.exe
        6⤵
        
        PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2349.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11743.exe
        6⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47413.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18981.exe
        8⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63477.exe
        8⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43323.exe
        7⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27164.exe
        7⤵
        
        PID:20344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21647.exe
        6⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32291.exe
        7⤵
        
        PID:15136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1906.exe
        6⤵
        
        PID:11332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15005.exe
        6⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29520.exe
        5⤵
        
        PID:432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27725.exe
        6⤵
        
        PID:7472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36063.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
        6⤵
        
        PID:15448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21098.exe
        5⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40324.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        5⤵
        
        PID:11712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38608.exe
        5⤵
        
        PID:15576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63928.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60539.exe
        6⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5996.exe
        7⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9520.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12431.exe
        8⤵
        
        PID:13604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
        8⤵
        
        PID:16808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8295.exe
        7⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe
        7⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51335.exe
        6⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        7⤵
        
        PID:13692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        7⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8155.exe
        6⤵
        
        PID:11968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39452.exe
        6⤵
        
        PID:17448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9034.exe
        5⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5664.exe
        6⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        7⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61077.exe
        8⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23141.exe
        8⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35487.exe
        7⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59011.exe
        7⤵
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45855.exe
        6⤵
        
        PID:8232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7222.exe
        6⤵
        
        PID:12008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35275.exe
        6⤵
        
        PID:16204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60411.exe
        5⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        6⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53796.exe
        7⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2987.exe
        7⤵
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29291.exe
        6⤵
        
        PID:10516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54735.exe
        6⤵
        
        PID:15772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
        5⤵
        
        PID:8328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        6⤵
        
        PID:13612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6175.exe
        6⤵
        
        PID:15428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48913.exe
        5⤵
        
        PID:16544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57798.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24816.exe
        5⤵
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        6⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6868.exe
        7⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4263.exe
        7⤵
        
        PID:13592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43064.exe
        7⤵
        
        PID:15900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        6⤵
        
        PID:10088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32591.exe
        6⤵
        
        PID:13480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57877.exe
        6⤵
        
        PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27599.exe
        5⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        6⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38685.exe
        7⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        7⤵
        
        PID:14292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7267.exe
        7⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
        6⤵
        
        PID:13408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
        6⤵
        
        PID:15416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2519.exe
        5⤵
        
        PID:9560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
        5⤵
        
        PID:13632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59011.exe
        5⤵
        
        PID:3872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
      4⤵
      PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25893.exe
        5⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28877.exe
        6⤵
        
        PID:7976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
        6⤵
        
        PID:11940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44554.exe
        6⤵
        
        PID:16432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7231.exe
        5⤵
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
        5⤵
        
        PID:11804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
        5⤵
        
        PID:17692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
      4⤵
      PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        5⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6012.exe
        6⤵
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33811.exe
        6⤵
        
        PID:14196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        6⤵
        
        PID:16096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
        5⤵
        
        PID:12152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61225.exe
        5⤵
        
        PID:17564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
      4⤵
      PID:8312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12506.exe
      4⤵
      PID:12120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30141.exe
      4⤵
      PID:4476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19593.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19593.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16544.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24816.exe
        6⤵
        
        PID:720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        7⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
        8⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47547.exe
        8⤵
        
        PID:14136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2987.exe
        8⤵
        
        PID:14252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
        8⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39376.exe
        7⤵
        
        PID:16716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56188.exe
        6⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45213.exe
        7⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
        7⤵
        
        PID:11960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-781.exe
        7⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37303.exe
        6⤵
        
        PID:8956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22790.exe
        6⤵
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51803.exe
        6⤵
        
        PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        5⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        6⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28877.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39740.exe
        8⤵
        
        PID:16172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-231.exe
        7⤵
        
        PID:11472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56614.exe
        7⤵
        
        PID:16776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
        6⤵
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21175.exe
        6⤵
        
        PID:11724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41335.exe
        5⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19557.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26528.exe
        7⤵
        
        PID:15948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7283.exe
        6⤵
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35426.exe
        6⤵
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21595.exe
        5⤵
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43064.exe
        6⤵
        
        PID:15844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12510.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
        5⤵
        
        PID:6028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2646.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        5⤵
        
        PID:656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        6⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48093.exe
        7⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59712.exe
        7⤵
        
        PID:12704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18360.exe
        7⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25592.exe
        6⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35464.exe
        7⤵
        
        PID:16900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23366.exe
        6⤵
        
        PID:13560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59011.exe
        6⤵
        
        PID:1004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
        5⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        6⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14180.exe
        7⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
        8⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41787.exe
        7⤵
        
        PID:13548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10199.exe
        7⤵
        
        PID:15632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41735.exe
        6⤵
        
        PID:10376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
        6⤵
        
        PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63972.exe
        5⤵
        
        PID:8200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7664.exe
        5⤵
        
        PID:15660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7777.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56668.exe
        5⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51497.exe
        6⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18265.exe
        7⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59726.exe
        8⤵
        
        PID:17972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        7⤵
        
        PID:13688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6804.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25207.exe
        6⤵
        
        PID:10528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62904.exe
        6⤵
        
        PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26778.exe
        5⤵
        
        PID:8420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38664.exe
        5⤵
        
        PID:12264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
        5⤵
        
        PID:3544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5015.exe
      4⤵
      PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
        5⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61985.exe
        6⤵
        
        PID:10296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35426.exe
        6⤵
        
        PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43323.exe
        5⤵
        
        PID:11888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14787.exe
        5⤵
        
        PID:15256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65208.exe
        5⤵
        
        PID:17640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53003.exe
      4⤵
      PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43064.exe
        5⤵
        
        PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44215.exe
      4⤵
      PID:12224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53600.exe
      4⤵
      PID:15720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20362.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20362.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27556.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
        5⤵
        
        PID:1192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54289.exe
        6⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6572.exe
        7⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59821.exe
        8⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18360.exe
        8⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
        7⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6687.exe
        7⤵
        
        PID:16296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17947.exe
        6⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23987.exe
        7⤵
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        6⤵
        
        PID:12040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24559.exe
        6⤵
        
        PID:18844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6690.exe
        5⤵
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12924.exe
        6⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53708.exe
        6⤵
        
        PID:11304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55309.exe
        6⤵
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23324.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27687.exe
        6⤵
        
        PID:16216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50227.exe
        5⤵
        
        PID:12612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe
        5⤵
        
        PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65199.exe
      4⤵
      PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        5⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10464.exe
        6⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55213.exe
        7⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33811.exe
        7⤵
        
        PID:14140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27687.exe
        7⤵
        
        PID:16272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33567.exe
        6⤵
        
        PID:10344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-700.exe
        6⤵
        
        PID:15336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65208.exe
        6⤵
        
        PID:17680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62191.exe
        5⤵
        
        PID:8272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1139.exe
        5⤵
        
        PID:13060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55804.exe
        5⤵
        
        PID:15132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15623.exe
        5⤵
        
        PID:17352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8086.exe
      4⤵
      PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
        5⤵
        
        PID:9448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40495.exe
        5⤵
        
        PID:13960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23987.exe
        5⤵
        
        PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53256.exe
      4⤵
      PID:9492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51801.exe
        5⤵
        
        PID:16828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19282.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46483.exe
      4⤵
      PID:3876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
      4⤵
      PID:2008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51298.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55900.exe
      4⤵
      PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1912.exe
        5⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10096.exe
        6⤵
        
        PID:9832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        6⤵
        
        PID:12444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39940.exe
        6⤵
        
        PID:16128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46204.exe
        5⤵
        
        PID:10280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42031.exe
        5⤵
        
        PID:15180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59011.exe
        5⤵
        
        PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49852.exe
      4⤵
      PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28981.exe
        5⤵
        
        PID:13704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44713.exe
        5⤵
        
        PID:6664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
      4⤵
      PID:11980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:17856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2614.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2614.exe
    3⤵
    PID:5740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
      4⤵
      PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12452.exe
        5⤵
        
        PID:14300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
        5⤵
        
        PID:5276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15451.exe
      4⤵
      PID:10836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
      4⤵
      PID:3488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62661.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62661.exe
    3⤵
    PID:8616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61130.exe
    3⤵
    PID:11632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22933.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22933.exe
    3⤵
    PID:6368
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12578.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12578.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38640.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38640.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29808.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4291.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23472.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9247.exe
        7⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54289.exe
        8⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51497.exe
        9⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
        10⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        10⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62732.exe
        9⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23023.exe
        9⤵
        
        PID:16264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46780.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8968.exe
        9⤵
        
        PID:17296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44747.exe
        8⤵
        
        PID:14156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
        8⤵
        
        PID:13680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57283.exe
        8⤵
        
        PID:20124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27599.exe
        7⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51985.exe
        8⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47076.exe
        8⤵
        
        PID:13076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26374.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
        8⤵
        
        PID:16692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39415.exe
        7⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27948.exe
        7⤵
        
        PID:13472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24517.exe
        7⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1634.exe
        6⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        7⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49105.exe
        8⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
        8⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59201.exe
        8⤵
        
        PID:15612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52679.exe
        7⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25260.exe
        7⤵
        
        PID:11644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50843.exe
        7⤵
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29082.exe
        6⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28419.exe
        7⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20354.exe
        7⤵
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33454.exe
        7⤵
        
        PID:16924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52183.exe
        6⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54496.exe
        6⤵
        
        PID:12652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
        6⤵
        
        PID:15648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7690.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6219.exe
        6⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35295.exe
        8⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        8⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63308.exe
        7⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe
        7⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51720.exe
        6⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4918.exe
        6⤵
        
        PID:12832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16728.exe
        6⤵
        
        PID:15908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
        5⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        6⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
        7⤵
        
        PID:12216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        7⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9639.exe
        6⤵
        
        PID:10904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4139.exe
        6⤵
        
        PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
        5⤵
        
        PID:8112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
        6⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18864.exe
        6⤵
        
        PID:15756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
        5⤵
        
        PID:12824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39376.exe
        5⤵
        
        PID:16644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        6⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62649.exe
        7⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
        8⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
        9⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6147.exe
        9⤵
        
        PID:14472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47864.exe
        9⤵
        
        PID:19356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22275.exe
        8⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23023.exe
        8⤵
        
        PID:16452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54023.exe
        7⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59201.exe
        8⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13583.exe
        7⤵
        
        PID:12800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47527.exe
        7⤵
        
        PID:16160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6690.exe
        6⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27179.exe
        7⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
        8⤵
        
        PID:16788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47547.exe
        7⤵
        
        PID:14228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51801.exe
        7⤵
        
        PID:16800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30828.exe
        6⤵
        
        PID:10208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44747.exe
        6⤵
        
        PID:14164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63864.exe
        6⤵
        
        PID:16820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54919.exe
        5⤵
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54289.exe
        6⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51497.exe
        7⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36521.exe
        8⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31342.exe
        8⤵
        
        PID:16032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35487.exe
        7⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47651.exe
        7⤵
        
        PID:14656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57039.exe
        7⤵
        
        PID:17476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
        6⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18360.exe
        7⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        6⤵
        
        PID:12016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31191.exe
        6⤵
        
        PID:16084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29082.exe
        5⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        6⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28229.exe
        7⤵
        
        PID:15188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
        7⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26986.exe
        6⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31575.exe
        6⤵
        
        PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
        5⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
        6⤵
        
        PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        5⤵
        
        PID:12220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46776.exe
        5⤵
        
        PID:15468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45930.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
        5⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31897.exe
        6⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6868.exe
        7⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12431.exe
        7⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8450.exe
        7⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60744.exe
        7⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6183.exe
        6⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63477.exe
        7⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17998.exe
        6⤵
        
        PID:13504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11078.exe
        6⤵
        
        PID:14056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18360.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
        5⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45161.exe
        6⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30375.exe
        7⤵
        
        PID:17880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60096.exe
        6⤵
        
        PID:11412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23987.exe
        6⤵
        
        PID:16524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20382.exe
        5⤵
        
        PID:10264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26779.exe
        5⤵
        
        PID:15160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22272.exe
        5⤵
        
        PID:15480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10710.exe
      4⤵
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44445.exe
        5⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18981.exe
        6⤵
        
        PID:11196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44208.exe
        6⤵
        
        PID:15544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7283.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
        5⤵
        
        PID:15624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37818.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15627.exe
      4⤵
      PID:12112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
      4⤵
      PID:16380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41048.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43892.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
        6⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61829.exe
        7⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37813.exe
        8⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9868.exe
        9⤵
        
        PID:14364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        9⤵
        
        PID:15704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
        8⤵
        
        PID:12124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
        8⤵
        
        PID:16416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22415.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39343.exe
        8⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
        8⤵
        
        PID:16460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23478.exe
        7⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        7⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        6⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52857.exe
        7⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
        8⤵
        
        PID:16684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        7⤵
        
        PID:15824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
        6⤵
        
        PID:10816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1352.exe
        6⤵
        
        PID:16936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41270.exe
        5⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44445.exe
        6⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18981.exe
        7⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7452.exe
        7⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15451.exe
        6⤵
        
        PID:10848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44554.exe
        6⤵
        
        PID:16392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        5⤵
        
        PID:8464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17084.exe
        6⤵
        
        PID:17600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7771.exe
        5⤵
        
        PID:11316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
        5⤵
        
        PID:19348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60783.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31588.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61829.exe
        6⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18819.exe
        7⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        7⤵
        
        PID:13644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23987.exe
        7⤵
        
        PID:16532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11227.exe
        6⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47547.exe
        6⤵
        
        PID:14212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18360.exe
        6⤵
        
        PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        5⤵
        
        PID:6552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22134.exe
        6⤵
        
        PID:11500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35083.exe
        6⤵
        
        PID:16852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43027.exe
        5⤵
        
        PID:10460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41977.exe
        5⤵
        
        PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45508.exe
        5⤵
        
        PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5591.exe
      4⤵
      PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16625.exe
        5⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35805.exe
        6⤵
        
        PID:11300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3375.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
        5⤵
        
        PID:12188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
        5⤵
        
        PID:17528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39547.exe
      4⤵
      PID:7852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
        5⤵
        
        PID:5984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20095.exe
      4⤵
      PID:12448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
      4⤵
      PID:13708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34140.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43086.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43086.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43892.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56476.exe
        5⤵
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52317.exe
        6⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28685.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23788.exe
        8⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50008.exe
        7⤵
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
        7⤵
        
        PID:16148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28227.exe
        6⤵
        
        PID:8932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16078.exe
        6⤵
        
        PID:12720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
        6⤵
        
        PID:16764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
        5⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41077.exe
        6⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24093.exe
        7⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5652.exe
        7⤵
        
        PID:17784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8347.exe
        6⤵
        
        PID:13484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64014.exe
        6⤵
        
        PID:15868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        5⤵
        
        PID:10076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41540.exe
        5⤵
        
        PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27866.exe
      4⤵
      PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        5⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2047.exe
        6⤵
        
        PID:10660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        6⤵
        
        PID:15916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
        5⤵
        
        PID:13380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe
        5⤵
        
        PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35383.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
      4⤵
      PID:10492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59011.exe
      4⤵
      PID:3224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18930.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18930.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
      4⤵
      PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1964.exe
        5⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
        6⤵
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47547.exe
        6⤵
        
        PID:14220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11923.exe
        6⤵
        
        PID:16948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33655.exe
        5⤵
        
        PID:9484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22082.exe
        5⤵
        
        PID:13892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5324.exe
        5⤵
        
        PID:14496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52955.exe
        5⤵
        
        PID:17632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32451.exe
      4⤵
      PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28419.exe
        5⤵
        
        PID:8696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32606.exe
        5⤵
        
        PID:12596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29370.exe
        5⤵
        
        PID:16752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38071.exe
      4⤵
      PID:8572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35295.exe
        5⤵
        
        PID:11052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17384.exe
        5⤵
        
        PID:12552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
        5⤵
        
        PID:17824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59172.exe
      4⤵
      PID:10968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32598.exe
      4⤵
      PID:14636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
      4⤵
      PID:17700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38802.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38802.exe
    3⤵
    PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
      4⤵
      PID:7280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2047.exe
        5⤵
        
        PID:10636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42483.exe
        5⤵
        
        PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
      4⤵
      PID:13388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
      4⤵
      PID:15924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43585.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43585.exe
    3⤵
    PID:6556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49454.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49454.exe
    3⤵
    PID:12764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33512.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33512.exe
    3⤵
    PID:6504
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40678.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40678.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33892.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33892.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32880.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27364.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
        6⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48233.exe
        7⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36779.exe
        8⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        9⤵
        
        PID:13328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
        9⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65280.exe
        8⤵
        
        PID:12488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        8⤵
        
        PID:15964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63448.exe
        7⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5784.exe
        8⤵
        
        PID:14392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
        7⤵
        
        PID:13164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13528.exe
        7⤵
        
        PID:16344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52488.exe
        6⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56069.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47076.exe
        7⤵
        
        PID:13084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57229.exe
        7⤵
        
        PID:16704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11558.exe
        6⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3176.exe
        7⤵
        
        PID:1300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32302.exe
        6⤵
        
        PID:16444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27866.exe
        5⤵
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11772.exe
        6⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59541.exe
        7⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
        7⤵
        
        PID:15972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15451.exe
        6⤵
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
        6⤵
        
        PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7946.exe
        5⤵
        
        PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3687.exe
        5⤵
        
        PID:11348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51803.exe
        5⤵
        
        PID:16424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43648.exe
        5⤵
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18633.exe
        6⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        7⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        7⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2815.exe
        6⤵
        
        PID:10840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47335.exe
        6⤵
        
        PID:16864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54320.exe
        5⤵
        
        PID:8376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63551.exe
        5⤵
        
        PID:10508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35426.exe
        5⤵
        
        PID:5632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10096.exe
        6⤵
        
        PID:9884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        6⤵
        
        PID:14288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7267.exe
        6⤵
        
        PID:16632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17039.exe
        5⤵
        
        PID:10444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        5⤵
        
        PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43055.exe
      4⤵
      PID:5204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
      4⤵
      PID:12840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2620.exe
      4⤵
      PID:16876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29350.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43892.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6315.exe
        5⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54289.exe
        6⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61357.exe
        7⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7452.exe
        8⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58176.exe
        7⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53796.exe
        7⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13033.exe
        7⤵
        
        PID:17396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55856.exe
        6⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9868.exe
        7⤵
        
        PID:14272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
        7⤵
        
        PID:15892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65280.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
        6⤵
        
        PID:15640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6690.exe
        5⤵
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48093.exe
        6⤵
        
        PID:9028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
        6⤵
        
        PID:8904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
        6⤵
        
        PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25592.exe
        5⤵
        
        PID:10012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25865.exe
        5⤵
        
        PID:15672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
      4⤵
      PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10516.exe
        5⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
        6⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10096.exe
        7⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        7⤵
        
        PID:14320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14320 -s 460
        8⤵
        Program crash
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
        7⤵
        
        PID:15940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-179.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
        6⤵
        
        PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42067.exe
        5⤵
        
        PID:8292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8220.exe
        6⤵
        
        PID:16624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18435.exe
        5⤵
        
        PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4139.exe
        5⤵
        
        PID:7332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20722.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        5⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6131.exe
        6⤵
        
        PID:10620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50843.exe
        6⤵
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
        5⤵
        
        PID:13400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
        5⤵
        
        PID:16500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41248.exe
      4⤵
      PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18037.exe
        5⤵
        
        PID:14376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44329.exe
        5⤵
        
        PID:16368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64643.exe
      4⤵
      PID:11288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16728.exe
      4⤵
      PID:5728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8981.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15059.exe
      4⤵
      PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7688.exe
        5⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44689.exe
        6⤵
        
        PID:9776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
        6⤵
        
        PID:15696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42675.exe
        5⤵
        
        PID:4688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55664.exe
      4⤵
      PID:8424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1906.exe
      4⤵
      PID:11356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32686.exe
      4⤵
      PID:15376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30939.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30939.exe
    3⤵
    PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
      4⤵
      PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37045.exe
        5⤵
        
        PID:7992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26205.exe
        6⤵
        
        PID:14460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34955.exe
        6⤵
        
        PID:1176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
        5⤵
        
        PID:11932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
        5⤵
        
        PID:17512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19483.exe
      4⤵
      PID:8892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20045.exe
        5⤵
        
        PID:13732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
        5⤵
        
        PID:14452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47895.exe
        5⤵
        
        PID:14384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64792.exe
        5⤵
        
        PID:20356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6950.exe
      4⤵
      PID:12304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27772.exe
      4⤵
      PID:13488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
      4⤵
      PID:16472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19650.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19650.exe
    3⤵
    PID:964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48093.exe
      4⤵
      PID:8912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19329.exe
        5⤵
        
        PID:15104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        5⤵
        
        PID:16116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
      4⤵
      PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39667.exe
      4⤵
      PID:10772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4136.exe
      4⤵
      PID:17740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-391.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-391.exe
    3⤵
    PID:9992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18360.exe
      4⤵
      PID:5648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15728.exe
    3⤵
    PID:13576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42018.exe
    3⤵
    PID:13480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
    3⤵
    PID:16356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33627.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33627.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64483.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64483.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24816.exe
      4⤵
      PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30361.exe
        5⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3412.exe
        6⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7792.exe
        7⤵
        
        PID:13716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        7⤵
        
        PID:17848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19535.exe
        6⤵
        
        PID:9388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        6⤵
        
        PID:15932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59364.exe
        5⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57977.exe
        6⤵
        
        PID:15440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15310.exe
        5⤵
        
        PID:11752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        5⤵
        
        PID:6936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe
      4⤵
      PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13988.exe
        6⤵
        
        PID:9788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        6⤵
        
        PID:13448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
        6⤵
        
        PID:15388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57880.exe
        5⤵
        
        PID:10596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62153.exe
        5⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
        5⤵
        
        PID:17764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63972.exe
      4⤵
      PID:7448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56224.exe
      4⤵
      PID:10960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63189.exe
      4⤵
      PID:1100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22769.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22769.exe
    3⤵
    PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
      4⤵
      PID:6684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27179.exe
        5⤵
        
        PID:9132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47547.exe
        5⤵
        
        PID:14204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
        5⤵
        
        PID:16252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
      4⤵
      PID:10192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53412.exe
      4⤵
      PID:14188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-781.exe
      4⤵
      PID:7412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47200.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47200.exe
    3⤵
    PID:5376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48840.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11994.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
      4⤵
      PID:16912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59775.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59775.exe
    3⤵
    PID:8676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26528.exe
      4⤵
      PID:5280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58196.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58196.exe
    3⤵
    PID:12660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
    3⤵
    PID:3708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4156.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4156.exe
    3⤵
    PID:17804
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31448.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31448.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15251.exe
      4⤵
      PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52317.exe
        5⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37813.exe
        6⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
        7⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13059.exe
        6⤵
        
        PID:12080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
        6⤵
        
        PID:16180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52540.exe
        5⤵
        
        PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36307.exe
        5⤵
        
        PID:12100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18360.exe
        5⤵
        
        PID:5288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29711.exe
      4⤵
      PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48093.exe
        5⤵
        
        PID:9008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7452.exe
        6⤵
        
        PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
        5⤵
        
        PID:10952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37148.exe
        5⤵
        
        PID:15808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19726.exe
      4⤵
      PID:9980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23864.exe
      4⤵
      PID:13552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
      4⤵
      PID:15764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27866.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27866.exe
    3⤵
    PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51497.exe
      4⤵
      PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41735.exe
        5⤵
        
        PID:10384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe
        5⤵
        
        PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49607.exe
      4⤵
      PID:11024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23023.exe
      4⤵
      PID:5260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33838.exe
    3⤵
    PID:9432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36187.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36187.exe
    3⤵
    PID:13652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39743.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39743.exe
    3⤵
    PID:15524
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22318.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22318.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
    3⤵
    PID:5380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61549.exe
      4⤵
      PID:8076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
      4⤵
      PID:11948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42006.exe
      4⤵
      PID:16540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37303.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37303.exe
    3⤵
    PID:8972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12815.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12815.exe
    3⤵
    PID:12312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
    3⤵
    PID:15456
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48652.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48652.exe
  2⤵
  PID:5444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52805.exe
    3⤵
    PID:6224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10096.exe
      4⤵
      PID:9904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
      4⤵
      PID:13884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31771.exe
      4⤵
      PID:16284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
    3⤵
    PID:13456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39743.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39743.exe
    3⤵
    PID:15532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:8264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59541.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59541.exe
    3⤵
    PID:11860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52192.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52192.exe
    3⤵
    PID:16192
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34415.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34415.exe
  2⤵
  PID:12236
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52997.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52997.exe
  2⤵
  PID:16404

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
1⤵
PID:13472

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:6888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12578.exe

Filesize
468KB

MD5
6c51b6873307137924d193048e59b17e

SHA1
b8485ec99197ce82d25474a2a412abe729cf520f

SHA256
06d754a1be25724fa6dc3b1fe64a272aba77a4a87f7071b01c0115f1a9092c69

SHA512
3830e91a12a92f083cd6bf4196daa5d1dc841b716bf4d86b4a1d0fc30aa788e71bb55803f0ebb4f1c0e994a423c608399cfa1054dbe40392c694c5b59c2aa0ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13471.exe

Filesize
468KB

MD5
387ccddd70c72038b403701fd6ed0dce

SHA1
128094f2c526aec5c55f5c91d6748f1691779977

SHA256
e0ea841c3805d4daecdcd70e945121570c3615bb43a7301bf3284c4c945cbe5d

SHA512
b10c1235709c61bc77fcae8fd7775149e35110bb91b385cc8f07172d53df1d9ccc0ef49266ea1f1cc7244b8afb9b3ec6e5d50dbeaefa0326b543204b08883d9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16544.exe

Filesize
468KB

MD5
7d1f9e4eeae32b7095ef31bbc71692b1

SHA1
d434045c5cd7dff6bbf583bae23a9ed50f28d2a6

SHA256
549118ea80bf73aaa69ec36699fa15117f63eeff621eb73acad1cfd673acdfd9

SHA512
20df08451af1cffc8f52102ea339242267c61b89d0e8018ecd6d470cfca747a6954578b7c33b578d592a0bebf25f4a4163afa0a25991de2d89a269262633a820

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19593.exe

Filesize
468KB

MD5
0dae94a0d9174174185d8bc3133a5c71

SHA1
bdd3e4b3335fcbbb104ac5cf0e0e0bc428f03731

SHA256
0da6d3e276b706d667eeaba5597445c5adf138b19b0b9875aaecde9c5d442fe5

SHA512
bc23ad3db899aa6e19f0f9a2eeea94595365fe837a873f980e9cbe66513ac3e328910f9de3d38d5679eebaf53aab3617eb64c1950bba2c7f14ee4e70cb20a79b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20362.exe

Filesize
468KB

MD5
422ae75c6c7edb5694a60bad345af8fa

SHA1
c569879f79bd4e51a9ab532e7eca4a559073ded9

SHA256
fbd308ed70dd8ba0ba97500c77ea1f5e30da343c6dbf8861d8bdac44b5f02191

SHA512
dc3e5c7d4dedb617a00154879a81ea9e18856d836f4d650577c8ea6aa554b8d54cfa1d68f3960a3ccb2df15ffa87472ff0e699f4afcf77b34a49f98b16df932b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe

Filesize
468KB

MD5
4a6b453a10f78c72f19905a5a3300294

SHA1
178faaf98f1b4eadb1e209a0bd4c1d55ba7d9d0e

SHA256
65b83fef0898eb7ec7b167d13b04f7afcbe3c261c6684a5ffb87fd9da6b4b066

SHA512
526997908d83f149ff8a2a31a6789954bb318d0bdc52b3eb73adbf2fc89fc912123eb333e4f062beacfdad979d10ffb2d88b9744bcd5319675779c9cac7ff363

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29350.exe

Filesize
468KB

MD5
3978ab23c0689cd7feec64f0ff42650a

SHA1
640deafe2439db3f5f7301255cc555979651dacf

SHA256
beb3db697aef1935ec8b92eb41fbd9a21c93edc3eb32ef7cd4b2f611f7b75277

SHA512
c546ff67b6dfabe2e0a82f56c2f1eaf6d51916a38c8636f5989764a061f23f5f173f02d243f896da13d81df844ee936612004dceab2b7afc175b91d6975240ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29808.exe

Filesize
468KB

MD5
624e0026dacfb729738810c00e702b28

SHA1
f307c966343ef412ab9b7914d5949bbf852ab889

SHA256
2e4ba505a3a98199a0db1e7ceb8962d6ec385663d2173ea344170487b75ce1ea

SHA512
646cde4d82ff5e5b1ca1a0be56a127cbeb58320bfcde84e94321f32a3a08ec3a8df2a700230365b1b73f5dffe0dd82fcdf33e32200acd3a8053646ce6da9c4e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32880.exe

Filesize
468KB

MD5
d8fb364508278de788852978b56b661f

SHA1
8e4b58b5b17173a5c48799c3bbf64bf32a05ee26

SHA256
e3742133bf45f4c022373814c33768e2b7d73ed7bca5875d45def67e8d8143c0

SHA512
fd642ba0cabdafa3e97ce586c579e1f3aaffe5c0fbdc2e2113523d86416bc6e42864d8cc7ca83492c4c63e07ae9251bbf13711a8a03fa0b16928406bfbba0e7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33627.exe

Filesize
468KB

MD5
200241f5e8a63b0588199ac0d714f096

SHA1
59e47087b76e2c4f7a423eed86dc52a2e019e623

SHA256
7e5fd2438f5589cb60e69e956a19432d11f3d940dbd635e8b2c675d8765eb922

SHA512
aaaac5b9a79085c12bcf38d1964b2898068943e2195167cc2669b7a3b662cc84eedfc0e1550ef622c1c9f8fad6e8c6cdf07a87f6cd43c363c17a3dec0fb715ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33892.exe

Filesize
468KB

MD5
dc3e4a4d1f67d208e83ebc26df3f9e76

SHA1
0a1b0aa0c7661e3299c20aa2900dba38b3efe634

SHA256
7d168643bc1bf00f92aefa6bee54b7b27959fe92c4d8fff6568d3561909a3507

SHA512
cf812640db953a039eaa83efc616ea03f5dae1e5b9b374c5b947de68db4a75adc50c7d260f580e34813eeb1f599f134243ef94a4855f8b226189c44891b6376e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35110.exe

Filesize
468KB

MD5
dec065c2c37bf629a0f9e3c1ce29a667

SHA1
6a9c812713b3d63868c9cb5a97a3228e3b1cb9f4

SHA256
7334e2be20f857cfcb24588119920699d016e3bca35d20b59c6a87a04f6887ca

SHA512
9b3f9f5bec81165f67592327ec255adcda8e1229714a9d5109c449c1edd2f251f96d76fd96dd77e3ddba8cf279875a24c112ba927e529a333125197a9a073dd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35487.exe

Filesize
468KB

MD5
88729844849409545229ddbd421e0d33

SHA1
0836d2b86f0a6c3f234ade90a62336b1eab5bb24

SHA256
fa45d1a31b118edc638e6ab9ee437b9d1e666ed9002903383f822d39b1931082

SHA512
e5f950d0be4d83f472bbc7f5316e5149fee783668c1e11c481f96e77724c2e21303ca83662a958f156505336d1e80f5ea3ce41517744b02906b302508df4d050

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36528.exe

Filesize
468KB

MD5
59b0f83f5fbd8e740abb79cfc2cf3d54

SHA1
00d9e5e1946022e336b354468685e50f29f422f1

SHA256
cf748360b78bbffe625a604d42f0b5ce6d5535e90eab4d7c53eda47f0434221d

SHA512
66777cbf5ca9fc34925d72099eadcb85245d805dc0ed0ec01906420406d9ae5a58adca6cfb655a095fd95f7ed7b96b70246050e4344bc8553d416b8710889f01

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38640.exe

Filesize
468KB

MD5
5c616c16edcfae8cfcefca15c2b75419

SHA1
c07d9d62e2b9ca5cd51e32c3da595a2febce7ecd

SHA256
dcd42f2922efeea90dd959dae2c91dc5c9db8a02b5cb7c3f841691040cbeaaf6

SHA512
02ef79e72e49799e8beb45e6763994701c3c27ed89802392d0ab5c9101df024a8be98eb51f5c4127c13a9cd5d8ad285eaee85a6675f74806c30ffa98b905e376

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39424.exe

Filesize
468KB

MD5
4e0f35d6e22be870b10cf23cf975d862

SHA1
2d674b0c1c44a5c87503eb7b3ea2352b6cae3cf9

SHA256
b506bcc718087aebfba7a2bac574927c320e55e3c653a34f7c19c29f9e5686a0

SHA512
f9e531582c2d684ad509baf693e9e7666e2d0dc708f3f593cf655504bdc1624761a7a6f9874ef66fdc70dca26846c0a4e8771cc187f2e2e1b38e62e27ba0ab98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe

Filesize
468KB

MD5
6b7fd17f70032b7231b31a8117bbea82

SHA1
64509b8999c30ac529aacf61c51f24e00638ed80

SHA256
df4d04b1f1844ea1cb656afdfde2410d7c40f5187a981fd89d0084333306f35f

SHA512
852769f47459661660edde53a619f90c38558726a98a50999a1687c3cdfaea85a1226464957ccda17566e1387bb23ab5fba99249dab68e63b2c2f7e4a0a045d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40678.exe

Filesize
468KB

MD5
1a8ec45ef4edc6463f262e907ae5baf2

SHA1
38f8b2cf85723d2426a8449d77418e1b9f9bd1a4

SHA256
beabce3fd94fc947acc1ee365729135c50f2b594f5f36faef7f3511c30d07727

SHA512
3e64eaa88f479d1eb5885492b3aa181b4621dce6d3a854b4ced2e1685beaacca1d7b709024d3f684e7ea0eca559f8371dbc20ce4cbd229df32489846a232aac5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41048.exe

Filesize
468KB

MD5
4e5d9966c5b71c87c4976319dcebdc4f

SHA1
0b47018000da4f2b2e1cb09a28f24a23c73a9770

SHA256
16d5bc5ac330bdc35437ba3d675fc49b93ebb1281e77fb15a25fe5eaacb2cf25

SHA512
fb2dcc9b5938e4d852d5f4fbd92452e2374731aba3285b1b0d7af6ca1d38ad49aca228b4eebc2bc8d151dba96d04cc80f7e234eb6901af86ad37858478bc7e05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4291.exe

Filesize
468KB

MD5
740ec9ef95d86c5fcbd7f189d5de577d

SHA1
8adf213ecd11711d7dd521adb7beab5cde06e80f

SHA256
e1559cb0d142f12089ccfd2cc652cfb113d722f63a8cb9a5575a5e6255a358d3

SHA512
c2840d2d9fb0f7253563e0b743384c7cf8b860044ac8302e27171ebc8091b6daac697a1d0bebbfeab418102276e7cdf3ee4e89a7ca18e6c24e8c40c712fed9df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43086.exe

Filesize
468KB

MD5
41f7e556f338003936a87ac39047bf53

SHA1
736415d36b5f5fecd0e2a83854a9bdc1778a5ab0

SHA256
5a74e0878b4715bb28c9b3d4be5821cd2e6efc3b09345537babc99894099f83f

SHA512
5ca22ae78252f5f9d9500a0b44241bba9b722eb694cebd67c080034e056c8f60893eddebf0f4d8165c0df391010b6fc6103b4ff6519b5389579c6443e88d7bab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47170.exe

Filesize
468KB

MD5
389e193c753957445fc199d05e31011f

SHA1
e1878d1fdfe90d3d23e53286db6e171c177c2aa6

SHA256
308b6ddd7d35806fdbb98e98331d2a5180024c8335194d127e49c6f90d961000

SHA512
8ad0390f23628a5acf8fa536bcec6a96c549f9931406d676fb217e0b9299016508f574611f34970ba55820c97f638c9181aafca5eae956bec22022f8a8c16f44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48706.exe

Filesize
468KB

MD5
5c3cf07bbaeb0ded7b34602e96836586

SHA1
1ca8beaf3de7f69cbc12d4915127581795f8104f

SHA256
40d91eb55e08978d6821eca807c4304578fd489b9a656f74485d5ddc30da7751

SHA512
a6f68874af511df7d1b403a00a2cd607b584d269f2048902723d670a66ff541a9065c603bf05558ed01839741fd39214fc7ed1095006d810d11a9821c62f0bca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49216.exe

Filesize
468KB

MD5
094f8c043df61d6f2ae90dfa20421152

SHA1
c8f9451c964a704b6ca6c76d7ff51828053fd3f4

SHA256
8670f801b86060ba9a06b2daa96f14b1339018437fa5c7e1c44120b6711ad02f

SHA512
761c04ca781da58b1d4963e321433ecb0be8ce69bb7b2fe9a8b1fa68452b06368b05d66852d196f7e9144c90c9cceb72b1c6f330142831ed8026dc3c9f075e5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50752.exe

Filesize
468KB

MD5
f3af97e6b5912b85cb3f5a5a466673cf

SHA1
352fcbc8258a242f370f8b6e76287643a8e3804e

SHA256
0cdfc655a0f233690d73069b402e563916e138dd9f0d2fdb01b8b32f7a66e3fa

SHA512
7ff7094c839e2d45fd301e18e2365a1a3c883f7ce7ef51c97c5f8d96d493713ed89219edb85c310a7fe43cac4fc21caca8e054282abb1aaa23a00a1c35ca90ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54976.exe

Filesize
468KB

MD5
cb09cebd79137df104e6939a9aaff7c4

SHA1
c478738df2683c9ae3816a6c5b71e54c1211e28b

SHA256
17fb53da4a9e69a07c544b6888897c1b8aad85f4ad8872880cedee6ef8c0eb6d

SHA512
7e9960c9daa50fe008d56d72db5ed12fdff11ddbf51434d4d678822410ebe8ae8969c061f8486f049335c8b5ce4e574190c2070c353db3381f1c6e30a5298ee9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe

Filesize
468KB

MD5
a25ff0a5d6e28f76e4a909c3e19de92d

SHA1
bdcce346d698b429cf8205bdf80a6193e33eb884

SHA256
c1f295a468f409165f4670cf702c0adbde2ca892e6e06308c6b89b2b65d73775

SHA512
c7ffb9e969ce2d6b01755fc355578e731fa035d9bd6eabe190e0594256ebe65613fd9c8d195d371557e57100d9faa722cd0c66d95c82f5cf51ae4ca6f4807ca8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61447.exe

Filesize
468KB

MD5
8cf3a28dde0fccf276d8ab442c5fa652

SHA1
2a035dca3c8f8169c2787bfabd55bb6f87c455e7

SHA256
ab8f52880a87a1fe4cd1dde3bcfeea0b34ebaba149a7eaae1e721f87cce5a0f7

SHA512
030a6114081169105dd99c845a9e32abdf78ef53138e4193d1d754fc4474934c995b1e094aee86b187b821eaefec633a1be5e51f78a3babd2ea74d09356662e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe

Filesize
468KB

MD5
9d60dcc29b5c247bdfadcc90f7018931

SHA1
90822e79525bbae47b8a4d63896646015d151857

SHA256
88e10bae7f95924ed162bdec83d4346aa263d36f1639ba8daea71e4b66cd80b0

SHA512
d8987a657717817b1c1dffed7a944285ac199a7dc8062dc9c01be8da23a2e2d20029d4acbf32bf5b57c2f65a717d9cfa5f9f2dd0f6280d6df17d9add8f2a3505

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe

Filesize
468KB

MD5
c4ea4e29dc472b3232d2ce4f5fedfdfd

SHA1
5ac6f093ea32c94c6bc3e80f5b41665fec78e6ed

SHA256
16637efb9f934a2656951361cefa681210005a315c64122073529c04bd614d90

SHA512
2d3347131510c9b63868bf311c30eeb3be1ce514c4ea10907a02d3cf5ec9dd19f28becad0f1399ea63d0c6714adc5f54692d1e9fa596244a8b93c4cf43c38604

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe

Filesize
468KB

MD5
dee902952dbc2dc354c0b002905b015b

SHA1
2a2c48d52930d1d00a137dc8a6e1530255f36ab4

SHA256
ac790e2b56fb9fbc98b42fd2d83b9ec8d982c7fe5af29d09bb7fff39fa9d78ff

SHA512
b73c32a26ea9172ed78657dbf240249e987ca0741f996349f917d84577976188d1273549fa8eef92eea195a8dff1a70f9d8cb8d0df56c1415aeaba303fc018be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9755.exe

Filesize
468KB

MD5
74d3898e96e6b3ef21830a945dcb3cee

SHA1
6ff271d96a01f7387c66467381a8bd555694632c

SHA256
62d50c699bf2fca8bebd042110990eb1489b84a6148adae4a345271d3e7bd3ba

SHA512
a9a21bf34726aeef55977b44d429139bf4e8d3d0bfeb2518d9709f0a116b22364fa890170e1856175021a41d9b797ef3be5d406dc16ef2e113e7545c300fd447

Download Submit
memory/208-257-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/220-70-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/316-386-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/468-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/544-252-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/656-399-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/720-392-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/920-462-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/940-123-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/948-243-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1028-397-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1056-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1192-451-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1508-304-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1512-528-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1540-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1544-550-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1592-319-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1600-391-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1780-368-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1900-203-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1936-394-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1948-436-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1968-117-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1972-549-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1984-3595-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1984-172-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2016-2647-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2016-171-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2020-312-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2044-400-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2152-247-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2224-295-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2252-442-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2272-353-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2296-293-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2380-545-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2400-191-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2468-294-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2540-102-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2648-85-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2788-149-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2796-317-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2812-147-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2904-525-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2988-236-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3016-14-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3032-524-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3148-433-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3160-527-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3204-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3232-216-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3264-352-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3352-481-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3360-174-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3404-237-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3484-452-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3504-331-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3612-45-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3624-109-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3624-2644-0x0000000075180000-0x0000000075208000-memory.dmp

Filesize
544KB

Download
memory/3636-173-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3672-290-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3728-398-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3764-44-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3792-354-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3840-71-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4100-320-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4244-464-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4264-360-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4292-463-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4300-551-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4360-72-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4408-393-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4420-183-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4492-271-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4504-552-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4524-221-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4564-401-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4684-526-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4692-128-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4708-432-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4740-272-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4796-148-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4800-208-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4800-2843-0x00000000755D0000-0x000000007562F000-memory.dmp

Filesize
380KB

Download
memory/4828-318-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4832-86-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4840-57-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4848-480-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4860-305-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4992-83-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5012-292-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5020-21-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5028-3109-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5052-316-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5068-548-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5076-33-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5128-553-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5148-586-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5192-587-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6092-2600-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/12296-2599-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/12488-3089-0x00000000758D0000-0x00000000758F5000-memory.dmp

Filesize
148KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads