cd3ac9cd6e935c989ce24a8ab269a60b105ff21cb988c08f6b44282052fb32b4

Analysis

max time kernel
149s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/09/2024, 05:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cd3ac9cd6e935c989ce24a8ab269a60b105ff21cb988c08f6b44282052fb32b4.exe
Size

468KB
MD5

3eafedd64da468d24bcba8ec0b0bca74
SHA1

72d9c493727f6828bc4f4c5055b6022817e6261b
SHA256

cd3ac9cd6e935c989ce24a8ab269a60b105ff21cb988c08f6b44282052fb32b4
SHA512

1ef009b9d7fd78b879ab3b9fff93a05aff4c5899bace9822143ae1a523e55388c4c885ad12996f2b5ed718cb7a1c70fe9cf192f4594b1325aa67aa331cc78388
SSDEEP

3072:KyZpog/dIf5JsrYJ/ztkcf8/EChCeI4wnmHexEheOKL88cwuZ5lJ:KybovBJs+/JkcfOdK1OK4BwuZ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3496	Unicorn-16598.exe
4764	Unicorn-65134.exe
3800	Unicorn-28932.exe
4364	Unicorn-40926.exe
920	Unicorn-54501.exe
4368	Unicorn-57838.exe
5108	Unicorn-35372.exe
3596	Unicorn-43718.exe
1064	Unicorn-65461.exe
1780	Unicorn-11621.exe
2844	Unicorn-60822.exe
4892	Unicorn-52462.exe
3736	Unicorn-16260.exe
2264	Unicorn-35861.exe
4596	Unicorn-29995.exe
4252	Unicorn-56110.exe
3924	Unicorn-34428.exe
404	Unicorn-29790.exe
4404	Unicorn-61694.exe
840	Unicorn-12493.exe
4340	Unicorn-61694.exe
2468	Unicorn-55372.exe
3700	Unicorn-61502.exe
2836	Unicorn-41636.exe
3260	Unicorn-8772.exe
2912	Unicorn-61502.exe
4032	Unicorn-12612.exe
1576	Unicorn-58549.exe
4492	Unicorn-61502.exe
5100	Unicorn-3947.exe
536	Unicorn-9509.exe
2332	Unicorn-22316.exe
1948	Unicorn-3955.exe
3880	Unicorn-10085.exe
1748	Unicorn-308.exe
2988	Unicorn-56414.exe
2348	Unicorn-43756.exe
4548	Unicorn-47286.exe
3208	Unicorn-47286.exe
4844	Unicorn-11468.exe
3244	Unicorn-47670.exe
1796	Unicorn-11276.exe
3808	Unicorn-43949.exe
4288	Unicorn-49590.exe
1852	Unicorn-16726.exe
2652	Unicorn-51436.exe
3528	Unicorn-24707.exe
3660	Unicorn-8941.exe
1088	Unicorn-21748.exe
1260	Unicorn-64389.exe
5004	Unicorn-18187.exe
3508	Unicorn-25278.exe
4172	Unicorn-25278.exe
1124	Unicorn-25278.exe
1680	Unicorn-25278.exe
4004	Unicorn-581.exe
4700	Unicorn-24053.exe
468	Unicorn-4452.exe
2344	Unicorn-46829.exe
2528	Unicorn-34022.exe
1716	Unicorn-9133.exe
3556	Unicorn-11939.exe
3928	Unicorn-18070.exe
3256	Unicorn-18070.exe

Program crash 5 IoCs

pid	pid_target	Process	procid_target
6864	5344	WerFault.exe	182
9644	6356	WerFault.exe	275
12780	6476	WerFault.exe	274
1908	1516	WerFault.exe	955
8444	3544	WerFault.exe	1020

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26060.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29293.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10363.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2605.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1764.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33611.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46899.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22990.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2283.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54021.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32670.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38396.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21795.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4661.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52916.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31022.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56346.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31364.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15990.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46373.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6815.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4733.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56885.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54142.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26788.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16603.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7476.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59173.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42375.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-875.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3851.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43756.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20670.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48158.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19355.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64756.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	17960	dwm.exe
Token: SeChangeNotifyPrivilege	17960	dwm.exe
Token: 33	17960	dwm.exe
Token: SeIncBasePriorityPrivilege	17960	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3184	cd3ac9cd6e935c989ce24a8ab269a60b105ff21cb988c08f6b44282052fb32b4.exe
3496	Unicorn-16598.exe
4764	Unicorn-65134.exe
3800	Unicorn-28932.exe
4364	Unicorn-40926.exe
920	Unicorn-54501.exe
5108	Unicorn-35372.exe
4368	Unicorn-57838.exe
3596	Unicorn-43718.exe
2844	Unicorn-60822.exe
1064	Unicorn-65461.exe
1780	Unicorn-11621.exe
3736	Unicorn-16260.exe
4596	Unicorn-29995.exe
4892	Unicorn-52462.exe
2264	Unicorn-35861.exe
4252	Unicorn-56110.exe
3924	Unicorn-34428.exe
404	Unicorn-29790.exe
4404	Unicorn-61694.exe
2468	Unicorn-55372.exe
4340	Unicorn-61694.exe
2912	Unicorn-61502.exe
5100	Unicorn-3947.exe
3700	Unicorn-61502.exe
4492	Unicorn-61502.exe
1576	Unicorn-58549.exe
4032	Unicorn-12612.exe
2836	Unicorn-41636.exe
3260	Unicorn-8772.exe
536	Unicorn-9509.exe
2332	Unicorn-22316.exe
1948	Unicorn-3955.exe
3880	Unicorn-10085.exe
1748	Unicorn-308.exe
2988	Unicorn-56414.exe
2348	Unicorn-43756.exe
3208	Unicorn-47286.exe
4548	Unicorn-47286.exe
3264	Unicorn-39502.exe
4844	Unicorn-11468.exe
3244	Unicorn-47670.exe
1796	Unicorn-11276.exe
3808	Unicorn-43949.exe
1852	Unicorn-16726.exe
4288	Unicorn-49590.exe
2652	Unicorn-51436.exe
3528	Unicorn-24707.exe
1088	Unicorn-21748.exe
3508	Unicorn-25278.exe
1260	Unicorn-64389.exe
3660	Unicorn-8941.exe
1124	Unicorn-25278.exe
4172	Unicorn-25278.exe
5004	Unicorn-18187.exe
1680	Unicorn-25278.exe
4700	Unicorn-24053.exe
4004	Unicorn-581.exe
468	Unicorn-4452.exe
2344	Unicorn-46829.exe
2528	Unicorn-34022.exe
1716	Unicorn-9133.exe
3556	Unicorn-11939.exe
3928	Unicorn-18070.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3184 wrote to memory of 3496	3184	cd3ac9cd6e935c989ce24a8ab269a60b105ff21cb988c08f6b44282052fb32b4.exe	89
PID 3184 wrote to memory of 3496	3184	cd3ac9cd6e935c989ce24a8ab269a60b105ff21cb988c08f6b44282052fb32b4.exe	89
PID 3184 wrote to memory of 3496	3184	cd3ac9cd6e935c989ce24a8ab269a60b105ff21cb988c08f6b44282052fb32b4.exe	89
PID 3496 wrote to memory of 4764	3496	Unicorn-16598.exe	92
PID 3496 wrote to memory of 4764	3496	Unicorn-16598.exe	92
PID 3496 wrote to memory of 4764	3496	Unicorn-16598.exe	92
PID 3184 wrote to memory of 3800	3184	cd3ac9cd6e935c989ce24a8ab269a60b105ff21cb988c08f6b44282052fb32b4.exe	93
PID 3184 wrote to memory of 3800	3184	cd3ac9cd6e935c989ce24a8ab269a60b105ff21cb988c08f6b44282052fb32b4.exe	93
PID 3184 wrote to memory of 3800	3184	cd3ac9cd6e935c989ce24a8ab269a60b105ff21cb988c08f6b44282052fb32b4.exe	93
PID 4764 wrote to memory of 4364	4764	Unicorn-65134.exe	95
PID 4764 wrote to memory of 4364	4764	Unicorn-65134.exe	95
PID 4764 wrote to memory of 4364	4764	Unicorn-65134.exe	95
PID 3496 wrote to memory of 920	3496	Unicorn-16598.exe	96
PID 3496 wrote to memory of 920	3496	Unicorn-16598.exe	96
PID 3496 wrote to memory of 920	3496	Unicorn-16598.exe	96
PID 3800 wrote to memory of 4368	3800	Unicorn-28932.exe	97
PID 3800 wrote to memory of 4368	3800	Unicorn-28932.exe	97
PID 3800 wrote to memory of 4368	3800	Unicorn-28932.exe	97
PID 3184 wrote to memory of 5108	3184	cd3ac9cd6e935c989ce24a8ab269a60b105ff21cb988c08f6b44282052fb32b4.exe	98
PID 3184 wrote to memory of 5108	3184	cd3ac9cd6e935c989ce24a8ab269a60b105ff21cb988c08f6b44282052fb32b4.exe	98
PID 3184 wrote to memory of 5108	3184	cd3ac9cd6e935c989ce24a8ab269a60b105ff21cb988c08f6b44282052fb32b4.exe	98
PID 4364 wrote to memory of 3596	4364	Unicorn-40926.exe	101
PID 4364 wrote to memory of 3596	4364	Unicorn-40926.exe	101
PID 4364 wrote to memory of 3596	4364	Unicorn-40926.exe	101
PID 4764 wrote to memory of 1064	4764	Unicorn-65134.exe	102
PID 4764 wrote to memory of 1064	4764	Unicorn-65134.exe	102
PID 4764 wrote to memory of 1064	4764	Unicorn-65134.exe	102
PID 4368 wrote to memory of 1780	4368	Unicorn-57838.exe	103
PID 4368 wrote to memory of 1780	4368	Unicorn-57838.exe	103
PID 4368 wrote to memory of 1780	4368	Unicorn-57838.exe	103
PID 5108 wrote to memory of 2844	5108	Unicorn-35372.exe	104
PID 5108 wrote to memory of 2844	5108	Unicorn-35372.exe	104
PID 5108 wrote to memory of 2844	5108	Unicorn-35372.exe	104
PID 920 wrote to memory of 4892	920	Unicorn-54501.exe	105
PID 920 wrote to memory of 4892	920	Unicorn-54501.exe	105
PID 920 wrote to memory of 4892	920	Unicorn-54501.exe	105
PID 3800 wrote to memory of 3736	3800	Unicorn-28932.exe	106
PID 3800 wrote to memory of 3736	3800	Unicorn-28932.exe	106
PID 3800 wrote to memory of 3736	3800	Unicorn-28932.exe	106
PID 3184 wrote to memory of 2264	3184	cd3ac9cd6e935c989ce24a8ab269a60b105ff21cb988c08f6b44282052fb32b4.exe	107
PID 3184 wrote to memory of 2264	3184	cd3ac9cd6e935c989ce24a8ab269a60b105ff21cb988c08f6b44282052fb32b4.exe	107
PID 3184 wrote to memory of 2264	3184	cd3ac9cd6e935c989ce24a8ab269a60b105ff21cb988c08f6b44282052fb32b4.exe	107
PID 3496 wrote to memory of 4596	3496	Unicorn-16598.exe	108
PID 3496 wrote to memory of 4596	3496	Unicorn-16598.exe	108
PID 3496 wrote to memory of 4596	3496	Unicorn-16598.exe	108
PID 3596 wrote to memory of 4252	3596	Unicorn-43718.exe	109
PID 3596 wrote to memory of 4252	3596	Unicorn-43718.exe	109
PID 3596 wrote to memory of 4252	3596	Unicorn-43718.exe	109
PID 4364 wrote to memory of 3924	4364	Unicorn-40926.exe	110
PID 4364 wrote to memory of 3924	4364	Unicorn-40926.exe	110
PID 4364 wrote to memory of 3924	4364	Unicorn-40926.exe	110
PID 1064 wrote to memory of 404	1064	Unicorn-65461.exe	111
PID 1064 wrote to memory of 404	1064	Unicorn-65461.exe	111
PID 1064 wrote to memory of 404	1064	Unicorn-65461.exe	111
PID 3736 wrote to memory of 4404	3736	Unicorn-16260.exe	114
PID 3736 wrote to memory of 4404	3736	Unicorn-16260.exe	114
PID 3736 wrote to memory of 4404	3736	Unicorn-16260.exe	114
PID 2844 wrote to memory of 840	2844	Unicorn-60822.exe	112
PID 2844 wrote to memory of 840	2844	Unicorn-60822.exe	112
PID 2844 wrote to memory of 840	2844	Unicorn-60822.exe	112
PID 1780 wrote to memory of 4340	1780	Unicorn-11621.exe	113
PID 1780 wrote to memory of 4340	1780	Unicorn-11621.exe	113
PID 1780 wrote to memory of 4340	1780	Unicorn-11621.exe	113
PID 3800 wrote to memory of 2468	3800	Unicorn-28932.exe	116

C:\Users\Admin\AppData\Local\Temp\cd3ac9cd6e935c989ce24a8ab269a60b105ff21cb988c08f6b44282052fb32b4.exe
"C:\Users\Admin\AppData\Local\Temp\cd3ac9cd6e935c989ce24a8ab269a60b105ff21cb988c08f6b44282052fb32b4.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16598.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16598.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65134.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65134.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40926.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43718.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56110.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11541.exe
        9⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22990.exe
        10⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41758.exe
        11⤵
        
        PID:11560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13356.exe
        11⤵
        
        PID:14616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60892.exe
        10⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5371.exe
        10⤵
        
        PID:15720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48562.exe
        10⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52813.exe
        9⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        10⤵
        
        PID:17244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-875.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:18088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61084.exe
        9⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5371.exe
        9⤵
        
        PID:15592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29975.exe
        9⤵
        
        PID:17400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
        9⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7435.exe
        8⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57214.exe
        9⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        9⤵
        
        PID:13324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39500.exe
        9⤵
        
        PID:15696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12307.exe
        9⤵
        
        PID:17212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4676.exe
        8⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59460.exe
        8⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19012.exe
        8⤵
        
        PID:17008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46829.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20670.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29046.exe
        9⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12829.exe
        10⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2012.exe
        10⤵
        
        PID:14000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46149.exe
        10⤵
        
        PID:17932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37037.exe
        10⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11623.exe
        10⤵
        
        PID:14592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        9⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21908.exe
        9⤵
        
        PID:15104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47764.exe
        9⤵
        
        PID:17268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:18148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46653.exe
        8⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43020.exe
        8⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23149.exe
        8⤵
        
        PID:13976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36227.exe
        8⤵
        
        PID:17520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24435.exe
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50182.exe
        8⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19004.exe
        8⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33811.exe
        8⤵
        
        PID:13848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52677.exe
        8⤵
        
        PID:17420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8988.exe
        7⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30894.exe
        8⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53133.exe
        8⤵
        
        PID:14120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17671.exe
        8⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61541.exe
        8⤵
        
        PID:18344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13803.exe
        7⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17076.exe
        7⤵
        
        PID:14116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22316.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12501.exe
        8⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22990.exe
        9⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        9⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
        9⤵
        
        PID:14788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29699.exe
        9⤵
        
        PID:17048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52813.exe
        8⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18323.exe
        8⤵
        
        PID:13080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2764.exe
        8⤵
        
        PID:15884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56745.exe
        8⤵
        
        PID:17984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40010.exe
        8⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe
        7⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26358.exe
        8⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19012.exe
        8⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36412.exe
        8⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25846.exe
        8⤵
        
        PID:15840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27955.exe
        8⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26581.exe
        7⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25235.exe
        7⤵
        
        PID:12160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11939.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12501.exe
        7⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45382.exe
        8⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 632
        9⤵
        Program crash
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        8⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21908.exe
        8⤵
        
        PID:15128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        8⤵
        
        PID:18084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13788.exe
        7⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22294.exe
        8⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47475.exe
        8⤵
        
        PID:18048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42828.exe
        7⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13356.exe
        7⤵
        
        PID:14444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6815.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61541.exe
        7⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11468.exe
        6⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1853.exe
        7⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11996.exe
        7⤵
        
        PID:11296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        7⤵
        
        PID:15112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18491.exe
        6⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8700.exe
        6⤵
        
        PID:12168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        6⤵
        
        PID:16368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40886.exe
        6⤵
        
        PID:16616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62996.exe
        6⤵
        
        PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34428.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10085.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18070.exe
        7⤵
        Executes dropped EXE
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
        8⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-405.exe
        9⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15990.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33148.exe
        10⤵
        
        PID:12964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23163.exe
        10⤵
        
        PID:17388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4139.exe
        10⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59077.exe
        9⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64756.exe
        9⤵
        
        PID:13644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22963.exe
        9⤵
        
        PID:17800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64515.exe
        9⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54349.exe
        8⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19091.exe
        8⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30461.exe
        8⤵
        
        PID:15300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        8⤵
        
        PID:17780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21084.exe
        8⤵
        
        PID:14848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5620.exe
        7⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61892.exe
        8⤵
        
        PID:17260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30411.exe
        7⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18996.exe
        7⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20893.exe
        7⤵
        
        PID:17328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23674.exe
        7⤵
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55189.exe
        6⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52766.exe
        7⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21070.exe
        8⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
        9⤵
        
        PID:15080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58588.exe
        8⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12396.exe
        8⤵
        
        PID:14724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62372.exe
        8⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        8⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5812.exe
        7⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48884.exe
        7⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        7⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12107.exe
        7⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15314.exe
        7⤵
        
        PID:17324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65276.exe
        6⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8381.exe
        7⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54142.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31804.exe
        8⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40268.exe
        8⤵
        
        PID:17184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19243.exe
        8⤵
        
        PID:16720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59077.exe
        7⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64756.exe
        7⤵
        
        PID:13652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55501.exe
        6⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28834.exe
        7⤵
        
        PID:17568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22931.exe
        6⤵
        
        PID:10876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17076.exe
        6⤵
        
        PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3955.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18070.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35854.exe
        7⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16358.exe
        8⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2253.exe
        9⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9692.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:12252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39692.exe
        9⤵
        
        PID:17300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
        9⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42252.exe
        8⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22667.exe
        8⤵
        
        PID:15416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58850.exe
        8⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3035.exe
        7⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50621.exe
        7⤵
        
        PID:11884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62740.exe
        7⤵
        
        PID:15780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
        6⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        7⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
        7⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5947.exe
        7⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7530.exe
        7⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33107.exe
        6⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56027.exe
        7⤵
        
        PID:17036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24957.exe
        6⤵
        
        PID:10596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21795.exe
        6⤵
        
        PID:15320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25609.exe
        6⤵
        
        PID:17864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17612.exe
        5⤵
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25220.exe
        6⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42030.exe
        7⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26901.exe
        7⤵
        
        PID:13064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
        7⤵
        
        PID:16960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12340.exe
        7⤵
        
        PID:17656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39932.exe
        6⤵
        
        PID:9016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10948.exe
        6⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
        6⤵
        
        PID:16996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60152.exe
        6⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20483.exe
        5⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9445.exe
        6⤵
        
        PID:8492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
        6⤵
        
        PID:11348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51788.exe
        6⤵
        
        PID:14816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9932.exe
        5⤵
        
        PID:8048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27878.exe
        5⤵
        
        PID:12244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3011.exe
        5⤵
        
        PID:15940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        5⤵
        
        PID:11968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65461.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47286.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19414.exe
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29414.exe
        8⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8189.exe
        9⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35454.exe
        10⤵
        
        PID:15896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44320.exe
        10⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46899.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60892.exe
        9⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5371.exe
        9⤵
        
        PID:15584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54349.exe
        8⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13709.exe
        9⤵
        
        PID:13856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9340.exe
        9⤵
        
        PID:17648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65071.exe
        9⤵
        
        PID:16700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
        9⤵
        
        PID:16584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
        8⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42277.exe
        8⤵
        
        PID:11992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36101.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1764.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25486.exe
        8⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26788.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        8⤵
        
        PID:12992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20772.exe
        8⤵
        
        PID:17176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11867.exe
        7⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25157.exe
        7⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        7⤵
        
        PID:15388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63461.exe
        6⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23078.exe
        7⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11381.exe
        8⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56885.exe
        8⤵
        
        PID:12596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23163.exe
        8⤵
        
        PID:16008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45172.exe
        8⤵
        
        PID:17696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
        7⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12675.exe
        7⤵
        
        PID:13264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        7⤵
        
        PID:16980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32670.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:18360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36691.exe
        7⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1291.exe
        6⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42518.exe
        7⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2308.exe
        7⤵
        
        PID:15136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33744.exe
        7⤵
        
        PID:18136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3642.exe
        7⤵
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47349.exe
        6⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        6⤵
        
        PID:13992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3548.exe
        6⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58795.exe
        6⤵
        
        PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11468.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25958.exe
        6⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48158.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31366.exe
        8⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        8⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4243.exe
        8⤵
        
        PID:14948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36691.exe
        8⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59164.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13356.exe
        7⤵
        
        PID:14436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14987.exe
        7⤵
        
        PID:17692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        7⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14364.exe
        6⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47726.exe
        7⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33076.exe
        7⤵
        
        PID:17432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9767.exe
        7⤵
        
        PID:15000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41484.exe
        6⤵
        
        PID:9940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
        6⤵
        
        PID:14020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
        6⤵
        
        PID:17904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19059.exe
        5⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4821.exe
        6⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27422.exe
        7⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        7⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18643.exe
        7⤵
        
        PID:16012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3251.exe
        7⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40716.exe
        6⤵
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15748.exe
        6⤵
        
        PID:14324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36995.exe
        6⤵
        
        PID:16744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52260.exe
        6⤵
        
        PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39341.exe
        5⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51262.exe
        6⤵
        
        PID:9236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56885.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39692.exe
        6⤵
        
        PID:16000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61388.exe
        6⤵
        
        PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47900.exe
        5⤵
        
        PID:9800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26396.exe
        5⤵
        
        PID:13052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37998.exe
        5⤵
        
        PID:17040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
        5⤵
        
        PID:17236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-308.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17878.exe
        5⤵
        
        PID:372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44598.exe
        6⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65366.exe
        7⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23622.exe
        8⤵
        
        PID:15512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45175.exe
        8⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37004.exe
        8⤵
        
        PID:17456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59077.exe
        7⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64756.exe
        7⤵
        
        PID:13620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22963.exe
        7⤵
        
        PID:17784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        7⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62517.exe
        6⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
        6⤵
        
        PID:7540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42277.exe
        6⤵
        
        PID:13472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29277.exe
        6⤵
        
        PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9548.exe
        5⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-997.exe
        6⤵
        
        PID:8976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31020.exe
        6⤵
        
        PID:11876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57372.exe
        6⤵
        
        PID:15556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3851.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63476.exe
        5⤵
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2764.exe
        5⤵
        
        PID:12344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7099.exe
        5⤵
        
        PID:16208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42905.exe
        5⤵
        
        PID:1516
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 80
        6⤵
        Program crash
        
        PID:1908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41620.exe
      4⤵
      PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10612.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50966.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13252.exe
        6⤵
        
        PID:12800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3651.exe
        6⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19971.exe
        6⤵
        
        PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53492.exe
        5⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10948.exe
        5⤵
        
        PID:11844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
        5⤵
        
        PID:16896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:18200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12500.exe
      4⤵
      PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        5⤵
        
        PID:9036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
        5⤵
        
        PID:12012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5947.exe
        5⤵
        
        PID:15680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40586.exe
        5⤵
        
        PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47366.exe
      4⤵
      PID:7484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10291.exe
      4⤵
      PID:10488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64261.exe
      4⤵
      PID:14744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54501.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54501.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61502.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35086.exe
        7⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55086.exe
        8⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1229.exe
        9⤵
        
        PID:14972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45172.exe
        9⤵
        
        PID:18376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60893.exe
        8⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65524.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2516.exe
        8⤵
        
        PID:16392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53227.exe
        8⤵
        
        PID:17292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35900.exe
        7⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19091.exe
        7⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30461.exe
        7⤵
        
        PID:15308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        7⤵
        
        PID:18092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32132.exe
        6⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40566.exe
        7⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49430.exe
        8⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30828.exe
        8⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
        8⤵
        
        PID:15956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26004.exe
        7⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64565.exe
        7⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20083.exe
        7⤵
        
        PID:16676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31127.exe
        7⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56458.exe
        7⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26755.exe
        6⤵
        
        PID:7280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13140.exe
        6⤵
        
        PID:9580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45812.exe
        6⤵
        
        PID:13928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53774.exe
        6⤵
        
        PID:17940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6203.exe
        6⤵
        
        PID:696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4452.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9076.exe
        6⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-997.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63885.exe
        7⤵
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5083.exe
        7⤵
        
        PID:12240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54877.exe
        7⤵
        
        PID:17124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20554.exe
        7⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62900.exe
        6⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3435.exe
        6⤵
        
        PID:13036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3828.exe
        6⤵
        
        PID:17360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62117.exe
        6⤵
        
        PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40388.exe
        5⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57774.exe
        6⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41982.exe
        7⤵
        
        PID:16680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15487.exe
        7⤵
        
        PID:16688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43316.exe
        6⤵
        
        PID:8080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34387.exe
        6⤵
        
        PID:13104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
        6⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        6⤵
        
        PID:8432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58180.exe
        5⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27340.exe
        5⤵
        
        PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        5⤵
        
        PID:15924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58549.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49590.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25190.exe
        6⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40566.exe
        7⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12829.exe
        8⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2012.exe
        8⤵
        
        PID:14040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46149.exe
        8⤵
        
        PID:17912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
        8⤵
        
        PID:16568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19971.exe
        8⤵
        
        PID:17804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1987.exe
        7⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13356.exe
        7⤵
        
        PID:14428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5579.exe
        7⤵
        
        PID:18408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19075.exe
        6⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14300.exe
        6⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-555.exe
        6⤵
        
        PID:14660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65091.exe
        6⤵
        
        PID:14900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64997.exe
        5⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37214.exe
        6⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23310.exe
        7⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37668.exe
        7⤵
        
        PID:14416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-879.exe
        7⤵
        
        PID:18004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
        7⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        6⤵
        
        PID:11004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23061.exe
        6⤵
        
        PID:14824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6054.exe
        6⤵
        
        PID:17568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60812.exe
        6⤵
        
        PID:17936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27523.exe
        5⤵
        
        PID:8144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31966.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26060.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51184.exe
        6⤵
        
        PID:15208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30053.exe
        5⤵
        
        PID:10284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
        5⤵
        
        PID:13424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61109.exe
        5⤵
        
        PID:17840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51436.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17022.exe
        5⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23078.exe
        6⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9165.exe
        7⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29291.exe
        7⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
        7⤵
        
        PID:15900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        7⤵
        
        PID:17500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60152.exe
        7⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59445.exe
        6⤵
        
        PID:8824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5083.exe
        6⤵
        
        PID:12008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53725.exe
        6⤵
        
        PID:15848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17671.exe
        6⤵
        
        PID:17036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
        6⤵
        
        PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12060.exe
        5⤵
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48774.exe
        6⤵
        
        PID:11732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51805.exe
        6⤵
        
        PID:15632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51040.exe
        6⤵
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3178.exe
        6⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7275.exe
        5⤵
        
        PID:9464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        5⤵
        
        PID:13832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20275.exe
        5⤵
        
        PID:17660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
        5⤵
        
        PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10508.exe
      4⤵
      PID:5344
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 640
        5⤵
        Program crash
        
        PID:6864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12907.exe
      4⤵
      PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2253.exe
        5⤵
        
        PID:7264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7684.exe
        5⤵
        
        PID:12440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57180.exe
        5⤵
        
        PID:17080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37004.exe
        5⤵
        
        PID:17780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31364.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43462.exe
      4⤵
      PID:13020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55387.exe
      4⤵
      PID:16952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50368.exe
      4⤵
      PID:7788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29995.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29995.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61502.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56414.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2693.exe
        6⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        7⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22990.exe
        8⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54742.exe
        9⤵
        
        PID:13956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9148.exe
        9⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61587.exe
        9⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        8⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
        8⤵
        
        PID:14764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7583.exe
        8⤵
        
        PID:18372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60981.exe
        7⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24187.exe
        7⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40253.exe
        7⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36995.exe
        7⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3851.exe
        7⤵
        
        PID:12108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9548.exe
        6⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58646.exe
        7⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5556.exe
        7⤵
        
        PID:11508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        7⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42375.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44475.exe
        7⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53004.exe
        6⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10740.exe
        6⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        6⤵
        
        PID:16020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15500.exe
        5⤵
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5869.exe
        6⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38396.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16603.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42277.exe
        7⤵
        
        PID:14296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51853.exe
        6⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59173.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62740.exe
        6⤵
        
        PID:15760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31835.exe
        5⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
        6⤵
        
        PID:8244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11996.exe
        6⤵
        
        PID:10892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11523.exe
        6⤵
        
        PID:14976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64329.exe
        6⤵
        
        PID:14640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27157.exe
        5⤵
        
        PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18411.exe
        5⤵
        
        PID:11696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64845.exe
        5⤵
        
        PID:16032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43756.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27774.exe
        5⤵
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30566.exe
        6⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50182.exe
        7⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53398.exe
        8⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28530.exe
        8⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3244.exe
        7⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34387.exe
        7⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
        7⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19594.exe
        7⤵
        
        PID:8644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38588.exe
        6⤵
        
        PID:8528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19291.exe
        6⤵
        
        PID:11492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49485.exe
        6⤵
        
        PID:14844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18100.exe
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
        6⤵
        
        PID:8252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29187.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
        6⤵
        
        PID:16256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20715.exe
        5⤵
        
        PID:9188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35811.exe
        5⤵
        
        PID:13232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe
        5⤵
        
        PID:16788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7530.exe
        5⤵
        
        PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe
      4⤵
      PID:628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29798.exe
        5⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46918.exe
        6⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60892.exe
        6⤵
        
        PID:11124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5371.exe
        6⤵
        
        PID:15600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15506.exe
        6⤵
        
        PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19372.exe
        5⤵
        
        PID:7584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19091.exe
        5⤵
        
        PID:10720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30461.exe
        5⤵
        
        PID:15292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        5⤵
        
        PID:18120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59813.exe
      4⤵
      PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46918.exe
        5⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5866.exe
        6⤵
        
        PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51101.exe
        5⤵
        
        PID:10188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-179.exe
        5⤵
        
        PID:13532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10108.exe
        5⤵
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4218.exe
        5⤵
        
        PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30307.exe
      4⤵
      PID:7572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54637.exe
      4⤵
      PID:10928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
      4⤵
      PID:14716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9528.exe
      4⤵
      PID:1184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12612.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12612.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33166.exe
        5⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40566.exe
        6⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12829.exe
        7⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42852.exe
        7⤵
        
        PID:14128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25078.exe
        7⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16412.exe
        6⤵
        
        PID:11444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59941.exe
        6⤵
        
        PID:16136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31857.exe
        6⤵
        
        PID:17088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40010.exe
        6⤵
        
        PID:17944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13020.exe
        5⤵
        
        PID:7288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        5⤵
        
        PID:9716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54477.exe
        5⤵
        
        PID:14184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52756.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61880.exe
        5⤵
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56754.exe
        5⤵
        
        PID:17920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31556.exe
      4⤵
      PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21070.exe
        5⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15990.exe
        6⤵
        
        PID:9980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33148.exe
        6⤵
        
        PID:12980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40010.exe
        6⤵
        
        PID:17316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61661.exe
        5⤵
        
        PID:10236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64756.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22963.exe
        5⤵
        
        PID:17792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56346.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19547.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54749.exe
      4⤵
      PID:10244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
      4⤵
      PID:9728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61109.exe
      4⤵
      PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-579.exe
      4⤵
      PID:11452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24707.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24707.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2605.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29046.exe
        5⤵
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65494.exe
        6⤵
        
        PID:11784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43636.exe
        6⤵
        
        PID:15528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51040.exe
        6⤵
        
        PID:17032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19594.exe
        6⤵
        
        PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        5⤵
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
        5⤵
        
        PID:14772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13363.exe
        5⤵
        
        PID:17216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31703.exe
        5⤵
        
        PID:17488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11680.exe
        5⤵
        
        PID:17596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe
      4⤵
      PID:8464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2283.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
      4⤵
      PID:17020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
    3⤵
    PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47774.exe
      4⤵
      PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13917.exe
        5⤵
        
        PID:17272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        5⤵
        
        PID:16940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16412.exe
      4⤵
      PID:11424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62740.exe
      4⤵
      PID:15772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25986.exe
      4⤵
      PID:8584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64558.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64558.exe
    3⤵
    PID:7332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62334.exe
      4⤵
      PID:7032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
      4⤵
      PID:16080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
      4⤵
      PID:17280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49011.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49011.exe
    3⤵
    PID:9496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19476.exe
    3⤵
    PID:13900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63485.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63485.exe
    3⤵
    PID:16620
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28932.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28932.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57838.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11621.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61694.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47670.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25766.exe
        7⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10877.exe
        8⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9165.exe
        9⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55141.exe
        9⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25083.exe
        9⤵
        
        PID:15624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11803.exe
        9⤵
        
        PID:512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65501.exe
        8⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23427.exe
        8⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        8⤵
        
        PID:16968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        8⤵
        
        PID:16592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61925.exe
        7⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39268.exe
        8⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34963.exe
        8⤵
        
        PID:12588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42957.exe
        8⤵
        
        PID:15520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20715.exe
        7⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36013.exe
        7⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24011.exe
        7⤵
        
        PID:15964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
        6⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20878.exe
        7⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59430.exe
        8⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56885.exe
        8⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36916.exe
        8⤵
        
        PID:16596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20475.exe
        8⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58588.exe
        7⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22667.exe
        7⤵
        
        PID:15396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32537.exe
        7⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11187.exe
        6⤵
        
        PID:8068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        6⤵
        
        PID:11404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32452.exe
        6⤵
        
        PID:14684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43949.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24998.exe
        6⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37494.exe
        7⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41838.exe
        8⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38420.exe
        8⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8747.exe
        8⤵
        
        PID:15668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60812.exe
        8⤵
        
        PID:18136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18412.exe
        7⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15748.exe
        7⤵
        
        PID:14332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36995.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44475.exe
        7⤵
        
        PID:18420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17435.exe
        6⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64757.exe
        7⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47349.exe
        6⤵
        
        PID:10000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        6⤵
        
        PID:14032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3548.exe
        6⤵
        
        PID:17716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13206.exe
        6⤵
        
        PID:16048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10363.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13195.exe
        5⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21.exe
        6⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57726.exe
        7⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27878.exe
        7⤵
        
        PID:17900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59077.exe
        6⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64756.exe
        6⤵
        
        PID:13636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51525.exe
        6⤵
        
        PID:16556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21084.exe
        6⤵
        
        PID:14856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57613.exe
        5⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38878.exe
        6⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22676.exe
        6⤵
        
        PID:11972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28338.exe
        6⤵
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5635.exe
        5⤵
        
        PID:10912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
        5⤵
        
        PID:14668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10125.exe
        5⤵
        
        PID:14700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39259.exe
        5⤵
        
        PID:6612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41636.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-581.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        6⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4733.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19550.exe
        8⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56885.exe
        8⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        8⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34206.exe
        8⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60812.exe
        8⤵
        
        PID:16676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42252.exe
        7⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22667.exe
        7⤵
        
        PID:15404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29975.exe
        7⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40010.exe
        7⤵
        
        PID:15732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46845.exe
        6⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34393.exe
        7⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46385.exe
        7⤵
        
        PID:14648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41676.exe
        6⤵
        
        PID:10116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15748.exe
        6⤵
        
        PID:12484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36995.exe
        6⤵
        
        PID:16732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53220.exe
        6⤵
        
        PID:18228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46740.exe
        5⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1189.exe
        6⤵
        
        PID:9044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36884.exe
        6⤵
        
        PID:13168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57861.exe
        6⤵
        
        PID:16604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-190.exe
        6⤵
        
        PID:760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54157.exe
        5⤵
        
        PID:9012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20627.exe
        5⤵
        
        PID:11780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
        5⤵
        
        PID:16916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55686.exe
        5⤵
        
        PID:14804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9787.exe
        5⤵
        
        PID:12376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
      4⤵
      PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40566.exe
        5⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27510.exe
        6⤵
        
        PID:8948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56101.exe
        6⤵
        
        PID:11924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
        6⤵
        
        PID:15652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52260.exe
        6⤵
        
        PID:17048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59445.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15748.exe
        5⤵
        
        PID:11940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36995.exe
        5⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35651.exe
        5⤵
        
        PID:9536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32123.exe
      4⤵
      PID:7252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7845.exe
        5⤵
        
        PID:13368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25291.exe
        5⤵
        
        PID:18424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53477.exe
      4⤵
      PID:8560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62486.exe
      4⤵
      PID:13628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21859.exe
      4⤵
      PID:15872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42459.exe
      4⤵
      PID:5216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16260.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16260.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61694.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47286.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
        6⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43166.exe
        7⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58646.exe
        8⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5556.exe
        8⤵
        
        PID:11516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
        8⤵
        
        PID:16796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28869.exe
        8⤵
        
        PID:17996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37156.exe
        7⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10948.exe
        7⤵
        
        PID:12612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
        7⤵
        
        PID:16924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60152.exe
        7⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        6⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41764.exe
        7⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44197.exe
        7⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20363.exe
        7⤵
        
        PID:17340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3635.exe
        7⤵
        
        PID:18108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5251.exe
        6⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29293.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
        6⤵
        
        PID:16876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60152.exe
        6⤵
        
        PID:17872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63461.exe
        5⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31438.exe
        6⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2061.exe
        7⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56885.exe
        7⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24123.exe
        7⤵
        
        PID:17196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53340.exe
        7⤵
        
        PID:18004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
        6⤵
        
        PID:9848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20843.exe
        6⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        6⤵
        
        PID:16988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64329.exe
        6⤵
        
        PID:14636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17627.exe
        5⤵
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
        6⤵
        
        PID:8316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24388.exe
        6⤵
        
        PID:10780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
        6⤵
        
        PID:15972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3443.exe
        6⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59357.exe
        5⤵
        
        PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26787.exe
        5⤵
        
        PID:10828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
        5⤵
        
        PID:16904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28869.exe
        5⤵
        
        PID:844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
      4⤵
      PID:220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43166.exe
        5⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exe
        6⤵
        
        PID:7268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30147.exe
        6⤵
        
        PID:12264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe
        6⤵
        
        PID:15948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3708.exe
        6⤵
        
        PID:9400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6980.exe
        5⤵
        
        PID:9164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
        5⤵
        
        PID:12196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe
        5⤵
        
        PID:15980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39341.exe
      4⤵
      PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23420.exe
        5⤵
        
        PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15748.exe
        5⤵
        
        PID:12820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36995.exe
        5⤵
        
        PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45827.exe
        5⤵
        
        PID:9152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50692.exe
      4⤵
      PID:8384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2084.exe
      4⤵
      PID:12352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11381.exe
      4⤵
      PID:16944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55372.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55372.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10389.exe
        5⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28662.exe
        6⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4661.exe
        7⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2012.exe
        7⤵
        
        PID:14056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22883.exe
        7⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46524.exe
        7⤵
        
        PID:8692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61853.exe
        6⤵
        
        PID:9900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39676.exe
        6⤵
        
        PID:12476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46517.exe
        6⤵
        
        PID:16056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44821.exe
        6⤵
        
        PID:14872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5812.exe
        5⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        6⤵
        
        PID:17856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-875.exe
        6⤵
        
        PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
        5⤵
        
        PID:10060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        5⤵
        
        PID:13356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12107.exe
        5⤵
        
        PID:972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26652.exe
      4⤵
      PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8381.exe
        5⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47830.exe
        6⤵
        
        PID:15008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26918.exe
        6⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37004.exe
        6⤵
        
        PID:17932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58501.exe
        5⤵
        
        PID:9612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
        5⤵
        
        PID:13920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28749.exe
        5⤵
        
        PID:16628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3258.exe
        5⤵
        
        PID:6404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10715.exe
      4⤵
      PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61699.exe
        5⤵
        
        PID:8
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24957.exe
      4⤵
      PID:10616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21795.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
      4⤵
      PID:1432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24053.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24053.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26726.exe
      4⤵
      PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22990.exe
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57134.exe
        6⤵
        
        PID:11824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43636.exe
        6⤵
        
        PID:15564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36914.exe
        6⤵
        
        PID:332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        5⤵
        
        PID:10980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
        5⤵
        
        PID:14796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5003.exe
        5⤵
        
        PID:17032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15506.exe
        5⤵
        
        PID:5288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60981.exe
      4⤵
      PID:8180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61084.exe
      4⤵
      PID:10512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21908.exe
      4⤵
      PID:15116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
      4⤵
      PID:18088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
      4⤵
      PID:18408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36243.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36243.exe
    3⤵
    PID:6096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14821.exe
      4⤵
      PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5541.exe
        5⤵
        
        PID:13888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47876.exe
        5⤵
        
        PID:17948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5371.exe
      4⤵
      PID:15608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
      4⤵
      PID:7076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55381.exe
    3⤵
    PID:8172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15990.exe
      4⤵
      PID:9972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24596.exe
      4⤵
      PID:12812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54021.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:17560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
    3⤵
    PID:2772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18755.exe
    3⤵
    PID:11680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
    3⤵
    PID:16888
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35372.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35372.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60822.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60822.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12493.exe
      4⤵
      Executes dropped EXE
      PID:840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39502.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42294.exe
        6⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31438.exe
        7⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59134.exe
        8⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48701.exe
        8⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9899.exe
        8⤵
        
        PID:16216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60812.exe
        8⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
        7⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5083.exe
        7⤵
        
        PID:12256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59309.exe
        7⤵
        
        PID:16860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        7⤵
        
        PID:8428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19075.exe
        6⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4631.exe
        7⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39307.exe
        7⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39957.exe
        6⤵
        
        PID:10548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25059.exe
        6⤵
        
        PID:14952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62500.exe
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11941.exe
        6⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45629.exe
        6⤵
        
        PID:11772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
        6⤵
        
        PID:15744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59253.exe
        5⤵
        
        PID:8392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-835.exe
        5⤵
        
        PID:13124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43862.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3355.exe
        5⤵
        
        PID:9156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11276.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24614.exe
        5⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44733.exe
        6⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56854.exe
        7⤵
        
        PID:14144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41820.exe
        7⤵
        
        PID:14988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54987.exe
        7⤵
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41484.exe
        6⤵
        
        PID:10108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64556.exe
        6⤵
        
        PID:15348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58281.exe
        6⤵
        
        PID:17516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        5⤵
        
        PID:7948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14300.exe
        5⤵
        
        PID:11052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33611.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28955.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22990.exe
        5⤵
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
        6⤵
        
        PID:17456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4715.exe
        6⤵
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19476.exe
        5⤵
        
        PID:10076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38332.exe
        5⤵
        
        PID:11856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29029.exe
        5⤵
        
        PID:17352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3642.exe
        5⤵
        
        PID:17940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
      4⤵
      PID:8156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
      4⤵
      PID:9356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62245.exe
      4⤵
      PID:15068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4078.exe
      4⤵
      PID:18016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36622.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22990.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2253.exe
        7⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15852.exe
        7⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15955.exe
        7⤵
        
        PID:17228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37004.exe
        7⤵
        
        PID:17796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50420.exe
        6⤵
        
        PID:10860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
        6⤵
        
        PID:14776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        6⤵
        
        PID:17688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe
        5⤵
        
        PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59636.exe
        5⤵
        
        PID:12336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56101.exe
        5⤵
        
        PID:16192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21374.exe
        5⤵
        
        PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18147.exe
        5⤵
        
        PID:16580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32900.exe
      4⤵
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46373.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1144.exe
        6⤵
        
        PID:15852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2947.exe
        5⤵
        
        PID:11044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49101.exe
        5⤵
        
        PID:13964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        5⤵
        
        PID:17672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16771.exe
      4⤵
      PID:7664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31597.exe
      4⤵
      PID:10580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25059.exe
      4⤵
      PID:14940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18187.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18187.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9076.exe
      4⤵
      PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27422.exe
        5⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        6⤵
        
        PID:17488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48229.exe
        5⤵
        
        PID:12972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5571.exe
        5⤵
        
        PID:16160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13539.exe
        5⤵
        
        PID:9128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13699.exe
      4⤵
      PID:8804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
      4⤵
      PID:13240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
      4⤵
      PID:16776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12340.exe
      4⤵
      PID:17912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46253.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46253.exe
    3⤵
    PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50094.exe
      4⤵
      PID:8564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
      4⤵
      PID:11432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9516.exe
      4⤵
      PID:15932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53757.exe
      4⤵
      PID:2664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17339.exe
    3⤵
    PID:7836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7460.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7460.exe
    3⤵
    PID:12600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34822.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34822.exe
    3⤵
    PID:13884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6587.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6587.exe
    3⤵
    PID:2160
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35861.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35861.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61502.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8941.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        5⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22990.exe
        6⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26413.exe
        7⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        6⤵
        
        PID:10996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
        6⤵
        
        PID:14756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62372.exe
        6⤵
        
        PID:712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52813.exe
        5⤵
        
        PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18323.exe
        5⤵
        
        PID:13088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1804.exe
        5⤵
        
        PID:16440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        5⤵
        
        PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25308.exe
      4⤵
      PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
        5⤵
        
        PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45325.exe
        5⤵
        
        PID:9932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40060.exe
        5⤵
        
        PID:13684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43357.exe
        5⤵
        
        PID:16436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25839.exe
        5⤵
        
        PID:17120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
        5⤵
        
        PID:3544
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 212
        6⤵
        Program crash
        
        PID:8444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19355.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30053.exe
      4⤵
      PID:10296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
      4⤵
      PID:12668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61109.exe
      4⤵
      PID:16868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21748.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21748.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26726.exe
      4⤵
      PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63181.exe
        5⤵
        
        PID:7924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6132.exe
        5⤵
        
        PID:11068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8723.exe
        5⤵
        
        PID:14704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15914.exe
        5⤵
        
        PID:5612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13404.exe
      4⤵
      PID:7884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
        5⤵
        
        PID:5572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
      4⤵
      PID:10068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15748.exe
      4⤵
      PID:11932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36995.exe
      4⤵
      PID:15644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20379.exe
      4⤵
      PID:11712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5411.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5411.exe
    3⤵
    PID:6088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53742.exe
      4⤵
      PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4661.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2012.exe
        5⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46149.exe
        5⤵
        
        PID:17924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53493.exe
      4⤵
      PID:9912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
      4⤵
      PID:13460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3092.exe
      4⤵
      PID:15004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28722.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9076.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9076.exe
    3⤵
    PID:7952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31422.exe
      4⤵
      PID:3480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21195.exe
    3⤵
    PID:10368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5732.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5732.exe
    3⤵
    PID:13548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
    3⤵
    PID:17476
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3947.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3947.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
      4⤵
      PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37214.exe
        5⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31022.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        5⤵
        
        PID:10956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23061.exe
        5⤵
        
        PID:14828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        5⤵
        
        PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61541.exe
        5⤵
        
        PID:18360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62988.exe
      4⤵
      PID:8696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25157.exe
      4⤵
      PID:11592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57732.exe
      4⤵
      PID:15040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60133.exe
      4⤵
      PID:15912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33092.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33092.exe
    3⤵
    PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29046.exe
      4⤵
      PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59766.exe
        5⤵
        
        PID:16572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19476.exe
      4⤵
      PID:3664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15939.exe
      4⤵
      PID:13824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28941.exe
      4⤵
      PID:17624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27523.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27523.exe
    3⤵
    PID:8112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63033.exe
      4⤵
      PID:16712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38731.exe
      4⤵
      PID:7488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48885.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48885.exe
    3⤵
    PID:10564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14483.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14483.exe
    3⤵
    PID:13968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19692.exe
    3⤵
    PID:17504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42459.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42459.exe
    3⤵
    PID:7072
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64389.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64389.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60166.exe
    3⤵
    PID:5456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45382.exe
      4⤵
      PID:6476
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 632
        5⤵
        Program crash
        
        PID:12780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
      4⤵
      PID:11176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5371.exe
      4⤵
      PID:15712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38292.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38292.exe
    3⤵
    PID:8088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43020.exe
    3⤵
    PID:10552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23149.exe
    3⤵
    PID:14016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36227.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36227.exe
    3⤵
    PID:17512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34737.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34737.exe
    3⤵
    PID:17028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7722.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7722.exe
    3⤵
    PID:14908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26494.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26494.exe
  2⤵
  PID:5668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
    3⤵
    PID:7004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36846.exe
      4⤵
      PID:9616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33916.exe
      4⤵
      PID:12208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56988.exe
      4⤵
      PID:17168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61892.exe
      4⤵
      PID:17264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2564.exe
    3⤵
    PID:9676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29779.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29779.exe
    3⤵
    PID:12488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
    3⤵
    PID:16936
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18139.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18139.exe
  2⤵
  PID:7472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64254.exe
    3⤵
    PID:12052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
    3⤵
    PID:16932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36314.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36314.exe
    3⤵
    PID:17068
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12348.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12348.exe
  2⤵
  PID:9924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56349.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56349.exe
  2⤵
  PID:13984
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35749.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35749.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:16640
- C:\Users\Admin\AppData\Local\Temp\Unicorn-643.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-643.exe
  2⤵
  PID:2876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5344 -ip 5344
1⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 6356 -ip 6356
1⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 6476 -ip 6476
1⤵
PID:11992

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:17960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 3544 -ip 3544
1⤵
PID:7384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11621.exe

Filesize
468KB

MD5
b4e2a34e7d68f731fad424b39f1e5ca2

SHA1
5b72b3cd15d7bf171497dabcf2fcc754cbc20d54

SHA256
7f6a70a46066386e94dc0d44534c3c8d684af0bd790eef51ebeeba89854f7611

SHA512
94a772f46c5bf10dde69aafb8dfd664923f45adf77880ff0769a4d8c9eac9d7b6a7e2fa7d6120dffff0f77a02f3bdd45760670b03dc31ea8b9d122b09f0b3b7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12493.exe

Filesize
468KB

MD5
ca2183c929cc0208f4591b76d0a36955

SHA1
47a704661de59afa96a003b013e7e08511aaf045

SHA256
604654c6f48e23203439b8c7c53c5faf91cffcf7e15873db6696775959f9b0b8

SHA512
ec028af897782fb270e21505d8455542cd691e2b83529de106a332ab4eae3d68152aa66d321740ac61c9b433382ae90a0d7c2e0eb5c10aa009de71c1ec4c05f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12612.exe

Filesize
468KB

MD5
c77d2881ebc0b992c151eb3a82fe2413

SHA1
59e529c3ed7a36c9aac410b25190157e6a5cb4b4

SHA256
22e1f3f89955f8255fb117cc8b8d0e71ab967a1001e408545618ef0f69f940ae

SHA512
7b7a729b65506561dadac73dd4a2afa6f8523979630ea06d070b131859859354ca650d88b36fe0a80962d477439f7acf191a111450890020e77302749364824c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16260.exe

Filesize
468KB

MD5
66a11e7bfe83d98fa15cfd28ad1ace76

SHA1
a6d0e19db8c4bd309bdbbd738f8d754f9e105c74

SHA256
0b1684bc00911d1eb1195256384d4096eef9a004df2a859333d98aa1a1be342c

SHA512
37b043ab81758376b5661c19594225a165d238b3862d55bb11792e06dfbb9cbffa3d8d8a81d5c66949961891b682c4e7e5e5e41e89179af5ab1a41e69de0f29d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16598.exe

Filesize
468KB

MD5
c8dcadbe992da705b2d2bf3ff33abceb

SHA1
09dbf2941a51216cb77d44fbc2592f15b9baa26e

SHA256
511b533a3b5d8c15ca112fb6b682ae9bce611eaea7409d099d05170a945f19f9

SHA512
22f440c89e9d045b6933b4c9c99cd5fd94b97ef42415390841eccab6291e03a57bdcd0aea519e1b6f1aa2c3cd94012ddf2fda30d9d98f4a8299dd662fabe3a9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16603.exe

Filesize
468KB

MD5
36ec6ddd487516f00eb22369f8c325d8

SHA1
229c2e237dd15a47169e02ae6a32e0a973be8c33

SHA256
2bdb6a23b062cb683783b9a7c90cc7b1ed7602db3723c8f7e03a7ebed2605cdb

SHA512
8aed709b018a3e1e86e32ef4cb000dd54b7114b62aef8a5cb829db21b644246dff3804639c714128c57080828e12928488252e5718a1f4c7770cd5a77cb75000

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22316.exe

Filesize
468KB

MD5
a07a2f263e70fe3a6eeb2b8eb4d11b64

SHA1
04b4ae6a0eaf30ea75d401e25a2d1c6e775caf1c

SHA256
2c18c6b2c6e2fe998103515f33bb3e8511dd455253506a8e932c2f518448dc7a

SHA512
4fa06a1083777f31705fa2f8e261420374fad8077091bfe8dbd12d81a640a38bc1c5aad71bca091c231adc4794166831a433125f8a163f755567a29d72e6cbc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28932.exe

Filesize
468KB

MD5
094a8a75eff950c906d92a6c4ba99ae9

SHA1
b3b708f498b6cde275302de3671ec09668b393d8

SHA256
188d895b82135153c7ed51f1067b03a8390721cc1c4a1d2f4b278f56d518988d

SHA512
60e8b67ecffaa409512890ce6ad2c61de7e75e634e993452d33e5c220c2445300ae5e0acb9ea8c0dd2ca4fa076551d5402c9f6e487641bd965c69cc1b784c24a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe

Filesize
468KB

MD5
9078627353cf7a58469bb1f89dd532d0

SHA1
d2c684e5101f60b6aa93b06b3840321c2ec0ebc7

SHA256
ed394324459bd827a5c21e0330e451e84ea103185a4a0091f02051c1e0ef9f4e

SHA512
ee7f09bec8a936188607f75fd41119444f322288d5a4f9ff17a8c573796fff56c80192465feec209c3b7260f848dfb454fe96435f58e69d6ffe52f5497958958

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29995.exe

Filesize
468KB

MD5
66aba72a437f2cc1e413708c7a18d746

SHA1
486e92cf584cd5859eafa1ab19e96faa685e1480

SHA256
665867c17baacc85149924140761d75878ab873ed822092ba3b97dee0257ac28

SHA512
47e8f942b2ccb1b54422b040c7c15be677918893043788afcc1b3301f222d1fdf2e643e6ce6c19fe99967d13fbb543c4a2ac8f80788611abba8b25c5459b5f56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34428.exe

Filesize
468KB

MD5
c8e1bfa543c866d18a2db4be819a1f53

SHA1
72a86e89bd5a52e792db72db87bb969a87f9b523

SHA256
ab9a1dc84e128209b15d611488ef403c80a622071df704ae99365da36c603746

SHA512
40e15794abcb44b11428ac441b855836b0c4af1e38ce0d8f4b5747b9b7596b122d3cadeec2164980322b4a4b87a3a841fe073f4d64dfdb09b15938f112141a58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35372.exe

Filesize
468KB

MD5
b0eb2b48b72569c40c556ea0ed876e3c

SHA1
79ba7d1237aaff96084d0efae17dc6191f4c9589

SHA256
39dc740d3805ca6cef5efac49abb864040514f921c5603bf2c2e7ffe863218ad

SHA512
ca10efe7452cfd4a378385dd59df18d3c47715d18d72c14530f325131b4bf9bd812e8a87721abe805787527a689fcbef518d55f645d2e6ea1928a106d4888bdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35861.exe

Filesize
468KB

MD5
ceaa1572c9c199e735f536a230618f70

SHA1
1751f8ff50208542e4278378cbbe082de4d20de2

SHA256
1944657ecb1bafa9df8c11292ca73ab15cbc24009851124d7c7d0a19eada1d8a

SHA512
a8b6dc5a63c060c26479ce2d8194251fb91f241acf2a0badd8527ff6718ada642fd44f245384ea5f1f6f433890de09e1f16d5190f634010a664aaf93b530b1ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3947.exe

Filesize
468KB

MD5
a289b4bdcd6a986db4bee1cd2b57366a

SHA1
61ab304857234d6cc0cd8770b2b4b307905ddcee

SHA256
3050c66a0b54b540b2395f48588bea0f011866f11971874d4af3c5c4e153fa17

SHA512
ea497eb9b774813123bff312347314875215e3c97132abef73f300da03130806799ecc9329792426cfd2a23734b5cc93a475cea54d344ea1a289d2d35b1f9d87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3955.exe

Filesize
468KB

MD5
e60b85f2f98339396b8c5414123379b2

SHA1
3b35387882fa878404067fe0735735baedc6fd22

SHA256
475ca5213591749d89a62fe0aa289e311171d8cd9e56e145607a1a55aa958e77

SHA512
81efe254d5c644d1fdf58146e2a153664601033ec200149368ff1177c53ee37eea9b61632fcca55f9fb1eef1e77205fea1d56b386224962762f3e398bc59e76b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40926.exe

Filesize
468KB

MD5
ba2e44769a29ca3c71ed1555e7732bd6

SHA1
244d5acb8e8909df909ccbb10eaf5f5d90c6bada

SHA256
11f17c9088cce7c67ba7e7d81e6725af6dc1cd8451fe93b0572f4821e2dc73ca

SHA512
9b35529d371b3b70e9585b997e5aab63870b7769b4b1fdb2e6df739146c8d6fa91bfb6c6efcf2f785ed37346f099a38106dbdb33bef2da8738ae69cd625ccce4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41636.exe

Filesize
468KB

MD5
fd4b68015a965867b9ccf8c3b876f877

SHA1
bc997a07e1d56b3a678f5eb0c634a982eb139896

SHA256
492635029692facfa1e40232bf4b6d7666e04fac78d0788c2c3e79e30e7eae0a

SHA512
b7c564d7499d5b87a1c77795f7032ba28c39480a13fc9744ac94f6ba8ae89190332a107e071f7748a8da314db497d25e9ebfd34ef64b351b37558824e6c8f2e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43718.exe

Filesize
468KB

MD5
d4f2a1f2ce1e6ecea726a256951f32ac

SHA1
39ddda66d6a860240d2f8886e5964130caac7099

SHA256
57332350c6f45da2388b99bfc4bd39551edf29fbc7a4c5195ed275c62aacf551

SHA512
3b919ffee1c7bb394506345e737652e7fa627c52db661c0e2c6e3850477c1a5cf0a5f810c74fa64422fc6e35e2642cc1d8493ae92c830a653743085e66572a6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe

Filesize
468KB

MD5
d68351617be1b90313f938b3ad76124c

SHA1
ad26aadb9e41db8fbc572a259e6a4e5a0c98c29f

SHA256
ace69b11f6b4b4fcf0776416a37ba0b3a9a517317873dc26829f65d5bb4c7dfc

SHA512
1ab4acc29c498e99dbed666719ad688a10f7c7d196a34e36565893790cee220871c1391b0c1068b474e282f318caf730dfa77d3178135651af73cb35330b4765

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54501.exe

Filesize
468KB

MD5
25e6e8c55e75330bff68dbc2eb79fd81

SHA1
133f636ce7f1b155f2339004d20f126a4af2c4e0

SHA256
d2f876967984e0c005a6d6380689c0e71d7661752c18f52f2dee55b949f87493

SHA512
de2d75598fb6f18ea3b9cad45172dcff5c465b491bf9b43ae60ac3bea84ede700e090a842d65b230355cdb84a72b1505b26c45b2923898365db998a2c07c00ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55372.exe

Filesize
468KB

MD5
661e47b3774b8f1acec96028923a7df7

SHA1
ffdd3eacbd05112818fada1423240585b401cc71

SHA256
92285b5317612df12570c07e18946f0d8ffa3ac8d857eb6f5292eeb938ee0d40

SHA512
1bdacaa26f3d836cf0113556580c5abeaf5f48c889a77df81b4211ada0bc658fec22c0c5d194b60e7fbde8de5c726f2a2d25c8bb8e0f566c791936d18ebdf2d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56110.exe

Filesize
468KB

MD5
bb1978e299babdd40f5e23ab8e6e4656

SHA1
b8a22ec06c533630c35d3c54f762bcc75343f57b

SHA256
150f84573168b5da9af3e5b4385b4b9633e6c8facc8b9ddae5e92d1d5892f8a1

SHA512
fae82ff47f225725de8722e399cc15d9576b338a71fe94f995067ca7d5488c1890f29f7d7a5079c6f5d1f5de84f2f5dfcd7bd9b7db1511408b9814f46c19cdf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57838.exe

Filesize
468KB

MD5
6e9552df1cda1b7e67f8dd80eddf0bff

SHA1
7ea42cf78973cc04141579f5a1632e77bc9dc846

SHA256
69afdde8ac09903f0b59c6f108c45e166859076b6c94d6e020756d2d3927ee01

SHA512
7128e5c85e014842ac1935261f7ca18a3da35dd66f44055f008a640f583b470cb9a2fabd3507af32ff9ce7d72c9344f7ca3955e060d2d3f0870d2434948cc055

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58549.exe

Filesize
468KB

MD5
f046ca022beb66fbba9a9a0590d63112

SHA1
f855b9c0f965e2e01c96967d10620596b703b12a

SHA256
cc8fe730000ac3b9e6877f5335097496564a4931ebbb1dc18b425aa74d8a7ff9

SHA512
050f894a334c9ecfee56e981c53b864f96c2b38baca2e918ca3ea3b795431b3ab3f0551087e6df8f6376cc5cd1decba068c2580549aa97c2dd241b98782a07fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60822.exe

Filesize
468KB

MD5
9f479a8e1292663b2efd5b51948b4797

SHA1
ab37ddd138807776127ac37511ad795592a219b7

SHA256
0715359f9f0ce9023bddebf5dfd83f1a8ddc02e735aa69977d8a648967c8f468

SHA512
41687de4b009b7696ed391ef934ac10339db79c40b192b8c883940b6183cc1994ae68a1f1fafaced8dd427755aaea38c29ba49374ef82cbfafed46bb8cda00dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61502.exe

Filesize
468KB

MD5
24223b012826775f13f5497468b43527

SHA1
3d9b5bd05553b8543133ab074428c520e42753df

SHA256
e2fb6bd679ac817efc2f64533139af4f4dd9bdac504c3d47c7cc5c46eaf0d203

SHA512
4c5b2a670f212973cd42d1ea980d01fbf6a4ae4951a23c1fe20726df5a953e3d43a58bde9a0ed70add49b0074afe2fdedc0a0f9dbc2c087ecc95ada895a5eb07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61694.exe

Filesize
468KB

MD5
5ab5db975eff71f0b690344198eb2900

SHA1
343f802bcbdc4b39c86d1301706f74d8fbdf537f

SHA256
6ee6375c7ff5905471533ea65a6cd09ec9fb7b9f126639f01f66a95a7d30c723

SHA512
d49dc57cc05e2c12b3f05a129596312c60c765d60cb21010cc1623c28b72c928973a2c786be20636bb1258ccebb50592688409f9570eac4581a0076c5e065919

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65134.exe

Filesize
468KB

MD5
5ebbb42abd20aae940a5ea627b26c347

SHA1
7d521d949bbf52816cc74117013a7bce976f8123

SHA256
a2eaa5d70f524b33fd549d7f439b58560f0f713e2a230f24a5eab37ee71c4156

SHA512
fbf3e498e7bf7a00d1e6f5871f454bc4f6c3886c4eb7de408c9dc2eb934d20e3c0c1b09eec0b7143b871ed9dec857b56251081f19e2f0e6c1e322a016a072e2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65461.exe

Filesize
468KB

MD5
95aeca304c38649ddb62891e9b586d1e

SHA1
64cc48cb72d543b8169e2aa7a2699649d40e6d68

SHA256
1fc38b988c84b0362c71b171d3da4bb02633e09770117440f418f92897e0fa19

SHA512
3b5cf6cb7134c31155aa75a5453f8c2b1e67d8f99e5be2cacbda279651f93b9ad0e0c9be5dd067deffc6117b429211a68dd3be1f6bfa50715c153a65aba1fe09

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6815.exe

Filesize
468KB

MD5
da3e10d14e053e868409062588f9de90

SHA1
e67ff7faa3816df2c9a9230f9bd9bfce012b584a

SHA256
fb8e3776235de970acf16d8322be5b1f1952b828aac1d1b5374f83f7af7a6ac9

SHA512
e7db8bcd2e48b493b9453f262feb155add2dea2c4a6536dc6a53d8f6a2b6873947bf0a58cd49c1644e8a9de65a95ad053819ef9ab091ca2102aa131962025ec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe

Filesize
468KB

MD5
5f468c135334e6463cba4689ec9cc5d5

SHA1
16b6dcf3c8a5a5623e032526d4f580ebf07f8ace

SHA256
b32415c8887708583dddda4f8490ee94dd01267b75475c3a4c7adea1dc55b586

SHA512
b7a8033e8e3fed91328201107c0b600c062d49e6d5ab40b5b01b24af6ddf87986d60ecf90b76082de417ed1feb3fa9118664023c023edc581fa61791cdfd72c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe

Filesize
468KB

MD5
0b3792838bf435ee651b0dffaf26ef88

SHA1
ebc39328c9c22b0660373e9815b6e8983c117d6a

SHA256
a07ad24c42a36079f8a83fcb4cf1f1f93f0627b54b035e23d38dcc472831f909

SHA512
ec70248e90dea292fdda56cd169cb692f80197eb1299aa08b2babbe41473fd8e6005951578931747bff234417b2384abdf870ae2294105389600f195c0385906

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads