fc88339097827c7138cb37047fcd4320d639ffda7534dd4c04e05d2904c3703d

Analysis

max time kernel
119s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 22:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b2aa683b1f2a75fa3320fdfb4d51240N.exe
Size

468KB
MD5

4b2aa683b1f2a75fa3320fdfb4d51240
SHA1

75aca46e540c17a697de5652963710d3f6c691ee
SHA256

fc88339097827c7138cb37047fcd4320d639ffda7534dd4c04e05d2904c3703d
SHA512

81320c9be669697ad0c60443f6abbc73fd9066611960a92db844f927b541f1761039dd03b196b1dbf364d9f790d7eb3623b6ec3ced0ac14660b7d6555b17b105
SSDEEP

3072:1VAcogCdId5ptbYGPOtjcc8/r2C4P3p5ymHekVqh/ef84UQ6XGhlO:1VPoGbpt5POjcchZih/eUlpXG

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4008	Unicorn-42635.exe
4952	Unicorn-54093.exe
2700	Unicorn-30143.exe
432	Unicorn-45515.exe
2288	Unicorn-21565.exe
3996	Unicorn-490.exe
5008	Unicorn-6620.exe
2744	Unicorn-50715.exe
1192	Unicorn-36417.exe
1092	Unicorn-60829.exe
4428	Unicorn-13766.exe
1764	Unicorn-9682.exe
4348	Unicorn-32795.exe
4244	Unicorn-55354.exe
3620	Unicorn-40144.exe
4044	Unicorn-63927.exe
1496	Unicorn-55759.exe
2456	Unicorn-27482.exe
4808	Unicorn-26355.exe
2648	Unicorn-46221.exe
1036	Unicorn-1659.exe
920	Unicorn-15302.exe
3456	Unicorn-11218.exe
4884	Unicorn-58181.exe
4816	Unicorn-64311.exe
4548	Unicorn-58181.exe
4464	Unicorn-16486.exe
2604	Unicorn-28109.exe
3296	Unicorn-60227.exe
1408	Unicorn-25417.exe
1164	Unicorn-49319.exe
1228	Unicorn-36875.exe
3608	Unicorn-4757.exe
2356	Unicorn-673.exe
2516	Unicorn-12370.exe
3924	Unicorn-42997.exe
2088	Unicorn-36112.exe
4420	Unicorn-29283.exe
628	Unicorn-29283.exe
3844	Unicorn-31229.exe
556	Unicorn-402.exe
700	Unicorn-6532.exe
2480	Unicorn-52204.exe
2204	Unicorn-37351.exe
3896	Unicorn-18785.exe
1608	Unicorn-10616.exe
5000	Unicorn-17969.exe
4888	Unicorn-33751.exe
4124	Unicorn-64477.exe
2168	Unicorn-59002.exe
3336	Unicorn-39516.exe
1512	Unicorn-11747.exe
2020	Unicorn-17415.exe
3908	Unicorn-54171.exe
3260	Unicorn-50087.exe
552	Unicorn-39516.exe
5076	Unicorn-46003.exe
668	Unicorn-9146.exe
4948	Unicorn-22053.exe
1400	Unicorn-12177.exe
3632	Unicorn-23637.exe
1836	Unicorn-48909.exe
4192	Unicorn-52993.exe
2520	Unicorn-5738.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
6100	628	WerFault.exe	131
5452	4420	WerFault.exe	132
8400	8536	WerFault.exe	443
15616	13700	WerFault.exe	683

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18928.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23553.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61639.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49568.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51757.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50196.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56875.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12173.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34125.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63320.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16931.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11462.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63102.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44929.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16128.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58181.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13770.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22810.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43961.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27462.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13770.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21565.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43538.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19905.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19905.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60912.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34706.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5738.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37462.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13896.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55988.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19930.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21987.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8620.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4076	dwm.exe
Token: SeChangeNotifyPrivilege	4076	dwm.exe
Token: 33	4076	dwm.exe
Token: SeIncBasePriorityPrivilege	4076	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1068	4b2aa683b1f2a75fa3320fdfb4d51240N.exe
4008	Unicorn-42635.exe
4952	Unicorn-54093.exe
2700	Unicorn-30143.exe
2288	Unicorn-21565.exe
5008	Unicorn-6620.exe
432	Unicorn-45515.exe
3996	Unicorn-490.exe
2744	Unicorn-50715.exe
1192	Unicorn-36417.exe
1092	Unicorn-60829.exe
4348	Unicorn-32795.exe
4244	Unicorn-55354.exe
3620	Unicorn-40144.exe
4428	Unicorn-13766.exe
1764	Unicorn-9682.exe
4044	Unicorn-63927.exe
1496	Unicorn-55759.exe
2456	Unicorn-27482.exe
2648	Unicorn-46221.exe
4808	Unicorn-26355.exe
1036	Unicorn-1659.exe
920	Unicorn-15302.exe
3456	Unicorn-11218.exe
4884	Unicorn-58181.exe
4548	Unicorn-58181.exe
4816	Unicorn-64311.exe
3296	Unicorn-60227.exe
1408	Unicorn-25417.exe
2604	Unicorn-28109.exe
4464	Unicorn-16486.exe
1164	Unicorn-49319.exe
1228	Unicorn-36875.exe
3608	Unicorn-4757.exe
2516	Unicorn-12370.exe
2356	Unicorn-673.exe
2088	Unicorn-36112.exe
3924	Unicorn-42997.exe
4420	Unicorn-29283.exe
628	Unicorn-29283.exe
3844	Unicorn-31229.exe
2204	Unicorn-37351.exe
700	Unicorn-6532.exe
2480	Unicorn-52204.exe
1608	Unicorn-10616.exe
3896	Unicorn-18785.exe
4888	Unicorn-33751.exe
4124	Unicorn-64477.exe
2168	Unicorn-59002.exe
5000	Unicorn-17969.exe
1512	Unicorn-11747.exe
3336	Unicorn-39516.exe
2020	Unicorn-17415.exe
552	Unicorn-39516.exe
3908	Unicorn-54171.exe
3260	Unicorn-50087.exe
1400	Unicorn-12177.exe
668	Unicorn-9146.exe
5076	Unicorn-46003.exe
4948	Unicorn-22053.exe
3632	Unicorn-23637.exe
1836	Unicorn-48909.exe
3560	Unicorn-20129.exe
2612	Unicorn-55686.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1068 wrote to memory of 4008	1068	4b2aa683b1f2a75fa3320fdfb4d51240N.exe	89
PID 1068 wrote to memory of 4008	1068	4b2aa683b1f2a75fa3320fdfb4d51240N.exe	89
PID 1068 wrote to memory of 4008	1068	4b2aa683b1f2a75fa3320fdfb4d51240N.exe	89
PID 4008 wrote to memory of 4952	4008	Unicorn-42635.exe	93
PID 4008 wrote to memory of 4952	4008	Unicorn-42635.exe	93
PID 4008 wrote to memory of 4952	4008	Unicorn-42635.exe	93
PID 1068 wrote to memory of 2700	1068	4b2aa683b1f2a75fa3320fdfb4d51240N.exe	94
PID 1068 wrote to memory of 2700	1068	4b2aa683b1f2a75fa3320fdfb4d51240N.exe	94
PID 1068 wrote to memory of 2700	1068	4b2aa683b1f2a75fa3320fdfb4d51240N.exe	94
PID 4952 wrote to memory of 432	4952	Unicorn-54093.exe	97
PID 4952 wrote to memory of 432	4952	Unicorn-54093.exe	97
PID 4952 wrote to memory of 432	4952	Unicorn-54093.exe	97
PID 4008 wrote to memory of 2288	4008	Unicorn-42635.exe	98
PID 4008 wrote to memory of 2288	4008	Unicorn-42635.exe	98
PID 4008 wrote to memory of 2288	4008	Unicorn-42635.exe	98
PID 1068 wrote to memory of 3996	1068	4b2aa683b1f2a75fa3320fdfb4d51240N.exe	100
PID 1068 wrote to memory of 3996	1068	4b2aa683b1f2a75fa3320fdfb4d51240N.exe	100
PID 1068 wrote to memory of 3996	1068	4b2aa683b1f2a75fa3320fdfb4d51240N.exe	100
PID 2700 wrote to memory of 5008	2700	Unicorn-30143.exe	99
PID 2700 wrote to memory of 5008	2700	Unicorn-30143.exe	99
PID 2700 wrote to memory of 5008	2700	Unicorn-30143.exe	99
PID 2288 wrote to memory of 2744	2288	Unicorn-21565.exe	101
PID 2288 wrote to memory of 2744	2288	Unicorn-21565.exe	101
PID 2288 wrote to memory of 2744	2288	Unicorn-21565.exe	101
PID 4008 wrote to memory of 1192	4008	Unicorn-42635.exe	102
PID 4008 wrote to memory of 1192	4008	Unicorn-42635.exe	102
PID 4008 wrote to memory of 1192	4008	Unicorn-42635.exe	102
PID 5008 wrote to memory of 1092	5008	Unicorn-6620.exe	103
PID 5008 wrote to memory of 1092	5008	Unicorn-6620.exe	103
PID 5008 wrote to memory of 1092	5008	Unicorn-6620.exe	103
PID 432 wrote to memory of 4428	432	Unicorn-45515.exe	105
PID 432 wrote to memory of 4428	432	Unicorn-45515.exe	105
PID 432 wrote to memory of 4428	432	Unicorn-45515.exe	105
PID 3996 wrote to memory of 1764	3996	Unicorn-490.exe	107
PID 3996 wrote to memory of 1764	3996	Unicorn-490.exe	107
PID 3996 wrote to memory of 1764	3996	Unicorn-490.exe	107
PID 2700 wrote to memory of 4348	2700	Unicorn-30143.exe	104
PID 2700 wrote to memory of 4348	2700	Unicorn-30143.exe	104
PID 2700 wrote to memory of 4348	2700	Unicorn-30143.exe	104
PID 1068 wrote to memory of 3620	1068	4b2aa683b1f2a75fa3320fdfb4d51240N.exe	108
PID 1068 wrote to memory of 3620	1068	4b2aa683b1f2a75fa3320fdfb4d51240N.exe	108
PID 1068 wrote to memory of 3620	1068	4b2aa683b1f2a75fa3320fdfb4d51240N.exe	108
PID 4952 wrote to memory of 4244	4952	Unicorn-54093.exe	106
PID 4952 wrote to memory of 4244	4952	Unicorn-54093.exe	106
PID 4952 wrote to memory of 4244	4952	Unicorn-54093.exe	106
PID 2744 wrote to memory of 4044	2744	Unicorn-50715.exe	109
PID 2744 wrote to memory of 4044	2744	Unicorn-50715.exe	109
PID 2744 wrote to memory of 4044	2744	Unicorn-50715.exe	109
PID 1192 wrote to memory of 1496	1192	Unicorn-36417.exe	110
PID 1192 wrote to memory of 1496	1192	Unicorn-36417.exe	110
PID 1192 wrote to memory of 1496	1192	Unicorn-36417.exe	110
PID 4008 wrote to memory of 2456	4008	Unicorn-42635.exe	111
PID 4008 wrote to memory of 2456	4008	Unicorn-42635.exe	111
PID 4008 wrote to memory of 2456	4008	Unicorn-42635.exe	111
PID 2288 wrote to memory of 4808	2288	Unicorn-21565.exe	112
PID 2288 wrote to memory of 4808	2288	Unicorn-21565.exe	112
PID 2288 wrote to memory of 4808	2288	Unicorn-21565.exe	112
PID 1092 wrote to memory of 2648	1092	Unicorn-60829.exe	113
PID 1092 wrote to memory of 2648	1092	Unicorn-60829.exe	113
PID 1092 wrote to memory of 2648	1092	Unicorn-60829.exe	113
PID 5008 wrote to memory of 1036	5008	Unicorn-6620.exe	114
PID 5008 wrote to memory of 1036	5008	Unicorn-6620.exe	114
PID 5008 wrote to memory of 1036	5008	Unicorn-6620.exe	114
PID 4348 wrote to memory of 920	4348	Unicorn-32795.exe	115

C:\Users\Admin\AppData\Local\Temp\4b2aa683b1f2a75fa3320fdfb4d51240N.exe
"C:\Users\Admin\AppData\Local\Temp\4b2aa683b1f2a75fa3320fdfb4d51240N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1068
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42635.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42635.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54093.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54093.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45515.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13766.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25417.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54171.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2230.exe
        8⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3564.exe
        10⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59812.exe
        10⤵
        
        PID:15200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        10⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19905.exe
        9⤵
        
        PID:13628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8620.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:15988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3132.exe
        8⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41592.exe
        8⤵
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13680.exe
        8⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52562.exe
        7⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47643.exe
        8⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54135.exe
        9⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23273.exe
        9⤵
        
        PID:14244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10943.exe
        8⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38187.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47820.exe
        8⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-289.exe
        7⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
        7⤵
        
        PID:11952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54788.exe
        7⤵
        
        PID:15420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39695.exe
        7⤵
        
        PID:15816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45948.exe
        7⤵
        
        PID:16736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22053.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-860.exe
        7⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5816.exe
        8⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12208.exe
        8⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13875.exe
        8⤵
        
        PID:15052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32131.exe
        8⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10149.exe
        7⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54079.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37993.exe
        7⤵
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-760.exe
        6⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62199.exe
        7⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        7⤵
        
        PID:15632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48153.exe
        7⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        6⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59755.exe
        7⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9241.exe
        7⤵
        
        PID:15936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
        7⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52096.exe
        7⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4940.exe
        6⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2297.exe
        6⤵
        
        PID:15348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26063.exe
        6⤵
        
        PID:8424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28109.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50087.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exe
        7⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        8⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1234.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42131.exe
        9⤵
        
        PID:13820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12208.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47316.exe
        8⤵
        
        PID:15640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8438.exe
        8⤵
        
        PID:15128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5297.exe
        8⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62099.exe
        7⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51322.exe
        7⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
        7⤵
        
        PID:15604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5128.exe
        7⤵
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26111.exe
        6⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55017.exe
        7⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
        7⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        7⤵
        
        PID:13348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe
        7⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        6⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32926.exe
        6⤵
        
        PID:12264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1695.exe
        6⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8968.exe
        6⤵
        
        PID:15536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27666.exe
        6⤵
        
        PID:8880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9146.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53870.exe
        6⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48001.exe
        7⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        7⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        7⤵
        
        PID:15672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
        7⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44165.exe
        6⤵
        
        PID:8408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41592.exe
        6⤵
        
        PID:12240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        6⤵
        
        PID:15160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57440.exe
        6⤵
        
        PID:15624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16931.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42765.exe
        6⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        7⤵
        
        PID:13024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21877.exe
        7⤵
        
        PID:16164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29764.exe
        7⤵
        
        PID:15628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20071.exe
        6⤵
        
        PID:10000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49453.exe
        6⤵
        
        PID:14224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-217.exe
        6⤵
        
        PID:892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16128.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20693.exe
        5⤵
        
        PID:10916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
        5⤵
        
        PID:14372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32606.exe
        5⤵
        
        PID:15720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55354.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11218.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64477.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12536.exe
        7⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        8⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58966.exe
        8⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        8⤵
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62272.exe
        8⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-533.exe
        7⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45007.exe
        8⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12199.exe
        8⤵
        
        PID:13736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27818.exe
        8⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40029.exe
        7⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12339.exe
        7⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31562.exe
        7⤵
        
        PID:8352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23973.exe
        6⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65323.exe
        7⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10149.exe
        7⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe
        7⤵
        
        PID:13860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52096.exe
        7⤵
        
        PID:15488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53739.exe
        6⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20669.exe
        7⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44374.exe
        7⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45894.exe
        6⤵
        
        PID:10940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3674.exe
        6⤵
        
        PID:14356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25203.exe
        6⤵
        
        PID:8040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59002.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2230.exe
        6⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55017.exe
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54882.exe
        7⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        7⤵
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60456.exe
        7⤵
        
        PID:8480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62178.exe
        6⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46159.exe
        7⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52630.exe
        7⤵
        
        PID:14592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32416.exe
        7⤵
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47813.exe
        6⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39409.exe
        6⤵
        
        PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-760.exe
        5⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33445.exe
        6⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62687.exe
        7⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17435.exe
        7⤵
        
        PID:14060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        6⤵
        
        PID:8068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19905.exe
        6⤵
        
        PID:14568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13088.exe
        6⤵
        
        PID:8776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20133.exe
        5⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10554.exe
        6⤵
        
        PID:12020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11379.exe
        6⤵
        
        PID:12420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48650.exe
        6⤵
        
        PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43835.exe
        5⤵
        
        PID:9612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35161.exe
        5⤵
        
        PID:15256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31709.exe
        5⤵
        
        PID:15996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33751.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14866.exe
        6⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40845.exe
        7⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18251.exe
        8⤵
        
        PID:13864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53554.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16013.exe
        7⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exe
        7⤵
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25402.exe
        7⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26215.exe
        6⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
        7⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-305.exe
        7⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50315.exe
        7⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57927.exe
        6⤵
        
        PID:9424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34976.exe
        6⤵
        
        PID:14484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35701.exe
        6⤵
        
        PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9007.exe
        5⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
        6⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50606.exe
        6⤵
        
        PID:10456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31362.exe
        6⤵
        
        PID:13652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37768.exe
        6⤵
        
        PID:15432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2208.exe
        5⤵
        
        PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1161.exe
        5⤵
        
        PID:10360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36730.exe
        5⤵
        
        PID:13620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-315.exe
        5⤵
        
        PID:6852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39516.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exe
        5⤵
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5022.exe
        6⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
        6⤵
        
        PID:11376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51757.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24416.exe
        6⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1570.exe
        5⤵
        
        PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8727.exe
        5⤵
        
        PID:11436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48957.exe
        5⤵
        
        PID:13800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57440.exe
        5⤵
        
        PID:15488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57173.exe
        5⤵
        
        PID:9440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
      4⤵
      PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24675.exe
        5⤵
        
        PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32628.exe
        5⤵
        
        PID:11348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47316.exe
        5⤵
        
        PID:15624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39165.exe
        5⤵
        
        PID:15732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48467.exe
        5⤵
        
        PID:9568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23521.exe
      4⤵
      PID:7768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30119.exe
        5⤵
        
        PID:13704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
        5⤵
        
        PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5470.exe
      4⤵
      PID:10036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10084.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20385.exe
      4⤵
      PID:9828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21565.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63927.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49319.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23637.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52007.exe
        8⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50933.exe
        9⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22514.exe
        9⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19905.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:14120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-452.exe
        9⤵
        
        PID:15836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5193.exe
        8⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38069.exe
        9⤵
        
        PID:15168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7740.exe
        8⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37804.exe
        8⤵
        
        PID:15180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32138.exe
        8⤵
        
        PID:16660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38171.exe
        7⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55017.exe
        8⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9786.exe
        9⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26947.exe
        9⤵
        
        PID:14476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        9⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
        8⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9791.exe
        8⤵
        
        PID:15088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8620.exe
        8⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13605.exe
        7⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31084.exe
        7⤵
        
        PID:15204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31939.exe
        7⤵
        
        PID:10224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55686.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58385.exe
        7⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
        8⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34077.exe
        8⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1047.exe
        8⤵
        
        PID:14984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4598.exe
        8⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5577.exe
        7⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45457.exe
        7⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8421.exe
        7⤵
        
        PID:13908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8438.exe
        7⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19687.exe
        7⤵
        
        PID:16648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46993.exe
        6⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17275.exe
        7⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        7⤵
        
        PID:11656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        7⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20332.exe
        7⤵
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7435.exe
        6⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34872.exe
        6⤵
        
        PID:11412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32421.exe
        6⤵
        
        PID:14012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22362.exe
        6⤵
        
        PID:9548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4757.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52993.exe
        6⤵
        Executes dropped EXE
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63045.exe
        7⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        8⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
        8⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16491.exe
        8⤵
        
        PID:13808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10647.exe
        7⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60641.exe
        7⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37036.exe
        7⤵
        
        PID:13284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54254.exe
        6⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40923.exe
        7⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8536 -s 464
        8⤵
        Program crash
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26973.exe
        7⤵
        
        PID:13964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46869.exe
        7⤵
        
        PID:16124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
        6⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15297.exe
        6⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26590.exe
        6⤵
        
        PID:16252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20927.exe
        6⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        5⤵
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42433.exe
        6⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63569.exe
        7⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24539.exe
        7⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20560.exe
        7⤵
        
        PID:16200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12759.exe
        7⤵
        
        PID:15712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
        6⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
        6⤵
        
        PID:11972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14451.exe
        6⤵
        
        PID:15376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9772.exe
        6⤵
        
        PID:9384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22900.exe
        5⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13190.exe
        6⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
        7⤵
        
        PID:14124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48832.exe
        7⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        6⤵
        
        PID:11544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        6⤵
        
        PID:15524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58651.exe
        6⤵
        
        PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17052.exe
        5⤵
        
        PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9977.exe
        5⤵
        
        PID:12428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18760.exe
        5⤵
        
        PID:15500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50032.exe
        5⤵
        
        PID:16712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26355.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29283.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:628
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 608
        6⤵
        Program crash
        
        PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22629.exe
        5⤵
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44955.exe
        6⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64337.exe
        7⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17893.exe
        8⤵
        
        PID:13164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48328.exe
        8⤵
        
        PID:16360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25680.exe
        8⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        7⤵
        
        PID:11724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        7⤵
        
        PID:13780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17285.exe
        7⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50196.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32672.exe
        6⤵
        
        PID:9572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62152.exe
        6⤵
        
        PID:1248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55353.exe
        5⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29527.exe
        6⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        6⤵
        
        PID:11640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        6⤵
        
        PID:13712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27540.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        5⤵
        
        PID:9132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26512.exe
        5⤵
        
        PID:12440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38451.exe
        5⤵
        
        PID:15920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39695.exe
        5⤵
        
        PID:15420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19114.exe
        5⤵
        
        PID:6908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-402.exe
      4⤵
      Executes dropped EXE
      PID:556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49293.exe
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19875.exe
        6⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17275.exe
        7⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        7⤵
        
        PID:11648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        7⤵
        
        PID:15684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24416.exe
        7⤵
        
        PID:15788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47263.exe
        6⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
        6⤵
        
        PID:13272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59263.exe
        6⤵
        
        PID:16380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21311.exe
        6⤵
        
        PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38301.exe
        5⤵
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        6⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55396.exe
        6⤵
        
        PID:13240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7233.exe
        6⤵
        
        PID:15656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9328.exe
        5⤵
        
        PID:8476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12173.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2837.exe
        5⤵
        
        PID:6324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30938.exe
      4⤵
      PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
        5⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5022.exe
        6⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
        6⤵
        
        PID:11584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        6⤵
        
        PID:15296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42366.exe
        6⤵
        
        PID:16068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35089.exe
        5⤵
        
        PID:8072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23630.exe
        5⤵
        
        PID:12880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
        5⤵
        
        PID:15516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32131.exe
        5⤵
        
        PID:9528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48443.exe
      4⤵
      PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        5⤵
        
        PID:11124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39687.exe
        5⤵
        
        PID:15552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
      4⤵
      PID:9844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4998.exe
      4⤵
      PID:12132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16846.exe
      4⤵
      PID:5976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36417.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36417.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55759.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48909.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42241.exe
        7⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5816.exe
        8⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29221.exe
        9⤵
        
        PID:12388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60580.exe
        9⤵
        
        PID:16300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
        9⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12208.exe
        8⤵
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47316.exe
        8⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18734.exe
        8⤵
        
        PID:13036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5577.exe
        7⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45457.exe
        7⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8421.exe
        7⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26964.exe
        7⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34819.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15136.exe
        7⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56226.exe
        7⤵
        
        PID:11936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8586.exe
        7⤵
        
        PID:15396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14302.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
        6⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49641.exe
        7⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58442.exe
        7⤵
        
        PID:15908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43538.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        6⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57622.exe
        6⤵
        
        PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49272.exe
        5⤵
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15791.exe
        6⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
        7⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46097.exe
        8⤵
        
        PID:12904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44539.exe
        8⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        7⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22976.exe
        7⤵
        
        PID:15732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16248.exe
        7⤵
        
        PID:15636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38599.exe
        6⤵
        
        PID:9672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27403.exe
        6⤵
        
        PID:14040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23986.exe
        6⤵
        
        PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2452.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33419.exe
        6⤵
        
        PID:8196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19930.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36886.exe
        6⤵
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19495.exe
        5⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9724.exe
        6⤵
        
        PID:13260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55037.exe
        6⤵
        
        PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65407.exe
        5⤵
        
        PID:12404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18792.exe
        5⤵
        
        PID:16200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-673.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44187.exe
        6⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5816.exe
        7⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54327.exe
        8⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12208.exe
        7⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13875.exe
        7⤵
        
        PID:15100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
        7⤵
        
        PID:15576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5577.exe
        6⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44317.exe
        7⤵
        
        PID:13764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40855.exe
        7⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45457.exe
        6⤵
        
        PID:11696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8421.exe
        6⤵
        
        PID:14272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54690.exe
        6⤵
        
        PID:9824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53294.exe
        5⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56963.exe
        6⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22514.exe
        6⤵
        
        PID:11172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19905.exe
        6⤵
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35070.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60153.exe
        5⤵
        
        PID:7632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51322.exe
        5⤵
        
        PID:11712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
        5⤵
        
        PID:15692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22629.exe
        5⤵
        
        PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63007.exe
      4⤵
      PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63237.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25651.exe
        7⤵
        
        PID:13068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11945.exe
        7⤵
        
        PID:15532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58966.exe
        6⤵
        
        PID:10500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41477.exe
        6⤵
        
        PID:13792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50212.exe
        6⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29121.exe
        5⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53575.exe
        6⤵
        
        PID:8528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7740.exe
        5⤵
        
        PID:9632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47918.exe
        5⤵
        
        PID:15216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60343.exe
        5⤵
        
        PID:7704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2863.exe
      4⤵
      PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5022.exe
        5⤵
        
        PID:8032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6195.exe
        6⤵
        
        PID:11444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7041.exe
        6⤵
        
        PID:16160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
        5⤵
        
        PID:11632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        5⤵
        
        PID:14700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53607.exe
        5⤵
        
        PID:4140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
      4⤵
      PID:7476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
      4⤵
      PID:12780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59409.exe
      4⤵
      PID:16128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27482.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27482.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12370.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5738.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5100.exe
        6⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5816.exe
        7⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12208.exe
        7⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9791.exe
        7⤵
        
        PID:15072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43431.exe
        7⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13553.exe
        6⤵
        
        PID:7192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45457.exe
        6⤵
        
        PID:11688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8421.exe
        6⤵
        
        PID:13616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39165.exe
        6⤵
        
        PID:15824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26895.exe
        6⤵
        
        PID:16164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33257.exe
        5⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35557.exe
        6⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23871.exe
        7⤵
        
        PID:14948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        6⤵
        
        PID:11504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        6⤵
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48153.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35230.exe
        5⤵
        
        PID:9200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54847.exe
        5⤵
        
        PID:13020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40323.exe
        5⤵
        
        PID:15176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49272.exe
      4⤵
      PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36547.exe
        5⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe
        6⤵
        
        PID:12892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-418.exe
        6⤵
        
        PID:15752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55143.exe
        6⤵
        
        PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
        5⤵
        
        PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60476.exe
        5⤵
        
        PID:10280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15734.exe
        5⤵
        
        PID:13420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18727.exe
        5⤵
        
        PID:8700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17034.exe
      4⤵
      PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11052.exe
        5⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1120.exe
        6⤵
        
        PID:14072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56226.exe
        5⤵
        
        PID:12204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21030.exe
        5⤵
        
        PID:15244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37960.exe
        5⤵
        
        PID:16024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57020.exe
      4⤵
      PID:9208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe
      4⤵
      PID:12804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
      4⤵
      PID:5936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36112.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
      4⤵
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21437.exe
        5⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61841.exe
        6⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30207.exe
        7⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59812.exe
        7⤵
        
        PID:15576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60326.exe
        7⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        6⤵
        
        PID:10308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19905.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48667.exe
        6⤵
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18623.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18073.exe
        5⤵
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38651.exe
        5⤵
        
        PID:15720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22629.exe
        5⤵
        
        PID:15700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
        5⤵
        
        PID:760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-585.exe
      4⤵
      PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17275.exe
        5⤵
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
        5⤵
        
        PID:11616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        5⤵
        
        PID:15532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60343.exe
        5⤵
        
        PID:8728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7104.exe
      4⤵
      PID:10004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57362.exe
      4⤵
      PID:12412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27495.exe
      4⤵
      PID:15452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17029.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17029.exe
    3⤵
    PID:5016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55261.exe
      4⤵
      PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13190.exe
        5⤵
        
        PID:8048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
        5⤵
        
        PID:11608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        5⤵
        
        PID:15700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42507.exe
        5⤵
        
        PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
      4⤵
      PID:8768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38775.exe
        5⤵
        
        PID:15468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57576.exe
        5⤵
        
        PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
      4⤵
      PID:12668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47359.exe
      4⤵
      PID:15236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
      4⤵
      PID:16724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21370.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21370.exe
    3⤵
    PID:1308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59231.exe
      4⤵
      PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10776.exe
      4⤵
      PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37960.exe
      4⤵
      PID:16036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25792.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25792.exe
    3⤵
    PID:8012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42709.exe
    3⤵
    PID:13216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
    3⤵
    PID:15912
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30143.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30143.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6620.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6620.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60829.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29283.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 720
        7⤵
        Program crash
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34881.exe
        6⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3538.exe
        7⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24483.exe
        8⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50990.exe
        8⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31170.exe
        8⤵
        
        PID:13892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35727.exe
        7⤵
        
        PID:12252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26896.exe
        7⤵
        
        PID:15896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8438.exe
        7⤵
        
        PID:15580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60912.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
        6⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37777.exe
        7⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65022.exe
        7⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47515.exe
        7⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20263.exe
        6⤵
        
        PID:9024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51941.exe
        6⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29633.exe
        6⤵
        
        PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52204.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8068.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21987.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43974.exe
        8⤵
        
        PID:11996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8586.exe
        8⤵
        
        PID:15428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43431.exe
        8⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61130.exe
        7⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        7⤵
        
        PID:13140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42507.exe
        7⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
        6⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7560.exe
        7⤵
        
        PID:13640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26911.exe
        7⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59681.exe
        6⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55920.exe
        6⤵
        
        PID:13512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49523.exe
        6⤵
        
        PID:564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25072.exe
        5⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21987.exe
        6⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13538.exe
        7⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8396.exe
        8⤵
        
        PID:16404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        7⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21030.exe
        7⤵
        
        PID:15448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8682.exe
        7⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39365.exe
        6⤵
        
        PID:7628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3594.exe
        6⤵
        
        PID:13200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63913.exe
        6⤵
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22874.exe
        5⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37777.exe
        6⤵
        
        PID:10300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39531.exe
        6⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57778.exe
        6⤵
        
        PID:8576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12148.exe
        5⤵
        
        PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2515.exe
        5⤵
        
        PID:13784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26701.exe
        5⤵
        
        PID:8452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1659.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6532.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8068.exe
        6⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10720.exe
        7⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        8⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59480.exe
        8⤵
        
        PID:13292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45552.exe
        8⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44218.exe
        7⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28557.exe
        8⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        7⤵
        
        PID:13120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12164.exe
        7⤵
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56174.exe
        6⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37777.exe
        7⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20560.exe
        7⤵
        
        PID:16212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57622.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34024.exe
        6⤵
        
        PID:9808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57674.exe
        6⤵
        
        PID:13156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37462.exe
        6⤵
        
        PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59053.exe
        5⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32843.exe
        6⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29221.exe
        7⤵
        
        PID:12364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
        7⤵
        
        PID:15468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39844.exe
        7⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63626.exe
        6⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52359.exe
        6⤵
        
        PID:14328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52096.exe
        6⤵
        
        PID:1132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49490.exe
        5⤵
        
        PID:8292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32350.exe
        5⤵
        
        PID:11980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54788.exe
        5⤵
        
        PID:15436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56446.exe
        5⤵
        
        PID:7500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37351.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8068.exe
        5⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2552.exe
        6⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
        7⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61129.exe
        7⤵
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48650.exe
        7⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-663.exe
        6⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        6⤵
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49305.exe
        6⤵
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8919.exe
        5⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        6⤵
        
        PID:9620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9790.exe
        6⤵
        
        PID:14112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62656.exe
        6⤵
        
        PID:13152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        5⤵
        
        PID:9468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
        5⤵
        
        PID:12424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39165.exe
        5⤵
        
        PID:15632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60912.exe
        5⤵
        
        PID:9516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14601.exe
      4⤵
      PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
        5⤵
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18583.exe
        6⤵
        
        PID:9128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
        6⤵
        
        PID:12800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50212.exe
        6⤵
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53730.exe
        5⤵
        
        PID:9912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44025.exe
        5⤵
        
        PID:12356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35630.exe
        5⤵
        
        PID:512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29558.exe
      4⤵
      PID:7220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50155.exe
        5⤵
        
        PID:12660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26911.exe
        5⤵
        
        PID:6936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34699.exe
      4⤵
      PID:10236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26571.exe
      4⤵
      PID:14288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
      4⤵
      PID:3420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32795.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32795.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15302.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31229.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15853.exe
        6⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20451.exe
        7⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54955.exe
        8⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe
        8⤵
        
        PID:12872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63913.exe
        8⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53372.exe
        7⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37673.exe
        7⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26896.exe
        7⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3299.exe
        6⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25443.exe
        7⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25137.exe
        8⤵
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46382.exe
        8⤵
        
        PID:16268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe
        8⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        7⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        7⤵
        
        PID:15340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
        7⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
        6⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60591.exe
        7⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35178.exe
        6⤵
        
        PID:12448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48957.exe
        6⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22629.exe
        6⤵
        
        PID:15704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43961.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29427.exe
        5⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36547.exe
        6⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62739.exe
        7⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        7⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21030.exe
        7⤵
        
        PID:15128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        7⤵
        
        PID:8516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59707.exe
        6⤵
        
        PID:8572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9459.exe
        6⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20927.exe
        6⤵
        
        PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14896.exe
        5⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36071.exe
        6⤵
        
        PID:9876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59070.exe
        6⤵
        
        PID:11456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39687.exe
        6⤵
        
        PID:15508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42438.exe
        5⤵
        
        PID:8268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48049.exe
        5⤵
        
        PID:13132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37993.exe
        5⤵
        
        PID:16188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17969.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6314.exe
        5⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6828.exe
        6⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48001.exe
        7⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-954.exe
        8⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52978.exe
        8⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
        7⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        7⤵
        
        PID:14104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4344.exe
        7⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47726.exe
        6⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48327.exe
        6⤵
        
        PID:12788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57622.exe
        6⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32131.exe
        6⤵
        
        PID:448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35277.exe
        6⤵
        
        PID:9756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26781.exe
        6⤵
        
        PID:14092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
        6⤵
        
        PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
        5⤵
        
        PID:9340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63320.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51846.exe
        5⤵
        
        PID:8000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61026.exe
      4⤵
      PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17275.exe
        5⤵
        
        PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
        5⤵
        
        PID:11576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        5⤵
        
        PID:15660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
        5⤵
        
        PID:7972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64307.exe
      4⤵
      PID:8820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18337.exe
      4⤵
      PID:11356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49487.exe
      4⤵
      PID:15492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51594.exe
      4⤵
      PID:8784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18785.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18375.exe
        5⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2552.exe
        6⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
        7⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30097.exe
        7⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62821.exe
        7⤵
        
        PID:15620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        6⤵
        
        PID:10096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39584.exe
        6⤵
        
        PID:13324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37462.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43729.exe
        5⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19983.exe
        6⤵
        
        PID:13340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        6⤵
        
        PID:16052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23910.exe
        5⤵
        
        PID:9724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4389.exe
        5⤵
        
        PID:12996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9258.exe
        5⤵
        
        PID:6396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62484.exe
      4⤵
      PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
        5⤵
        
        PID:452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47311.exe
        6⤵
        
        PID:12144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
        6⤵
        
        PID:15484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
        6⤵
        
        PID:15692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
        6⤵
        
        PID:10208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        5⤵
        
        PID:9272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19905.exe
        5⤵
        
        PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11910.exe
        5⤵
        
        PID:9308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32358.exe
      4⤵
      PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27597.exe
        5⤵
        
        PID:13400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34503.exe
        5⤵
        
        PID:15052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25090.exe
      4⤵
      PID:10156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6573.exe
      4⤵
      PID:14968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31709.exe
      4⤵
      PID:8632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39516.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39516.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58229.exe
      4⤵
      PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55017.exe
        5⤵
        
        PID:6952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50606.exe
        5⤵
        
        PID:8852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28840.exe
        5⤵
        
        PID:13256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27462.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-533.exe
      4⤵
      PID:7648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
        5⤵
        
        PID:13844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60833.exe
      4⤵
      PID:10368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
      4⤵
      PID:1144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
      4⤵
      PID:15044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34908.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34908.exe
    3⤵
    PID:6040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26237.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22514.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19905.exe
      4⤵
      PID:12436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47515.exe
      4⤵
      PID:15688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
    3⤵
    PID:7836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32113.exe
    3⤵
    PID:10212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55776.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-490.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-490.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9682.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17415.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41125.exe
        6⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
        7⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31707.exe
        8⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21877.exe
        8⤵
        
        PID:16172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
        8⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19905.exe
        7⤵
        
        PID:13984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56067.exe
        7⤵
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45074.exe
        6⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
        6⤵
        
        PID:8800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23108.exe
        6⤵
        
        PID:14936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
        6⤵
        
        PID:16148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55161.exe
        5⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48001.exe
        6⤵
        
        PID:8056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
        6⤵
        
        PID:11624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        6⤵
        
        PID:15592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31048.exe
        6⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65459.exe
        5⤵
        
        PID:8904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50372.exe
        5⤵
        
        PID:12136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39212.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43455.exe
        5⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18095.exe
        6⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10196.exe
        7⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11134.exe
        7⤵
        
        PID:14468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65308.exe
        7⤵
        
        PID:9352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16013.exe
        6⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exe
        6⤵
        
        PID:12228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43877.exe
        6⤵
        
        PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34191.exe
        5⤵
        
        PID:6948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61639.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15950.exe
        6⤵
        
        PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57927.exe
        5⤵
        
        PID:9416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46574.exe
        5⤵
        
        PID:13976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31178.exe
        5⤵
        
        PID:6188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
      4⤵
      PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24893.exe
        5⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51779.exe
        6⤵
        
        PID:12336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
        6⤵
        
        PID:15744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64732.exe
        6⤵
        
        PID:16116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        5⤵
        
        PID:10740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40326.exe
        5⤵
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11910.exe
        5⤵
        
        PID:9592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
      4⤵
      PID:7240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20669.exe
        5⤵
        
        PID:12120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
        5⤵
        
        PID:15404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46231.exe
        5⤵
        
        PID:8908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61541.exe
      4⤵
      PID:9036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
      4⤵
      PID:14296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13042.exe
      4⤵
      PID:8868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42997.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42997.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32189.exe
      4⤵
      PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5100.exe
        5⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        6⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-160.exe
        7⤵
        
        PID:13040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        6⤵
        
        PID:10336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19905.exe
        6⤵
        
        PID:14220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33700.exe
        6⤵
        
        PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14731.exe
        5⤵
        
        PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58695.exe
        5⤵
        
        PID:10676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe
        5⤵
        
        PID:13748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11910.exe
        5⤵
        
        PID:9832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50283.exe
      4⤵
      PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        5⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
        5⤵
        
        PID:12816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37960.exe
        5⤵
        
        PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55458.exe
      4⤵
      PID:6876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3508.exe
      4⤵
      PID:13228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42269.exe
      4⤵
      PID:7700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15587.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15587.exe
    3⤵
    PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51177.exe
      4⤵
      PID:6180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25443.exe
        5⤵
        
        PID:7428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        5⤵
        
        PID:11524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        5⤵
        
        PID:15544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
        5⤵
        
        PID:7788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2722.exe
      4⤵
      PID:9140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63512.exe
      4⤵
      PID:13044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27341.exe
      4⤵
      PID:15684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14234.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14234.exe
    3⤵
    PID:6892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60767.exe
      4⤵
      PID:9692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50326.exe
      4⤵
      PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28010.exe
      4⤵
      PID:16048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38425.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38425.exe
    3⤵
    PID:8660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1324.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1324.exe
    3⤵
    PID:13180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60712.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60712.exe
    3⤵
    PID:852
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40144.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40144.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64311.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64311.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10616.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        5⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2552.exe
        6⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56875.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54794.exe
        7⤵
        
        PID:13236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28010.exe
        7⤵
        
        PID:15916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35857.exe
        6⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        6⤵
        
        PID:13060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56129.exe
        6⤵
        
        PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49376.exe
        5⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46159.exe
        6⤵
        
        PID:11044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        6⤵
        
        PID:14324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        6⤵
        
        PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54253.exe
        5⤵
        
        PID:9392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe
        5⤵
        
        PID:11452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        5⤵
        
        PID:6512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60538.exe
      4⤵
      PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
        5⤵
        
        PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44192.exe
        5⤵
        
        PID:9836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        5⤵
        
        PID:14188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55988.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58809.exe
      4⤵
      PID:7196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25090.exe
      4⤵
      PID:10180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
      4⤵
      PID:14316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31617.exe
      4⤵
      PID:4616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8352.exe
    3⤵
    PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44929.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24779.exe
        5⤵
        
        PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40901.exe
        5⤵
        
        PID:13396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16361.exe
        5⤵
        
        PID:7760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16013.exe
      4⤵
      PID:9224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exe
      4⤵
      PID:12272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16850.exe
      4⤵
      PID:8924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45816.exe
    3⤵
    PID:6384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6512.exe
      4⤵
      PID:8460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55127.exe
    3⤵
    PID:9408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21373.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21373.exe
    3⤵
    PID:13940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31709.exe
    3⤵
    PID:7100
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16486.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16486.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46003.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46003.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9028.exe
      4⤵
      PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        5⤵
        
        PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60414.exe
        5⤵
        
        PID:12548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54329.exe
        5⤵
        
        PID:13732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10149.exe
      4⤵
      PID:9076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15184.exe
      4⤵
      PID:11968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29633.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26111.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26111.exe
    3⤵
    PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24675.exe
      4⤵
      PID:7480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29221.exe
        5⤵
        
        PID:12516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
        5⤵
        
        PID:15412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46231.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
      4⤵
      PID:10352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54497.exe
      4⤵
      PID:15076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
      4⤵
      PID:2636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14268.exe
    3⤵
    PID:7620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35895.exe
      4⤵
      PID:6428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13605.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13605.exe
    3⤵
    PID:9488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51697.exe
    3⤵
    PID:15064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25395.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25395.exe
    3⤵
    PID:16344
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12177.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12177.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19335.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19335.exe
    3⤵
    PID:5852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5816.exe
      4⤵
      PID:6608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36215.exe
      4⤵
      PID:9324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1047.exe
      4⤵
      PID:15028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11910.exe
      4⤵
      PID:9312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23283.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23283.exe
    3⤵
    PID:7456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
    3⤵
    PID:10316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
    3⤵
    PID:13700
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 13700 -s 464
      4⤵
      Program crash
      PID:15616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
    3⤵
    PID:3152
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35439.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35439.exe
  2⤵
  PID:6048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65131.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65131.exe
    3⤵
    PID:7108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
    3⤵
    PID:10052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37009.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37009.exe
    3⤵
    PID:14252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35630.exe
    3⤵
    PID:3464
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60664.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60664.exe
  2⤵
  PID:7852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7264.exe
    3⤵
    PID:10968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58276.exe
    3⤵
    PID:14364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40455.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40455.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7936
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
  2⤵
  PID:5588
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9525.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9525.exe
  2⤵
  PID:14260
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64140.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64140.exe
  2⤵
  PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 628 -ip 628
1⤵
PID:1860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4420 -ip 4420
1⤵
PID:4224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 8536 -ip 8536
1⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 13700 -ip 13700
1⤵
PID:1320

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11218.exe

Filesize
468KB

MD5
55195d130c5faa6488c80a7060839e41

SHA1
222a5d95dd99a29aede36f3c8083569edeb1fd59

SHA256
5fd058e47f7f7bcbd6d1400036288f1540da2a87d401ddaeb498ddf806913999

SHA512
4c80947e12f446f81fda438469bd960f9a5ac10de4afcc68424e4002bca4c3930c4393e31c7f313b9d9b9b4da509f14f3affc3018ebfcb3082151c00060d7848

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13766.exe

Filesize
468KB

MD5
e755d307be4c7aaeb607280ed3f8e357

SHA1
e9b55ce83ec99c2b53818fa46f936eebbb095175

SHA256
6f4af08bd4276f14033cc3a4476f51d7c85281557134aa81715e2e6d6dfcace1

SHA512
a023c6bdd4945ce03e93e4947ecacdb5fb1524668bc698ff3116696c30e77fa03ad61c620497824c7226fa74911496093fad0e9d491675e5ed28b6cbaf4cc202

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15302.exe

Filesize
468KB

MD5
3b8c1bf30d0aee80652898dff4968853

SHA1
96ba370f9df0754ab057a943d78cfc75d6afab5f

SHA256
9a4a9d1c01cf29370dc4f77dd0406cfa930318520f2273a4609e3bb4aa37c801

SHA512
0adf983e9425453b77b941dfeb99b8c732db064dfddb24dc5243dfaba8576025e2416f6661ab1effedefdf12f1bc4a4b41c32e526c5b0afdec890195c2f78029

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16486.exe

Filesize
468KB

MD5
28ffe5b9b8c7e0b69c61af1a526706f0

SHA1
b48a4e753c31491ff31d75eb6338f0c9e3340414

SHA256
b655a333726a33a8e3ba0bf18196c36161174014582d9292bdd76f0b7c71b90a

SHA512
57e108bd7b78823e595558d8d47e5f2504903c5e1a20a31169cb6124e35d93879e0c0882dc70348395be62eb4bdf123c7ec60c46463a9256d4acc9a92a25bb1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1659.exe

Filesize
468KB

MD5
b603a7b7a4a8620d26da2f7340ad72b8

SHA1
f687ee6cae3389c9db12c92ed0f0140cd94f232f

SHA256
8031c4666a64aa5ed7bdd763a6df5a23ad7dd047c77f0f9ea09435d90b99da5b

SHA512
2233b417ea9795980168e2489ace840ee7fd58c0536f5623fa560690db6887a87fc55aba2fad7d61ab23872c60f68f36eb830fa1e4c9fa30c495d0d937cc926e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21565.exe

Filesize
468KB

MD5
f06cf5ca1a38e61cb9fd3436053e085b

SHA1
4c03cf2292a0a28fdeca03e25d9dfe03d3b057d5

SHA256
233a95c060195ce39a23aa58f34c0970f2dfb76f8f5f4ee116526ebcf7ef88bd

SHA512
51bd2445132839d016b630ce6da50a8f1f49f16859c95e1da86d1e84031da61ef616c13f7a6e532abc83954fee52c92e4e13c1751afcbbe0e0715aecad38471a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25417.exe

Filesize
468KB

MD5
7d00cffa1501a50b7c010edc06fb9a59

SHA1
d8237849fd32ac752fcf622db782082048d572f9

SHA256
830425da173aa69683b23eede6991a72a0729e538aa0100542a17762bd9113f7

SHA512
d88418dc3c83e3a3109573a04dddbd0912bfb537974e39d89c85dfcf70a654a3ccac46af6f1aca5ba6ddecf81bdef82c04a42f4c2ac665f5de3c2e41f6df6b76

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26355.exe

Filesize
468KB

MD5
3ba5b9bdbce720b50b34d8943a600f25

SHA1
b5339e8b6a6c47a904e0f3b8ed868846178dc65e

SHA256
ff4a08e24ba4879a2a57a47cc9444abe6afb8a039abf77b51f75858cf793c47d

SHA512
cf8b348d309a56f3602fd34fface19df377a0254ba8ff38272e2bd3c1f2efebc8556baf090c90883792241f40bd56cb0c77eb3327b4f2580a74862621e404ca8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26895.exe

Filesize
468KB

MD5
ef1f8863fa389c5e7b883d9d8e234e96

SHA1
d67b45baf344a8e39adbf6df2991286b36177412

SHA256
6e2c1c5508d8b604bc572491e04fc9b318f3bc3e8f9ba3f44917ac0281ad2366

SHA512
1ac8eee6ba7af9d5e5484f5ecb825cc766f10ff849a006c4409848d43acdd2e0b5ffd1f044a0dc70666dc8ba899c783ff9793114bf0f291ceff21f5525c4224b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27482.exe

Filesize
468KB

MD5
29f787bbdeca3c43c2f82049b04eb028

SHA1
641e9e6560ab0be003104fe21e2cfbe5c7c62def

SHA256
6caff2bf9c1b937834930cb255b642ee5744205f12c36d876c334ea3c3cd1287

SHA512
241817728bab68cb6cf31980490f83996c3413612c1fb7c8b7ae888d8d73b9ff2392e9acca0412b101c047a7751d368844cf8734d33e33c6d2c35d752ff3664f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28109.exe

Filesize
468KB

MD5
113c8db4254369f9c1f3ff9d6a3279e9

SHA1
6254f228da5780ed9fb577793ffaaf5ea772a629

SHA256
6a82c68be891fc8c48e9faa10fcc1bc94728f841660726f2e6f654668c5672d5

SHA512
85803b2414ef59b3ca670e63438f2f9204dfb2dad1b69d00bfba8bea071b7c9647f2e0ccc6be018c82c03e4ff04ad2ef306ebd5a27a8ed9af6b4e595d26c87c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30143.exe

Filesize
468KB

MD5
bf872f7123fa01add51765695d819f19

SHA1
a551c22d66bacd03fec764f8446617e9045ca3b9

SHA256
1d86db15b051121ba3d038c1333dc35664a288a27035c17a52a8538ff33321ab

SHA512
d3c1dc2f1980bd277d44d6f9996c487121e461a340908144eb2814d2bf11ddb7f6cb539ed560c67e3ef3adde07f711cad3ed1c6d77de99833de847d7c2ebaa3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32795.exe

Filesize
468KB

MD5
465b7789359f0f8b24d13339769529a1

SHA1
20ef0b66ab54e956f0b28e1a8d6dd2401394ff44

SHA256
8d893e11afbe037add87df83542d621ffaab390d619a764f5066091044aebd1c

SHA512
d4d5b8ad0ba72421aac47964b2ea32f1ccfee0a9579be713187cb9592ed2865e83523643dc2c564fde7c220d1548171aff3ddcbba7f879038206768562deba09

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36417.exe

Filesize
468KB

MD5
757e3d58d07b510b95b4dc33cff0bf40

SHA1
38368c212d021941ce79741e8bb3ba4271a95336

SHA256
628d2f85cf73c7f285601049b7bea381ad60ea74c2920c3994598fbfeb8b2657

SHA512
adc7802c1ff7833eb6b70f497b9524d6782622d157f3e7e6672428d962125f6a084fc762888965765e9677c1a72f2f64e414a8903430c790fd769aa9751de42f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe

Filesize
468KB

MD5
e0f6d78e663e5acda6bb7914a9fc7fad

SHA1
ef2fc7f533d3ce4e988ca2ffa909bb8dafc796cd

SHA256
e315039b3b8c27d91e631930c2f6720b48ed70d09799f3bde4a80e472e9700eb

SHA512
ceebe80dcdbefb1866dce45db051aae282018ce5633c3c4d5b41d38d54c0923ad71401a5fa1c4ae155424b4cf0a3e88dac504ae28be7adb0eb57b7d04a7449a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40144.exe

Filesize
468KB

MD5
34f5d40f95ec34a471ce63b3922a09bb

SHA1
a1c401cb5e7d1dd3dcb1b2e63e53061b16cc14e3

SHA256
8ef4969a56b3b1903d0d60882b85b33fcd90a7ec9034f3b74beaf5105fce499e

SHA512
c2a5bb9679265f87c624be795d67abe0a7beedc561aee1bdcbbc34a52d92fb45fbadfbdbb9817ad5199a36506dbc42a2c44aff9a6b8d3cc96be8baeb35df52c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42635.exe

Filesize
468KB

MD5
2cfa93b098835c160a8c40888e444fc8

SHA1
b2583e43fadc0fde64e1edd298db02a7afdc6748

SHA256
ade6db1e5a4558fffe0123032b473178cf1e7dfc35335b7fe6b74e25d08b53ed

SHA512
e09cb285944a209f787c2a646e4059a5e1abbfbb6ae6fe9a8624c50fb179ebb9bb37a5dd0278d3e1f2111b64cf585dd858545c03f7a587a5a35daa72f1ff7ee5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45515.exe

Filesize
468KB

MD5
82e98b193d56c6f239db2e2986b7038a

SHA1
5b686afa53457e2aab852eaa084ffcc2bafe6709

SHA256
2db0e6602f2413c2504a4c3de4aaf2dc77d16e67f62dcf40920198c7ad7e8d26

SHA512
d8542929cb0edc5cf9f2d26f2d6560915567e92a32d5bdb81fbbaab0ee336b3758a04ad263b91d65c148b7a3531d23ac3b2eae00434814e0b2784b6daf91f7ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe

Filesize
468KB

MD5
2d327afe51c7bd854aaaba0519e09bcb

SHA1
3968acd7a4250f238dd301d8614e39966a3d8c8b

SHA256
259acdba117742af1e56a5011487bcf1581a00c09e769490cbcedf7f60151a41

SHA512
e9719d0e0b57a1f10fa9fae1234582a9de8f289b9cb9992e015a961a01e1d69b992ab68226f2e453b5c933fda8a639cffd211ba15e2d2348fb1eefe081df0a91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-490.exe

Filesize
468KB

MD5
74f79a372a430bc658ce9454ef6b7a80

SHA1
05e271fd8b7317e035b23f99279563b80173b0e6

SHA256
1d3fcec7dddf34946d8d73cf969be586d47a8f237cecdf7d7bb0d4823d1e362e

SHA512
3f3876534339848102f2a0dd2f8adee2834a58a4e09788aef9eca83febce60f3042a0b621f3092d7f5affe0fe39cbaf4b7dfb7ee5cff27437b006f6afe2b9d2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49319.exe

Filesize
468KB

MD5
5f7d8709d716ce328cb63618ce6ceae4

SHA1
faaa05dbd129dd08f29a3586aedcae953031bf5f

SHA256
571afcdf7f7d0c3e5a9e13647fa5b38c435b80661652a9e57b3b8bf9754aa7aa

SHA512
ff86be54f768f5931af2c2363ba4a501d35b7db9161d4c78dc7697e6216c6f130e2855fc55d0ddb88907b9adc6c3ab903e6e6b972f3b316908a1c0bfb031c4ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe

Filesize
468KB

MD5
d040ab91db87de244910b1e4ef319757

SHA1
82a31a0aabca516c41cff577dd0136678f0addf9

SHA256
af30ac899bf6bbe8ee4325ea0d9101f7adb0c7da9b56ff38b3ce1ebd6ddcd712

SHA512
bce6bd48ccbf2fec93987f4744336bc0ccbc1054f96abd18cf7fe1bd379719244c693b264f7d78c37e0fc50afc244c236700e0d921ab2074e84a688fbaa385ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54093.exe

Filesize
468KB

MD5
a3f744f7dabb342525901153a190db13

SHA1
ba9acaa6c4e8852246cf077bf290bb902547cf64

SHA256
9addffe02af84a0649b038df2dc0bbd714324106146b64601ce7786972b6849b

SHA512
2b6c398d86e1e58773a3e0f007b875596009eee9a6fde9074bfa504bcaad4a4cc8a5c63bad149abcdd7c5888f552ff00f0012302c041786fb890b4c157920f84

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55354.exe

Filesize
468KB

MD5
4c6e23113d8c87649d8dea006fca73c5

SHA1
ec5792720e97a5ab4d73d40c9dc5aa63c127b823

SHA256
ec4c0e3392b329ac8f296363e0336eb92be711850c728825c417d675f161694f

SHA512
dd3f2506c4a36116eca8670a920a834b6844d7078eed4ae24ad12947bedef497092f1bd410ed4026cd1b71c10e355867ef7dab50d686d937077a13a88b9bd60e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55759.exe

Filesize
468KB

MD5
54315d7a69d4e3f17ab08d92b7469324

SHA1
dfccd32614f4994f0e15ff5fae945b371186cbd1

SHA256
78f33e4c1074928dc6c6814bd8402434749203336b76398662bcfe6e40559724

SHA512
9a453c5308a297706029400ab89bd398e45be3cfb355dea2c60f081cc23f3659b9036734aba14ad5b42b6f6e13311b31296614785532cf5b9e7078bb0b85f46e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe

Filesize
468KB

MD5
ff5232f143bfaa23a10313f491e7c34d

SHA1
cda9c456eafcda37017abbf53bb4225343bf20ae

SHA256
0b417f793196260c5e6210b621d98b6dcce67f71e4453c9d56199515be33d5a9

SHA512
fc0fe2ac170176d14e8bd3a2ad763fbb23d99eb53b1fc8452c2a3c16e0643a99bde9bdc9494ad89cb4566f0bec5ee0b61ec96746b9d4dfd52d3319897c8d8061

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe

Filesize
468KB

MD5
69f8dc62e06cf6bce87ab4ae2f9ffa33

SHA1
98163892434b5d5a0efb8c9b15d82176485468b9

SHA256
93784cbec3c58ffcf60ff5eece50a815029af6bfbaaffd7f04a1c10e812b4a49

SHA512
062adebef873973adbec9c37775c87cc0640158eb291ae0d5e1a51e21021de80234608bd00ace94f6ba28c3b63cc7deafe9069a08c6782ad9bc89c3a50df9790

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60829.exe

Filesize
468KB

MD5
d9d57ad6c072edfa3a73fc8f3b34cf10

SHA1
62271a99f46d50534c50f5883e63f7c55ab79a45

SHA256
3e11f7447c82c9eefbf6377bcb4f108ff6bf2c56895ca76576f9e60a70598835

SHA512
244cd7097aacbb66abf4c3e4dc90e83e60cb89ed7d5d1bdc772616f412c24987e938e2dca161c47694ac2a7255442464225c3f21dd348c3984b5255c5aebb9f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe

Filesize
468KB

MD5
322547d3726e9f2a136337009cb05d7f

SHA1
c60bc209b6d84973802ca340825b21aace242e07

SHA256
a6c5de82168bd9cfdd9c96cfefb54240c7bbf43b080bd4cd9d05054d97435839

SHA512
4d25e470211a7546e50eb22e996cbf005fab8377fb2919d4e602671790c284f7db92e608fda6230840e237c7130901630f30a562619fdd3ce5d474cafe364359

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63927.exe

Filesize
468KB

MD5
0c7eabeb3f7f16ad90933fb03c67c311

SHA1
83f1cf0c0929118d0e247ee059c9eaa5a7426099

SHA256
1e2807ddef16ce6d67f7c5d7aef7b4e4c9a4a37e08f4420beaaf2e54280196cf

SHA512
0cce4595c0895db549e7433ba7099b53876f70dd4c66c7cc3f5c5d7096d3c66eeb7a3917ee246898bc1b13f76f6262c9e96e3b951a961ce3419f34b4c948ab7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64311.exe

Filesize
468KB

MD5
6f9a37e813f32db7e9949615988a5f41

SHA1
a6f5b161e86caf5915c2cdd6f983d428f5eeaab6

SHA256
44aef00222ab78d3de33ea009c90b774e1690e640e9c8d3874165356db4b6d04

SHA512
b59f9586b8ce626f9e158037c78a007f167b43dc95d79759b7f5e7b4b6de5f2a0c682345395b3d2d8b36929c0021b3da144e5838b0b7d00a815e0e21027cb7c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6620.exe

Filesize
468KB

MD5
dc84f384df8045ca85440eb53d0278b4

SHA1
6f867539eceaa901cd67381c1431c183cc2d09de

SHA256
bb23173dee85b38b34467aaf20f82e1574d39eb4da9d4a10fdf1dce29c7b8a77

SHA512
c8567d894b181ae8bb755d4cfb037fbd43ed0b067d2100823c4a693038b3943feff0c50c4d5e4406624f86f1ab5a31ee87cdcb4852d6e62e2d23f17fd1860d78

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9682.exe

Filesize
468KB

MD5
ad5b2e2c8ecd3481aeb8759f20db8449

SHA1
18e6005b3511902d5f422e55a0754c32996a8066

SHA256
5a1806662e7ad25805e523953078a91d24f14719fd7627452d018be3d9080fab

SHA512
55e3da562a73a66c73cfca253d99474e4c032fcb57717da6265891171cb5c810a50f22e1cee402bdcf890fce833cb1b9c9767c6e8ed1c302302493315bddd6dc

Download Submit
memory/432-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/552-345-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/556-266-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/668-349-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/700-270-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/920-156-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1036-147-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1068-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1092-73-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1164-213-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1192-61-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1228-221-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1400-355-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1408-194-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1496-116-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1512-336-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1608-295-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1764-102-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1836-372-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2020-358-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2088-245-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2140-413-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2168-334-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2204-277-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2288-32-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2356-233-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2388-427-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2456-126-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2480-276-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2516-234-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2520-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2604-195-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2612-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2628-411-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2648-138-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2700-20-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2720-393-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2744-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3260-343-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3296-193-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3336-335-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3456-169-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3496-428-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3560-391-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3600-415-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3608-228-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3620-100-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3632-361-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3740-426-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3844-257-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3896-284-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3908-342-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3924-243-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3996-44-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4008-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4044-111-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4124-327-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4192-373-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4244-99-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4348-96-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4420-246-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4428-95-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4464-192-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4648-414-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4808-137-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4816-188-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4884-170-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4888-326-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4948-350-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4952-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5000-298-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5008-49-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5016-425-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5028-399-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5076-359-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5108-424-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5136-443-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5156-444-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5164-450-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5252-454-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5304-464-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5360-472-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5432-495-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5472-477-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5480-518-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5496-497-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5548-523-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5560-519-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5644-563-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5676-521-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5708-535-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5724-546-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5836-574-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5852-551-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5904-564-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5940-573-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15448-2614-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15672-2608-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads