00566e8302cfa6d8e437f1a39da3e11edd89ed7fbba158908ffb9d079881a522

Analysis

max time kernel
117s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15/09/2024, 06:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd1f8b8d580ca46966f2f2133fdb6f10N.exe
Size

184KB
MD5

fd1f8b8d580ca46966f2f2133fdb6f10
SHA1

a33c42efd0b03762bb2cd2faec628c52a4541a4a
SHA256

00566e8302cfa6d8e437f1a39da3e11edd89ed7fbba158908ffb9d079881a522
SHA512

c889095de7ef71bb6e9e383565499d288c8c9875c3dccdbd1555696469096892d80af329b340fabd517a20177f3b7b9853f3785df0c1f02d50e2d06c685a26bd
SSDEEP

3072:FkAq28onNiIV5QDZWiLn8sxCDDvnqnciuQ:FkjoXfQDD8sCDDPqnciu

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4420	Unicorn-11199.exe
2948	Unicorn-4095.exe
3728	Unicorn-48890.exe
1560	Unicorn-60883.exe
3180	Unicorn-55704.exe
1888	Unicorn-35838.exe
2484	Unicorn-48505.exe
2952	Unicorn-48408.exe
4012	Unicorn-27473.exe
2332	Unicorn-47147.exe
1268	Unicorn-25749.exe
3668	Unicorn-12014.exe
4564	Unicorn-6041.exe
1496	Unicorn-31889.exe
4296	Unicorn-31889.exe
4972	Unicorn-51864.exe
4436	Unicorn-23830.exe
5092	Unicorn-43696.exe
316	Unicorn-3824.exe
4480	Unicorn-9111.exe
4960	Unicorn-62951.exe
2792	Unicorn-17280.exe
2340	Unicorn-24571.exe
4892	Unicorn-7472.exe
3992	Unicorn-32474.exe
784	Unicorn-26608.exe
4068	Unicorn-61000.exe
5096	Unicorn-11607.exe
440	Unicorn-4408.exe
1400	Unicorn-2022.exe
2864	Unicorn-37347.exe
2968	Unicorn-5359.exe
3836	Unicorn-14103.exe
4092	Unicorn-13034.exe
2000	Unicorn-58514.exe
4872	Unicorn-12577.exe
4752	Unicorn-6712.exe
5056	Unicorn-17673.exe
5012	Unicorn-20051.exe
3940	Unicorn-59007.exe
1144	Unicorn-29480.exe
2140	Unicorn-29480.exe
3416	Unicorn-60506.exe
4920	Unicorn-20435.exe
3644	Unicorn-36771.exe
2896	Unicorn-16905.exe
2832	Unicorn-36771.exe
4396	Unicorn-47570.exe
2024	Unicorn-11135.exe
4360	Unicorn-12296.exe
2608	Unicorn-18161.exe
2644	Unicorn-43238.exe
4328	Unicorn-2593.exe
1792	Unicorn-13714.exe
3504	Unicorn-1825.exe
4104	Unicorn-21691.exe
1172	Unicorn-5079.exe
2628	Unicorn-5079.exe
3320	Unicorn-62448.exe
968	Unicorn-673.exe
2940	Unicorn-34990.exe
4460	Unicorn-54856.exe
4776	Unicorn-29283.exe
4904	Unicorn-9120.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
5288	4752	WerFault.exe	130
5976	4612	WerFault.exe	161
5952	1760	WerFault.exe	162
6052	3032	WerFault.exe	160
5548	5516	WerFault.exe	189
7900	6012	WerFault.exe	231

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6833.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40970.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12062.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48591.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4288.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47571.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16766.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27621.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29352.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55518.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29454.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-713.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27958.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45568.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15498.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43998.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32474.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-146.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6197.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30890.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20625.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65136.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47241.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63366.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5689.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30880.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65136.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63386.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59288.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35218.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64270.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27473.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-568.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-762.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56344.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42566.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56111.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39329.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7534.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46198.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	8936	Process not Found
Token: SeChangeNotifyPrivilege	8936	Process not Found
Token: 33	8936	Process not Found
Token: SeIncBasePriorityPrivilege	8936	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5076	fd1f8b8d580ca46966f2f2133fdb6f10N.exe
4420	Unicorn-11199.exe
2948	Unicorn-4095.exe
3728	Unicorn-48890.exe
1560	Unicorn-60883.exe
3180	Unicorn-55704.exe
2484	Unicorn-48505.exe
1888	Unicorn-35838.exe
2952	Unicorn-48408.exe
4012	Unicorn-27473.exe
2332	Unicorn-47147.exe
3668	Unicorn-12014.exe
4564	Unicorn-6041.exe
1268	Unicorn-25749.exe
4296	Unicorn-31889.exe
1496	Unicorn-31889.exe
4972	Unicorn-51864.exe
5092	Unicorn-43696.exe
4436	Unicorn-23830.exe
316	Unicorn-3824.exe
4480	Unicorn-9111.exe
2340	Unicorn-24571.exe
4892	Unicorn-7472.exe
2792	Unicorn-17280.exe
3992	Unicorn-32474.exe
4960	Unicorn-62951.exe
784	Unicorn-26608.exe
4068	Unicorn-61000.exe
5096	Unicorn-11607.exe
440	Unicorn-4408.exe
1400	Unicorn-2022.exe
2968	Unicorn-5359.exe
2864	Unicorn-37347.exe
3836	Unicorn-14103.exe
4092	Unicorn-13034.exe
2000	Unicorn-58514.exe
4752	Unicorn-6712.exe
4872	Unicorn-12577.exe
5056	Unicorn-17673.exe
5012	Unicorn-20051.exe
3940	Unicorn-59007.exe
1144	Unicorn-29480.exe
3416	Unicorn-60506.exe
2140	Unicorn-29480.exe
3644	Unicorn-36771.exe
2896	Unicorn-16905.exe
4396	Unicorn-47570.exe
2832	Unicorn-36771.exe
2644	Unicorn-43238.exe
4360	Unicorn-12296.exe
2608	Unicorn-18161.exe
2024	Unicorn-11135.exe
4920	Unicorn-20435.exe
4328	Unicorn-2593.exe
1792	Unicorn-13714.exe
3504	Unicorn-1825.exe
4104	Unicorn-21691.exe
3320	Unicorn-62448.exe
2628	Unicorn-5079.exe
1172	Unicorn-5079.exe
968	Unicorn-673.exe
2940	Unicorn-34990.exe
4776	Unicorn-29283.exe
4460	Unicorn-54856.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5076 wrote to memory of 4420	5076	fd1f8b8d580ca46966f2f2133fdb6f10N.exe	89
PID 5076 wrote to memory of 4420	5076	fd1f8b8d580ca46966f2f2133fdb6f10N.exe	89
PID 5076 wrote to memory of 4420	5076	fd1f8b8d580ca46966f2f2133fdb6f10N.exe	89
PID 4420 wrote to memory of 2948	4420	Unicorn-11199.exe	92
PID 4420 wrote to memory of 2948	4420	Unicorn-11199.exe	92
PID 4420 wrote to memory of 2948	4420	Unicorn-11199.exe	92
PID 5076 wrote to memory of 3728	5076	fd1f8b8d580ca46966f2f2133fdb6f10N.exe	93
PID 5076 wrote to memory of 3728	5076	fd1f8b8d580ca46966f2f2133fdb6f10N.exe	93
PID 5076 wrote to memory of 3728	5076	fd1f8b8d580ca46966f2f2133fdb6f10N.exe	93
PID 2948 wrote to memory of 1560	2948	Unicorn-4095.exe	95
PID 2948 wrote to memory of 1560	2948	Unicorn-4095.exe	95
PID 2948 wrote to memory of 1560	2948	Unicorn-4095.exe	95
PID 3728 wrote to memory of 3180	3728	Unicorn-48890.exe	96
PID 3728 wrote to memory of 3180	3728	Unicorn-48890.exe	96
PID 3728 wrote to memory of 3180	3728	Unicorn-48890.exe	96
PID 4420 wrote to memory of 1888	4420	Unicorn-11199.exe	97
PID 4420 wrote to memory of 1888	4420	Unicorn-11199.exe	97
PID 4420 wrote to memory of 1888	4420	Unicorn-11199.exe	97
PID 5076 wrote to memory of 2484	5076	fd1f8b8d580ca46966f2f2133fdb6f10N.exe	98
PID 5076 wrote to memory of 2484	5076	fd1f8b8d580ca46966f2f2133fdb6f10N.exe	98
PID 5076 wrote to memory of 2484	5076	fd1f8b8d580ca46966f2f2133fdb6f10N.exe	98
PID 1560 wrote to memory of 2952	1560	Unicorn-60883.exe	101
PID 1560 wrote to memory of 2952	1560	Unicorn-60883.exe	101
PID 1560 wrote to memory of 2952	1560	Unicorn-60883.exe	101
PID 2948 wrote to memory of 4012	2948	Unicorn-4095.exe	102
PID 2948 wrote to memory of 4012	2948	Unicorn-4095.exe	102
PID 2948 wrote to memory of 4012	2948	Unicorn-4095.exe	102
PID 1888 wrote to memory of 2332	1888	Unicorn-35838.exe	103
PID 1888 wrote to memory of 2332	1888	Unicorn-35838.exe	103
PID 1888 wrote to memory of 2332	1888	Unicorn-35838.exe	103
PID 4420 wrote to memory of 1268	4420	Unicorn-11199.exe	104
PID 4420 wrote to memory of 1268	4420	Unicorn-11199.exe	104
PID 4420 wrote to memory of 1268	4420	Unicorn-11199.exe	104
PID 3728 wrote to memory of 3668	3728	Unicorn-48890.exe	105
PID 3728 wrote to memory of 3668	3728	Unicorn-48890.exe	105
PID 3728 wrote to memory of 3668	3728	Unicorn-48890.exe	105
PID 5076 wrote to memory of 4564	5076	fd1f8b8d580ca46966f2f2133fdb6f10N.exe	106
PID 5076 wrote to memory of 4564	5076	fd1f8b8d580ca46966f2f2133fdb6f10N.exe	106
PID 5076 wrote to memory of 4564	5076	fd1f8b8d580ca46966f2f2133fdb6f10N.exe	106
PID 3180 wrote to memory of 4296	3180	Unicorn-55704.exe	107
PID 3180 wrote to memory of 4296	3180	Unicorn-55704.exe	107
PID 3180 wrote to memory of 4296	3180	Unicorn-55704.exe	107
PID 2484 wrote to memory of 1496	2484	Unicorn-48505.exe	108
PID 2484 wrote to memory of 1496	2484	Unicorn-48505.exe	108
PID 2484 wrote to memory of 1496	2484	Unicorn-48505.exe	108
PID 2952 wrote to memory of 4972	2952	Unicorn-48408.exe	109
PID 2952 wrote to memory of 4972	2952	Unicorn-48408.exe	109
PID 2952 wrote to memory of 4972	2952	Unicorn-48408.exe	109
PID 1560 wrote to memory of 4436	1560	Unicorn-60883.exe	110
PID 1560 wrote to memory of 4436	1560	Unicorn-60883.exe	110
PID 1560 wrote to memory of 4436	1560	Unicorn-60883.exe	110
PID 4012 wrote to memory of 5092	4012	Unicorn-27473.exe	111
PID 4012 wrote to memory of 5092	4012	Unicorn-27473.exe	111
PID 4012 wrote to memory of 5092	4012	Unicorn-27473.exe	111
PID 2948 wrote to memory of 316	2948	Unicorn-4095.exe	112
PID 2948 wrote to memory of 316	2948	Unicorn-4095.exe	112
PID 2948 wrote to memory of 316	2948	Unicorn-4095.exe	112
PID 2332 wrote to memory of 4480	2332	Unicorn-47147.exe	113
PID 2332 wrote to memory of 4480	2332	Unicorn-47147.exe	113
PID 2332 wrote to memory of 4480	2332	Unicorn-47147.exe	113
PID 1888 wrote to memory of 4960	1888	Unicorn-35838.exe	114
PID 1888 wrote to memory of 4960	1888	Unicorn-35838.exe	114
PID 1888 wrote to memory of 4960	1888	Unicorn-35838.exe	114
PID 1268 wrote to memory of 2792	1268	Unicorn-25749.exe	115

C:\Users\Admin\AppData\Local\Temp\fd1f8b8d580ca46966f2f2133fdb6f10N.exe
"C:\Users\Admin\AppData\Local\Temp\fd1f8b8d580ca46966f2f2133fdb6f10N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5076
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11199.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11199.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4095.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60883.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48408.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51864.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54856.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23715.exe
        9⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
        10⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39625.exe
        10⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-728.exe
        10⤵
        
        PID:14440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49863.exe
        10⤵
        
        PID:18176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47690.exe
        9⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62624.exe
        10⤵
        
        PID:15476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
        10⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13405.exe
        9⤵
        
        PID:11320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
        9⤵
        
        PID:15484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49478.exe
        9⤵
        
        PID:18360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44607.exe
        8⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
        9⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53051.exe
        10⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51663.exe
        10⤵
        
        PID:12724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53318.exe
        10⤵
        
        PID:16808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53422.exe
        10⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2542.exe
        9⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25133.exe
        9⤵
        
        PID:12684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
        9⤵
        
        PID:17368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53894.exe
        9⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7289.exe
        9⤵
        
        PID:17108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44518.exe
        8⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28285.exe
        8⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-713.exe
        8⤵
        
        PID:14540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37102.exe
        7⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63616.exe
        8⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
        9⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34227.exe
        10⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47351.exe
        10⤵
        
        PID:14912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49774.exe
        10⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        10⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
        10⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        9⤵
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        9⤵
        
        PID:15980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
        9⤵
        
        PID:17468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24633.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        8⤵
        
        PID:13000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
        8⤵
        
        PID:16988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36886.exe
        8⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        7⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe
        8⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        8⤵
        
        PID:13196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64942.exe
        8⤵
        
        PID:16540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        8⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4605.exe
        8⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38479.exe
        7⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11773.exe
        7⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29270.exe
        7⤵
        
        PID:16572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
        7⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62297.exe
        7⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6698.exe
        7⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62739.exe
        8⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37192.exe
        9⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
        10⤵
        
        PID:13860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:16728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14697.exe
        10⤵
        
        PID:520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62903.exe
        9⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59550.exe
        9⤵
        
        PID:14560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49863.exe
        9⤵
        
        PID:18116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23095.exe
        9⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39713.exe
        8⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5185.exe
        9⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56222.exe
        9⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35218.exe
        8⤵
        
        PID:12484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        8⤵
        
        PID:16348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28606.exe
        8⤵
        
        PID:15512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
        8⤵
        
        PID:18072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
        7⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33651.exe
        8⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46386.exe
        8⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35105.exe
        7⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21969.exe
        7⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5344.exe
        7⤵
        
        PID:4192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64953.exe
        6⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39112.exe
        7⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60347.exe
        8⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        8⤵
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55518.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23634.exe
        8⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24633.exe
        7⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55414.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
        7⤵
        
        PID:16520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        7⤵
        
        PID:1304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2422.exe
        6⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23584.exe
        7⤵
        
        PID:13716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43225.exe
        7⤵
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3198.exe
        6⤵
        
        PID:10664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
        6⤵
        
        PID:14568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5693.exe
        6⤵
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1217.exe
        6⤵
        
        PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23830.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14103.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29283.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61706.exe
        8⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
        9⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        9⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        9⤵
        
        PID:16016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1424.exe
        9⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38369.exe
        8⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30890.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52822.exe
        8⤵
        
        PID:17060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37358.exe
        8⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10263.exe
        8⤵
        
        PID:17568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60066.exe
        7⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43720.exe
        8⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
        9⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50226.exe
        9⤵
        
        PID:15372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44873.exe
        9⤵
        
        PID:17860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
        9⤵
        
        PID:17268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13886.exe
        8⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-69.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-69.exe
        8⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50247.exe
        8⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53614.exe
        8⤵
        
        PID:17796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44134.exe
        7⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33487.exe
        7⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4944.exe
        7⤵
        
        PID:13340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41382.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44311.exe
        6⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62739.exe
        7⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55064.exe
        8⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54159.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10432.exe
        8⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55639.exe
        8⤵
        
        PID:17536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6525.exe
        8⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10606.exe
        7⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62326.exe
        7⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20625.exe
        7⤵
        
        PID:16296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5410.exe
        7⤵
        
        PID:17860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3848.exe
        6⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55603.exe
        7⤵
        
        PID:18352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33487.exe
        6⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62806.exe
        6⤵
        
        PID:14292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33214.exe
        6⤵
        
        PID:17668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6712.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4752
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 640
        6⤵
        Program crash
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63719.exe
        5⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62739.exe
        6⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58131.exe
        7⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12815.exe
        8⤵
        
        PID:11764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50226.exe
        8⤵
        
        PID:16368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4880.exe
        8⤵
        
        PID:18272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31085.exe
        7⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25914.exe
        7⤵
        
        PID:14364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57673.exe
        6⤵
        
        PID:9188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61550.exe
        6⤵
        
        PID:9812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28113.exe
        6⤵
        
        PID:17228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59294.exe
        5⤵
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
        6⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48591.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14760.exe
        6⤵
        
        PID:16288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50542.exe
        6⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21145.exe
        5⤵
        
        PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22754.exe
        5⤵
        
        PID:12972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
        5⤵
        
        PID:16980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27473.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5359.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe
        8⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65339.exe
        9⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40747.exe
        10⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19945.exe
        10⤵
        
        PID:13452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40350.exe
        10⤵
        
        PID:17076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13886.exe
        9⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        9⤵
        
        PID:13568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
        9⤵
        
        PID:17640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38649.exe
        8⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29349.exe
        8⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65022.exe
        8⤵
        
        PID:15088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29038.exe
        7⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31085.exe
        8⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25914.exe
        8⤵
        
        PID:13448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
        8⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61425.exe
        7⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19270.exe
        7⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18400.exe
        7⤵
        
        PID:15556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34990.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61706.exe
        7⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60347.exe
        8⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        8⤵
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        8⤵
        
        PID:15948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1424.exe
        8⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31794.exe
        8⤵
        
        PID:17000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38369.exe
        7⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30890.exe
        7⤵
        
        PID:12992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52822.exe
        7⤵
        
        PID:17020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4175.exe
        7⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8264.exe
        6⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
        7⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
        8⤵
        
        PID:13920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20942.exe
        8⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4141.exe
        8⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16766.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51574.exe
        7⤵
        
        PID:13820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36735.exe
        6⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8301.exe
        6⤵
        
        PID:10488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40214.exe
        6⤵
        
        PID:14548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41728.exe
        6⤵
        
        PID:18188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58514.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 492
        7⤵
        Program crash
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28945.exe
        6⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43648.exe
        7⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4289.exe
        7⤵
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61294.exe
        7⤵
        
        PID:17424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
        7⤵
        
        PID:18080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
        6⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
        6⤵
        
        PID:4764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
        6⤵
        
        PID:17416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51736.exe
        6⤵
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23485.exe
        6⤵
        
        PID:18276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57854.exe
        5⤵
        
        PID:1300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65323.exe
        6⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 636
        7⤵
        Program crash
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7534.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35218.exe
        6⤵
        
        PID:12492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        6⤵
        
        PID:15744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38289.exe
        6⤵
        
        PID:16656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40575.exe
        5⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54099.exe
        6⤵
        
        PID:8880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        6⤵
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63686.exe
        6⤵
        
        PID:15748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        5⤵
        
        PID:7924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5689.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53352.exe
        5⤵
        
        PID:17048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3824.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 488
        7⤵
        Program crash
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37497.exe
        6⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61499.exe
        7⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
        7⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63961.exe
        7⤵
        
        PID:13956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14728.exe
        7⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32805.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46458.exe
        6⤵
        
        PID:11900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2360.exe
        6⤵
        
        PID:17300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
        6⤵
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51218.exe
        5⤵
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-855.exe
        6⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        7⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46091.exe
        8⤵
        
        PID:17468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59144.exe
        8⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31085.exe
        7⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59847.exe
        7⤵
        
        PID:14936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49286.exe
        7⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
        7⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
        6⤵
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35218.exe
        6⤵
        
        PID:12508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        6⤵
        
        PID:15716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28606.exe
        6⤵
        
        PID:16900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48264.exe
        6⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30008.exe
        6⤵
        
        PID:18364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34709.exe
        5⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45547.exe
        6⤵
        
        PID:9072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14273.exe
        6⤵
        
        PID:11912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14952.exe
        6⤵
        
        PID:15756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59871.exe
        6⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44678.exe
        6⤵
        
        PID:17048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30503.exe
        5⤵
        
        PID:8440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37792.exe
        5⤵
        
        PID:11892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35985.exe
        5⤵
        
        PID:16492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54424.exe
        5⤵
        
        PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
        5⤵
        
        PID:17176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12577.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
        5⤵
        
        PID:3032
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 488
        6⤵
        Program crash
        
        PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37497.exe
        5⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14727.exe
        6⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44943.exe
        6⤵
        
        PID:13760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48409.exe
        6⤵
        
        PID:16628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
        5⤵
        
        PID:9604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
        5⤵
        
        PID:7444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
        5⤵
        
        PID:17568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62153.exe
      4⤵
      PID:60
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
        5⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        6⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25795.exe
        7⤵
        
        PID:14304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24358.exe
        6⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe
        6⤵
        
        PID:13780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17326.exe
        5⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19152.exe
        6⤵
        
        PID:10448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40054.exe
        6⤵
        
        PID:15356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63929.exe
        6⤵
        
        PID:18324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11101.exe
        5⤵
        
        PID:10456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65415.exe
        5⤵
        
        PID:14532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41198.exe
        5⤵
        
        PID:18200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15374.exe
      4⤵
      PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36720.exe
        5⤵
        
        PID:8604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        5⤵
        
        PID:12228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55518.exe
        5⤵
        
        PID:15824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36099.exe
      4⤵
      PID:9000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17825.exe
      4⤵
      PID:17104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19394.exe
      4⤵
      PID:3152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35838.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47147.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9111.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20051.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15250.exe
        7⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        8⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        9⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
        9⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe
        9⤵
        
        PID:13756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:17452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39808.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35218.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        8⤵
        
        PID:15476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47142.exe
        8⤵
        
        PID:16752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13672.exe
        8⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52770.exe
        7⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38931.exe
        8⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19753.exe
        8⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40350.exe
        8⤵
        
        PID:17072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6560.exe
        8⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33485.exe
        7⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39546.exe
        7⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        7⤵
        
        PID:16856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60898.exe
        7⤵
        
        PID:17616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15457.exe
        7⤵
        
        PID:14692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10377.exe
        6⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47280.exe
        7⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        8⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42779.exe
        9⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6977.exe
        9⤵
        
        PID:15076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58985.exe
        9⤵
        
        PID:18232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43718.exe
        9⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31085.exe
        8⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25914.exe
        8⤵
        
        PID:13552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62888.exe
        8⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
        8⤵
        
        PID:16548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50382.exe
        7⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52291.exe
        8⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6313.exe
        8⤵
        
        PID:14556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22102.exe
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20718.exe
        7⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61161.exe
        7⤵
        
        PID:15480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45758.exe
        6⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36251.exe
        7⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58586.exe
        7⤵
        
        PID:16036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62087.exe
        7⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40970.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13304.exe
        6⤵
        
        PID:13972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39846.exe
        6⤵
        
        PID:17332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52795.exe
        6⤵
        
        PID:18028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62095.exe
        6⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59864.exe
        7⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23107.exe
        8⤵
        
        PID:16716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65009.exe
        8⤵
        
        PID:16544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13886.exe
        7⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        7⤵
        
        PID:13700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44248.exe
        7⤵
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28373.exe
        6⤵
        
        PID:8080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36367.exe
        6⤵
        
        PID:9828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48774.exe
        6⤵
        
        PID:13876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41958.exe
        6⤵
        
        PID:17512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51295.exe
        6⤵
        
        PID:17236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64953.exe
        5⤵
        
        PID:860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47280.exe
        6⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38152.exe
        7⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
        8⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
        8⤵
        
        PID:14736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
        8⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62326.exe
        7⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20625.exe
        7⤵
        
        PID:16276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34233.exe
        6⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62326.exe
        6⤵
        
        PID:11228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20625.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25056.exe
        6⤵
        
        PID:18276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26030.exe
        6⤵
        
        PID:17252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51623.exe
        5⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48488.exe
        6⤵
        
        PID:16636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32304.exe
        5⤵
        
        PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62306.exe
        5⤵
        
        PID:13992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56912.exe
        5⤵
        
        PID:17080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62951.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36771.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20835.exe
        6⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51120.exe
        7⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28552.exe
        8⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        8⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1006.exe
        7⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        7⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
        7⤵
        
        PID:17028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22230.exe
        6⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23856.exe
        7⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11969.exe
        7⤵
        
        PID:13536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30645.exe
        7⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
        7⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
        6⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51078.exe
        6⤵
        
        PID:14436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47817.exe
        6⤵
        
        PID:17544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22717.exe
        6⤵
        
        PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49978.exe
        5⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15266.exe
        6⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14327.exe
        7⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49936.exe
        8⤵
        
        PID:18052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59144.exe
        8⤵
        
        PID:18160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        7⤵
        
        PID:12264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56874.exe
        7⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24633.exe
        6⤵
        
        PID:9100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        6⤵
        
        PID:12952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
        6⤵
        
        PID:17124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27182.exe
        6⤵
        
        PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27413.exe
        5⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17040.exe
        6⤵
        
        PID:11084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
        6⤵
        
        PID:15092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58985.exe
        6⤵
        
        PID:18216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63929.exe
        6⤵
        
        PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33487.exe
        5⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55790.exe
        5⤵
        
        PID:14160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        5⤵
        
        PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19058.exe
        5⤵
        
        PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18623.exe
        5⤵
        
        PID:18228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12296.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20835.exe
        5⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8250.exe
        6⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60347.exe
        7⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        7⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63686.exe
        7⤵
        
        PID:15832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24633.exe
        6⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16664.exe
        6⤵
        
        PID:13096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44383.exe
        6⤵
        
        PID:17220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26030.exe
        6⤵
        
        PID:17384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38950.exe
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32115.exe
        6⤵
        
        PID:11164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38414.exe
        6⤵
        
        PID:14812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40537.exe
        6⤵
        
        PID:17880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
        6⤵
        
        PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe
        5⤵
        
        PID:9996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57430.exe
        5⤵
        
        PID:14852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12209.exe
      4⤵
      PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51120.exe
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36720.exe
        6⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        6⤵
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4288.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24633.exe
        5⤵
        
        PID:8816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        5⤵
        
        PID:13008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
        5⤵
        
        PID:17036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26208.exe
        5⤵
        
        PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
        5⤵
        
        PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
      4⤵
      PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33376.exe
        5⤵
        
        PID:11072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        5⤵
        
        PID:14788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49774.exe
        5⤵
        
        PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
      4⤵
      PID:8788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56320.exe
      4⤵
      PID:14140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26445.exe
      4⤵
      PID:16784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25749.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17280.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20435.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11514.exe
        6⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-959.exe
        7⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30280.exe
        8⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16385.exe
        8⤵
        
        PID:12148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13800.exe
        8⤵
        
        PID:16044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34337.exe
        7⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
        7⤵
        
        PID:12368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63023.exe
        7⤵
        
        PID:16436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42566.exe
        7⤵
        
        PID:17052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29713.exe
        6⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63366.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23698.exe
        6⤵
        
        PID:13728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
        6⤵
        
        PID:17472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56874.exe
        6⤵
        
        PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40465.exe
        5⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50160.exe
        6⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
        7⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25793.exe
        7⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63686.exe
        7⤵
        
        PID:15812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56874.exe
        7⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51529.exe
        6⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22743.exe
        6⤵
        
        PID:12844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
        6⤵
        
        PID:16864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10263.exe
        6⤵
        
        PID:16676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44518.exe
        5⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59048.exe
        6⤵
        
        PID:14664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
        6⤵
        
        PID:18376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28199.exe
        5⤵
        
        PID:9980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48774.exe
        5⤵
        
        PID:13828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47570.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-568.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54379.exe
        5⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9646.exe
        6⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-927.exe
        7⤵
        
        PID:18236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59144.exe
        7⤵
        
        PID:15544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7733.exe
        6⤵
        
        PID:11644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4014.exe
        6⤵
        
        PID:15804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
        6⤵
        
        PID:16592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23185.exe
        5⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        6⤵
        
        PID:18404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6197.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25914.exe
        5⤵
        
        PID:644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58722.exe
      4⤵
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
        5⤵
        
        PID:11552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
        5⤵
        
        PID:15900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6032.exe
        5⤵
        
        PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39808.exe
        5⤵
        
        PID:5844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32304.exe
      4⤵
      PID:8932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62306.exe
      4⤵
      PID:13980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56912.exe
      4⤵
      PID:4820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32474.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11135.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11514.exe
        5⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31742.exe
        6⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8679.exe
        7⤵
        
        PID:11048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        7⤵
        
        PID:14768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49774.exe
        7⤵
        
        PID:17552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
        7⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        6⤵
        
        PID:9704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14678.exe
        6⤵
        
        PID:13508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
        6⤵
        
        PID:17520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22422.exe
        5⤵
        
        PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
        5⤵
        
        PID:9496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5934.exe
        5⤵
        
        PID:14324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41582.exe
        5⤵
        
        PID:16800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
        5⤵
        
        PID:520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
      4⤵
      PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1151.exe
        5⤵
        
        PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
        5⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33568.exe
        6⤵
        
        PID:10520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3521.exe
        6⤵
        
        PID:14588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43998.exe
        6⤵
        
        PID:18144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15382.exe
        6⤵
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30501.exe
        5⤵
        
        PID:9844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57439.exe
        5⤵
        
        PID:13872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
        5⤵
        
        PID:17488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4746.exe
      4⤵
      PID:8008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
        5⤵
        
        PID:10500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
        5⤵
        
        PID:13588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31794.exe
        5⤵
        
        PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28285.exe
      4⤵
      PID:10796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-713.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43238.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3346.exe
      4⤵
      PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31742.exe
        5⤵
        
        PID:7624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8295.exe
        6⤵
        
        PID:10912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14185.exe
        6⤵
        
        PID:14712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49198.exe
        6⤵
        
        PID:17440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31761.exe
        6⤵
        
        PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28856.exe
        5⤵
        
        PID:9756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9360.exe
        5⤵
        
        PID:14580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29945.exe
        5⤵
        
        PID:18416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
      4⤵
      PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22411.exe
        5⤵
        
        PID:13016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42182.exe
        5⤵
        
        PID:892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6721.exe
        5⤵
        
        PID:5400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
      4⤵
      PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
      4⤵
      PID:7600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
      4⤵
      PID:17532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
      4⤵
      PID:17540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34865.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34865.exe
    3⤵
    PID:5732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61425.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18000.exe
        5⤵
        
        PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40054.exe
        5⤵
        
        PID:14056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19270.exe
      4⤵
      PID:11308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2064.exe
      4⤵
      PID:15500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
      4⤵
      PID:5488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-146.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-146.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58104.exe
      4⤵
      PID:18032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3821.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3821.exe
    3⤵
    PID:8876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:14104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
    3⤵
    PID:3160
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48890.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48890.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31889.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11607.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21691.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
        7⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57176.exe
        8⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51219.exe
        9⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
        9⤵
        
        PID:16312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
        8⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31661.exe
        8⤵
        
        PID:12196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52063.exe
        8⤵
        
        PID:16080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56256.exe
        8⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37881.exe
        7⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45547.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14273.exe
        8⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8045.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42566.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40782.exe
        7⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29930.exe
        7⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
        7⤵
        
        PID:17344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        6⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16174.exe
        7⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13598.exe
        7⤵
        
        PID:11652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60886.exe
        7⤵
        
        PID:15860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
        7⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43257.exe
        6⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27616.exe
        7⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56967.exe
        7⤵
        
        PID:15992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47976.exe
        7⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33487.exe
        6⤵
        
        PID:8536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60199.exe
        6⤵
        
        PID:14124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56715.exe
        6⤵
        
        PID:18220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-673.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23907.exe
        6⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18286.exe
        7⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20792.exe
        8⤵
        
        PID:12304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-833.exe
        8⤵
        
        PID:16356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27856.exe
        8⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51231.exe
        8⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18008.exe
        7⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9089.exe
        7⤵
        
        PID:14728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37736.exe
        7⤵
        
        PID:18068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        6⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29349.exe
        6⤵
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-70.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-70.exe
        6⤵
        
        PID:13952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
        6⤵
        
        PID:17480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58534.exe
        5⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18147.exe
        6⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
        7⤵
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13886.exe
        6⤵
        
        PID:8220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        6⤵
        
        PID:14188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        6⤵
        
        PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57482.exe
        5⤵
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24821.exe
        5⤵
        
        PID:8620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39254.exe
        5⤵
        
        PID:14112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5874.exe
        5⤵
        
        PID:400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31264.exe
        5⤵
        
        PID:18368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4408.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57648.exe
        6⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57451.exe
        7⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
        7⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
        7⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57439.exe
        7⤵
        
        PID:13856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
        7⤵
        
        PID:17504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31301.exe
        7⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56548.exe
        6⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25819.exe
        7⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31630.exe
        7⤵
        
        PID:16408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37217.exe
        6⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23698.exe
        6⤵
        
        PID:13736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
        6⤵
        
        PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54119.exe
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2962.exe
        6⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61499.exe
        7⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
        7⤵
        
        PID:11804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63961.exe
        7⤵
        
        PID:14320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6560.exe
        7⤵
        
        PID:17528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34337.exe
        6⤵
        
        PID:8744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
        6⤵
        
        PID:12324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48223.exe
        6⤵
        
        PID:16620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40154.exe
        6⤵
        
        PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27989.exe
        5⤵
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47571.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16105.exe
        6⤵
        
        PID:12440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63785.exe
        6⤵
        
        PID:16912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        6⤵
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5072.exe
        6⤵
        
        PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
        5⤵
        
        PID:9632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30880.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21014.exe
        5⤵
        
        PID:16940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14985.exe
      4⤵
      PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-170.exe
        5⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16174.exe
        6⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26752.exe
        6⤵
        
        PID:10656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9966.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38505.exe
        6⤵
        
        PID:18364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56225.exe
        5⤵
        
        PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59526.exe
        5⤵
        
        PID:11068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51367.exe
        5⤵
        
        PID:16004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44081.exe
        5⤵
        
        PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17488.exe
        5⤵
        
        PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63705.exe
      4⤵
      PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2402.exe
        5⤵
        
        PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
        5⤵
        
        PID:12520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
        5⤵
        
        PID:16064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
      4⤵
      PID:8272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63128.exe
      4⤵
      PID:12712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29517.exe
      4⤵
      PID:16776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52638.exe
      4⤵
      PID:4832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12014.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12014.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24571.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29480.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47295.exe
        6⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        7⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36248.exe
        8⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
        8⤵
        
        PID:14256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52550.exe
        8⤵
        
        PID:17572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31085.exe
        7⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25914.exe
        7⤵
        
        PID:13328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26693.exe
        7⤵
        
        PID:17544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11017.exe
        7⤵
        
        PID:1208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
        6⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12062.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        6⤵
        
        PID:14100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
        5⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59288.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61499.exe
        7⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21595.exe
        8⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
        7⤵
        
        PID:11796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63961.exe
        7⤵
        
        PID:15084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10902.exe
        6⤵
        
        PID:9232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25133.exe
        6⤵
        
        PID:12640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54471.exe
        6⤵
        
        PID:16556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5269.exe
        6⤵
        
        PID:3632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59209.exe
        5⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        6⤵
        
        PID:14460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30262.exe
        6⤵
        
        PID:18168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33487.exe
        5⤵
        
        PID:9448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55790.exe
        5⤵
        
        PID:14216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        5⤵
        
        PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16905.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20259.exe
        5⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31742.exe
        6⤵
        
        PID:7640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28856.exe
        6⤵
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9360.exe
        6⤵
        
        PID:14524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21201.exe
        6⤵
        
        PID:18028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        6⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38182.exe
        5⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61499.exe
        6⤵
        
        PID:9008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
        6⤵
        
        PID:11780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63961.exe
        6⤵
        
        PID:15400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24637.exe
        5⤵
        
        PID:8548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46458.exe
        5⤵
        
        PID:11488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2360.exe
        5⤵
        
        PID:17320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55488.exe
        5⤵
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51295.exe
        5⤵
        
        PID:5532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14704.exe
      4⤵
      PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58328.exe
        5⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27784.exe
        6⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49027.exe
        7⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45239.exe
        7⤵
        
        PID:14484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43998.exe
        7⤵
        
        PID:18208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65207.exe
        6⤵
        
        PID:11328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21200.exe
        6⤵
        
        PID:15516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
        6⤵
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51529.exe
        5⤵
        
        PID:9412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22743.exe
        5⤵
        
        PID:12968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
        5⤵
        
        PID:16804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56874.exe
        5⤵
        
        PID:18164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34239.exe
      4⤵
      PID:8088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27701.exe
      4⤵
      PID:9820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57960.exe
      4⤵
      PID:14820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26608.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26608.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36771.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61675.exe
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31742.exe
        6⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28856.exe
        6⤵
        
        PID:1412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13609.exe
        6⤵
        
        PID:13392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57918.exe
        6⤵
        
        PID:16528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37305.exe
        5⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45568.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        6⤵
        
        PID:12920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55622.exe
        6⤵
        
        PID:17008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4989.exe
        6⤵
        
        PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        5⤵
        
        PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39546.exe
        5⤵
        
        PID:13400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        5⤵
        
        PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58146.exe
      4⤵
      PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50160.exe
        5⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54208.exe
        6⤵
        
        PID:9016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
        6⤵
        
        PID:11684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63961.exe
        6⤵
        
        PID:16380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
        6⤵
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42566.exe
        6⤵
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13830.exe
        6⤵
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10902.exe
        5⤵
        
        PID:8564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40593.exe
        5⤵
        
        PID:12140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
        5⤵
        
        PID:17400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
        5⤵
        
        PID:14596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41634.exe
      4⤵
      PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1695.exe
        5⤵
        
        PID:17840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
      4⤵
      PID:11636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44350.exe
      4⤵
      PID:15852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20259.exe
      4⤵
      PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30673.exe
        5⤵
        
        PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36951.exe
        5⤵
        
        PID:10764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57321.exe
        5⤵
        
        PID:14748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37305.exe
      4⤵
      PID:7024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
      4⤵
      PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9360.exe
      4⤵
      PID:14596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24662.exe
      4⤵
      PID:18156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19007.exe
      4⤵
      PID:5940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11904.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11904.exe
    3⤵
    PID:5456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58219.exe
      4⤵
      PID:6692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36720.exe
        5⤵
        
        PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        5⤵
        
        PID:12248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        5⤵
        
        PID:15972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31794.exe
        5⤵
        
        PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24633.exe
      4⤵
      PID:9112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
      4⤵
      PID:12980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3433.exe
      4⤵
      PID:17144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39873.exe
    3⤵
    PID:6888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17424.exe
      4⤵
      PID:10300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61082.exe
      4⤵
      PID:14516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43998.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:18128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64270.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64270.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:10516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56449.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56449.exe
    3⤵
    PID:864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48505.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48505.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31889.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31889.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61000.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6719.exe
        6⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50160.exe
        7⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45931.exe
        8⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        8⤵
        
        PID:12256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        8⤵
        
        PID:15956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18385.exe
        7⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        7⤵
        
        PID:12944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
        7⤵
        
        PID:17116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
        6⤵
        
        PID:8236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        6⤵
        
        PID:11600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52718.exe
        6⤵
        
        PID:15772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51514.exe
        5⤵
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37606.exe
        6⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12062.exe
        6⤵
        
        PID:11020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17248.exe
        6⤵
        
        PID:14868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51041.exe
        5⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40091.exe
        6⤵
        
        PID:10896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39961.exe
        6⤵
        
        PID:17584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe
        6⤵
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
        6⤵
        
        PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33487.exe
        5⤵
        
        PID:8464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44120.exe
        5⤵
        
        PID:16208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1825.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
        5⤵
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17763.exe
        6⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59387.exe
        7⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44123.exe
        8⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57927.exe
        8⤵
        
        PID:15580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3269.exe
        8⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39808.exe
        8⤵
        
        PID:18124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
        7⤵
        
        PID:12476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
        7⤵
        
        PID:15896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
        7⤵
        
        PID:16752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
        6⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31661.exe
        6⤵
        
        PID:12184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4014.exe
        6⤵
        
        PID:15760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14968.exe
        6⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
        6⤵
        
        PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56225.exe
        5⤵
        
        PID:8112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8222.exe
        5⤵
        
        PID:11032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7632.exe
        5⤵
        
        PID:14752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30438.exe
        5⤵
        
        PID:17636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64097.exe
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50160.exe
        5⤵
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45355.exe
        6⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16385.exe
        6⤵
        
        PID:10188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63961.exe
        6⤵
        
        PID:15364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7293.exe
        6⤵
        
        PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27046.exe
        5⤵
        
        PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
        5⤵
        
        PID:12300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
        5⤵
        
        PID:17312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
        5⤵
        
        PID:18092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
      4⤵
      PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19531.exe
        5⤵
        
        PID:12652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
        5⤵
        
        PID:16532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14927.exe
        5⤵
        
        PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19533.exe
      4⤵
      PID:9940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32238.exe
      4⤵
      PID:13900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59024.exe
      4⤵
      PID:17432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2593.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2593.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62827.exe
      4⤵
      PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43336.exe
        5⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3170.exe
        6⤵
        
        PID:8572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        6⤵
        
        PID:12240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63023.exe
        6⤵
        
        PID:15988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26208.exe
        6⤵
        
        PID:18428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
        6⤵
        
        PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9174.exe
        5⤵
        
        PID:8720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        5⤵
        
        PID:12960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3433.exe
        5⤵
        
        PID:17136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45474.exe
      4⤵
      PID:6904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42112.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10921.exe
        5⤵
        
        PID:14040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4143.exe
        5⤵
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60930.exe
        5⤵
        
        PID:17456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
      4⤵
      PID:7424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:18428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4888.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4888.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1919.exe
      4⤵
      PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43051.exe
        5⤵
        
        PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
        5⤵
        
        PID:12528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
        5⤵
        
        PID:15552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25894.exe
      4⤵
      PID:8456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65398.exe
      4⤵
      PID:12700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
      4⤵
      PID:16788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8078.exe
    3⤵
    PID:7040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25352.exe
    3⤵
    PID:2196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34789.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34789.exe
    3⤵
    PID:14084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44545.exe
    3⤵
    PID:2564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14670.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14670.exe
    3⤵
    PID:5848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6041.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6041.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2022.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62448.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23331.exe
        5⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9978.exe
        6⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24139.exe
        7⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5933.exe
        7⤵
        
        PID:15656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31794.exe
        7⤵
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13886.exe
        6⤵
        
        PID:9196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        6⤵
        
        PID:14200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45446.exe
        6⤵
        
        PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38758.exe
        5⤵
        
        PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
        5⤵
        
        PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64455.exe
        5⤵
        
        PID:14176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        5⤵
        
        PID:1448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54119.exe
      4⤵
      PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47970.exe
        5⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52274.exe
        6⤵
        
        PID:18216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34063.exe
        6⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43281.exe
        5⤵
        
        PID:10540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9966.exe
        5⤵
        
        PID:14644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38505.exe
        5⤵
        
        PID:18384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4746.exe
      4⤵
      PID:8036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43959.exe
      4⤵
      PID:9732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6013.exe
      4⤵
      PID:13496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25622.exe
      4⤵
      PID:17556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9120.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9120.exe
    3⤵
    - Executes dropped EXE
    PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-170.exe
      4⤵
      PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49387.exe
        5⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24715.exe
        6⤵
        
        PID:10824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
        6⤵
        
        PID:14680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39961.exe
        6⤵
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
        6⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13886.exe
        5⤵
        
        PID:8644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        5⤵
        
        PID:14092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1046.exe
        5⤵
        
        PID:16908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31358.exe
      4⤵
      PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16910.exe
        5⤵
        
        PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
        5⤵
        
        PID:17924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29349.exe
      4⤵
      PID:10000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65022.exe
      4⤵
      PID:15192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52288.exe
      4⤵
      PID:744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57999.exe
      4⤵
      PID:11132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
      4⤵
      PID:14312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56874.exe
      4⤵
      PID:18156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36829.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36829.exe
    3⤵
    PID:8448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46062.exe
    3⤵
    PID:12740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51048.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51048.exe
    3⤵
    PID:16816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
    3⤵
    PID:3576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
    3⤵
    PID:18228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
    3⤵
    PID:17744
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7472.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7472.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29480.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29480.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54576.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31742.exe
        5⤵
        
        PID:7684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22224.exe
        6⤵
        
        PID:11860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41782.exe
        6⤵
        
        PID:15796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2501.exe
        6⤵
        
        PID:17276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59207.exe
        6⤵
        
        PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36951.exe
        5⤵
        
        PID:11172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17248.exe
        5⤵
        
        PID:13908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30008.exe
        5⤵
        
        PID:16992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37305.exe
      4⤵
      PID:7004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
      4⤵
      PID:9588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
      4⤵
      PID:7412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
      4⤵
      PID:18372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51736.exe
      4⤵
      PID:396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40205.exe
      4⤵
      PID:3104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34518.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34518.exe
    3⤵
    PID:5516
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 632
      4⤵
      Program crash
      PID:5548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4746.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4746.exe
    3⤵
    PID:7988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49027.exe
      4⤵
      PID:10276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45239.exe
      4⤵
      PID:14492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43998.exe
      4⤵
      PID:18136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
      4⤵
      PID:5308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28285.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28285.exe
    3⤵
    PID:10788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60451.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60451.exe
    3⤵
    PID:16996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17382.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17382.exe
    3⤵
    PID:1332
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60506.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60506.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61675.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61675.exe
    3⤵
    PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51120.exe
      4⤵
      PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
        5⤵
        
        PID:8684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        5⤵
        
        PID:9992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        5⤵
        
        PID:15940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31794.exe
        5⤵
        
        PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24633.exe
      4⤵
      PID:8468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1589.exe
      4⤵
      PID:13260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63599.exe
      4⤵
      PID:16460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26208.exe
      4⤵
      PID:17532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56874.exe
      4⤵
      PID:2128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37689.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37689.exe
    3⤵
    PID:7224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59448.exe
      4⤵
      PID:16868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
    3⤵
    PID:9648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23698.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23698.exe
    3⤵
    PID:13740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
    3⤵
    PID:17496
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45984.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45984.exe
  2⤵
  PID:5524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61425.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61425.exe
    3⤵
    PID:3264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19270.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19270.exe
    3⤵
    PID:11344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18400.exe
    3⤵
    PID:15528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32942.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32942.exe
    3⤵
    PID:2620
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
  2⤵
  PID:7012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55267.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55267.exe
    3⤵
    PID:9848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19753.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19753.exe
    3⤵
    PID:13368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40350.exe
    3⤵
    PID:17088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64023.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64023.exe
  2⤵
  PID:6360
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33654.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33654.exe
  2⤵
  PID:14128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63111.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63111.exe
  2⤵
  PID:1556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4752 -ip 4752
1⤵
PID:4140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 1760 -ip 1760
1⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 3032 -ip 3032
1⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 4612 -ip 4612
1⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5516 -ip 5516
1⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 6012 -ip 6012
1⤵
PID:6972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 17124 -ip 17124
1⤵
PID:1736

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:3552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11199.exe

Filesize
184KB

MD5
5298782ca8ba22bbbeb4b658de71bc75

SHA1
1eadae496ec92243a9907e5e619fde31183f9940

SHA256
e19079955d443b8d260fb40601adb59db336962bc2de6f90ca47f912365c40ed

SHA512
b6e301184aeddeb69f9ff336b7f15deed2631c84bf17ed2bba2bda5a03efa22c353ad895c7e62589be8426231631795b6207c0d05d7a3bccaf9fca3016c60f10

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11607.exe

Filesize
184KB

MD5
aa3e446c87e7d2436127266059b57982

SHA1
a81ccf217fb3ca040372880edfeb5172595bc09e

SHA256
07ecb331aeab49f6a6b01c5f4c765ef4f89862d7c3dee89ca1266e39b0120eae

SHA512
2840abf596b0886e346bd5b6e699bfc65871759cac318129f314f3e683f48c39d5782d34b7793908cba5f15c55853e74eea6fefa44268f242583ec7c99a9b303

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12014.exe

Filesize
184KB

MD5
e52e60a81513c38cb6a1a31e5e5074df

SHA1
7c8a64fbe4d74f1b6aa3c067c09f5f2f290df581

SHA256
7bc904d29ce2877adbfa20086da1b623360a10b7ba96d35535cc4cd8d7a20cbc

SHA512
0edea50bd16b67683cc00bce14da5a3e749dccdff46c7491ad5ace6d725fdb00a0e8581b6049f7c5c3bdb86b305d2113d7a64deaccce27d3ce3f0db7e7f3fb1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17280.exe

Filesize
184KB

MD5
2660e29c26a5f78bb11dfaf1a9cbbe2d

SHA1
26907eae420f7482c23b96de8252ff5b97661822

SHA256
70b52cbbb37a1c56deb3e28fa2fc50267bb02ec6109bd7c9382565dd984cb706

SHA512
1564d41ec9b174415645b5a2254305512ff9f5d305fa937ce66c4e2e9ba1acc110a14ba7f3dd925f08956080a411a209f7eacde90b3b54b4540adc8c47e411e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2022.exe

Filesize
184KB

MD5
100f8d36ded0fcb6f83d9a1fe3966409

SHA1
f7595b3e354a51e6e503fa7eacfd8a8a4b6a5e22

SHA256
a175a4c734774ad9511485070ae98fae8580eee04b5abad755af1940a93b534a

SHA512
cf90d26d43c573771ccb407da2344465d6087f2b4c680a7708c6402bafa7f5adf4db19d14d3dfa81eb5154ca651d4da950f6a1a92327bdece426df57958781ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23830.exe

Filesize
184KB

MD5
df82d8d272faf69b36e06673d83f7f93

SHA1
ebc6f66546c1bc7cc995d8bd6d5d9c8a010cb6b8

SHA256
b657c393be6c667c8f9857f6a957ef46f4d9880a8e1bf27093161e12708dd95b

SHA512
cc0b51d02c579ed8c6a589b996e8e48514ff4769b854d7de0a0ed909af2a569dd32535f4bb7663a6b23a59f479c87a6af6ffec4c478c3911395e578a75d32f7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24571.exe

Filesize
184KB

MD5
8518a6b1a52076626f5a95a0f7f3a4db

SHA1
8d237b0859237a5fa20abcba80b583b7d9f2b825

SHA256
e45a1f92ee2d39cb23bba5e1c5d5a6a3f961e689f7607872e4b4f38bacf04f30

SHA512
c46bc74da1bac3eea8165c448b9cae3550cc659a5f9bacd3a8f11e8a3422898dac5fb7b09ac36b07d36a50c22af73df3d5666119cb569b29abcd4cd9ae50e332

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe

Filesize
184KB

MD5
4a95796763ea678c18d59df20f6f117c

SHA1
e1cd10539adb3debe0934e66253a5b79a49180d3

SHA256
27363acc919247b6681151212dfba6cfc4b7abd03dea1edc5cd0d08459582a30

SHA512
b2c70a4bdda0c698144dd9a62d0d2c827828b60df496bbba00444c312d4defc0b1ba79a3f41e17f47b56d099a1aac84c6e4ab2d212957337d6a40510aed9af85

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25749.exe

Filesize
184KB

MD5
69048d6c292acc5385ce8417d1fdf04c

SHA1
5e82a758abeea832497495664d879a7bcefb9f72

SHA256
799eab5e28d8d7cab402c0b6bd5683959c9335e6394c087d767e54ed8525473b

SHA512
49382d4cda95afa5ef51ec4b5e067ca80b0371cf9c4e4eb625da01d92d20af2236bf17a432dbc52dd6c503375221f7a989b307279ad4b454d032efe06ffbf272

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26608.exe

Filesize
184KB

MD5
d7d8c1d13809cbde9f85ecb278a0d490

SHA1
3c903505e640c4c1ebf7bd0dba12c04357bc9ff2

SHA256
615102bab6aa9808753fda1645dca06bced07eb93fc00e48e28a363a8629d5ad

SHA512
6ab7246028709b89c47d212b678daa18d19423c3ca16c351ac3097dfc263f15a3638ddbf2c9444f836636a5dc85346fc7647f29a461ef849715fa75f85041363

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27473.exe

Filesize
184KB

MD5
022786c0a9a7be58e1600ab70f98547e

SHA1
fdf18d5091ab79729fe11c07cf6bd0e35d316cae

SHA256
1ee5b5be04a5797dc00347ecbfbef93029353f7119554e2c61fce0831ad14306

SHA512
11bd8135fd2e57b2b7ecb63dd6e9d600cda363a758cc29edc4a2ab3fe7069fe83a6a88c2fb72e1563f286c086fff81e4a9e56c30cabf06561be2b5506b9837b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe

Filesize
184KB

MD5
ec9152bd4891a35517c25b74b73bd007

SHA1
baabb1d20d3802903ce154f574abf2106999bf6c

SHA256
b573cadc9573a3cde4d63cf24e0468518b52e75378a26618da579ffa660c5393

SHA512
0eda21972c404a2aac7c5e1d0ba6887f8f870bf33372b3b0a5f588bd334638b2496e9860d2abfb2215e52a93f7d098432d32d6968cd0813a002fd797b5105119

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30673.exe

Filesize
184KB

MD5
2d64273caf2fbffd2adef0b4669b769f

SHA1
a0028f41a171283bfa10872374c6178190cfe128

SHA256
d11202d784c4ed853b75268a474f6514a3bd2f90fbe72473772ce17bb330be8d

SHA512
e652e40f5d8a1e8b6de9cd65643456940b01b084517733402469acb9e664c2177e29e04f8375d9083602458a1a1d69e31d85c92aa81080d19cd6c9c8121fb69b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31889.exe

Filesize
184KB

MD5
25829ac9dfba74bc0ee254a43f940c42

SHA1
8fd411245b88b79dc62bee2db9fd8cfd5bc603fc

SHA256
41fbf3f509ddea0be7d83eaf67163f9b24e848044e6b905f6afd334aba44664f

SHA512
9d0a467bbfc79f4763f5e8eba62f8524d14ebb691f221b956e3e8fda960a3f428640c5d40fc658bc003655b7c3aeafe5468c73b8edc932e55c37fdfca31bb8f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32474.exe

Filesize
184KB

MD5
3ac68eeab084f13856cff185bc2c62a9

SHA1
065c2bf05853b86671b93033b9159ad0bbf4f08e

SHA256
4a5f22bae9a911876c30bbd9cc70a8120b4908a0d461042b94bf364be4156841

SHA512
a33c9dfb60108bea7638816219e459c8e0e5cdf9fab8bf0b3159753a517dd9cd9d1afe39df89e70f0615288cfccbe61748584b12679f267da88e3de996bb4f16

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35838.exe

Filesize
184KB

MD5
d02b4747c634174c07543025b6d8d308

SHA1
00a35725c4152b315b3922ff0b45ea61e2455cf3

SHA256
4eb4f0110a46b149fdf2dfe845a01c1e4e1e3477856aec4724b47fc7e5ec9136

SHA512
7a03361fec8141c75947510bad181c8a29b4b30cdc7c11c70f14e943584ef4c287d52cbcf81fe828d03fa8bd0dec0354c1f97b8ce35d11b4fd0f112b51960961

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3824.exe

Filesize
184KB

MD5
b1dd426804ad8f0df107d1de32e84430

SHA1
68f4a2f8f135584eda8aa7112970ea4e250f99b7

SHA256
993b74747f72bbd0c39c6a5de8a9afbfcc53ac4ff93d6c5ca1d36c1261c8bb50

SHA512
c9db0ecff842cf78096a499b1cdc20c65bd65fd51388d179b2e116f21a4038ee217669f4e2b32263641ec94638551076f9ee8de684c32f67ce64a84f2793556c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4095.exe

Filesize
184KB

MD5
a8b4181ed8319e04ba023464fe5ed8f0

SHA1
98c5b8d6a16fa45c1bd9f51543e8b94350f9f4e3

SHA256
8c2e54d4432b828f68c3d0ca5f11a55fcb9f32dd1c92e9efc34fb809e52eca7f

SHA512
8596481392d6793055e7be892a3288b71ed772e9f65dc045f6b14995b64d58042c998f84960efa1b8f032ecc48b9269cd444ef4ddf4eacc5ca6636402a17a87c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe

Filesize
184KB

MD5
ff97e37b7f8e2e70cbf0764d2b14e1c0

SHA1
f650ee56696378fb66a641e077ef6a0e740d6af2

SHA256
cb1c899ceb1ec120339bad58fa43dea03a6c20c983010fd3cb9200ecfd443189

SHA512
2b06cab6bb79be15307bcdc005cc5bc81ee7d9668c1c3ae345342ca21e53d7545304e611bd7c1ef4780ea841dbb77cbeef18c0a90a0424a62cd9abbad73fdc0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4408.exe

Filesize
184KB

MD5
543dad32ce9203b8c267f3e5a54c3926

SHA1
86aee30b0e2263cf3134de4dd17d8cf3be721a74

SHA256
7ae80e9e91198acc6f26904cdf9031ed16ceed0aafb060270718e9aceb321c23

SHA512
232cc01582f845100ef0e7a3b1bc942249957839b869cd868b9173185e3ee98b0e5131f1bb83ea47d70007b57d8903fe183668d1328f613055c6a5807e54c586

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47147.exe

Filesize
184KB

MD5
6a3d1f418d36865cd515330d97bc4ab1

SHA1
dfd3e5b3bc40b4864f6da3c293c582ac2b20b173

SHA256
c86f8384b75c99deb37b8e3970c41bff5d07113737b7923305b103b7deb2ce9c

SHA512
4f00b214a6b9278f523d4f470c3b2241180702594392b022b3488eda01d2da6f4f31e24710965ee30d423f67c31ce788723f49b9b0e06d72c003c8dc1ecb406b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48408.exe

Filesize
184KB

MD5
a54a705ed9caeedb4394015bb8e8672e

SHA1
79cad7e47d761a7a06f6d2043e616ba5cc899c4d

SHA256
4786627825b6350efe476ea59fe98c2a2e6ac8b1d7e0210e420c0c24c1d4054d

SHA512
d396f88602f417effd7f6a8d5a6b925a69333d38bdd500f43cd5e3786357c0c98c5df7c33635352df8039dcba94e52dd25cb45dc6ccd9c51f2455c430a964691

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48505.exe

Filesize
184KB

MD5
44395f57c291bbfdb4209a9eba912bb5

SHA1
2e1dda39f121bc2a46052978e028b6cb2c9fcb50

SHA256
a133c2287a27d85c5311a0ca7a2a0eb078ac2aed3cb007b7086af3d3ba14a780

SHA512
f881f72a7db47bbc6412d735ff4256877477ca7105a4b468276fe5dc10b376f27d59d656c0383480bf990ad423304567952e084f8f38358ca81cc2a6de58afb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48890.exe

Filesize
184KB

MD5
6005fd81d05a2faaa8f6cef58c009d5f

SHA1
02628f90d7929706e63ac5c31562a154376963c3

SHA256
6f099accafd7fa6525761aa10ef1698a29a48ec2806d2851515cef7a28518481

SHA512
6a05d111135f93233f1729d32ecfc1b527663ea41796dd6ac8a09d11a52a22f7d0b759d053723301ecb17c1ef8267708d1de178921768d76bd078313b8a87fb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51864.exe

Filesize
184KB

MD5
58904630ac35ee7ddc24cc31ee51bf26

SHA1
c07d5f87100dff20ae1a99f7a5478bbb46e6c8e6

SHA256
50a61394c711c448e7277ee2e06abf60cd5033f27b1906c64c3446f34fb1d47f

SHA512
abf9a6ab884bac008f574064a5bd25b1f2a19bf9e931ce8ff4680488a52d476e0df66155c1b6230b5a50d7311e894d114adfefd22464b1eb20ee9b94d6f99b79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe

Filesize
184KB

MD5
e55d5a42e2b934bd60279c0297473ab2

SHA1
5d17161ed2ca97c4c50f688bdcb554f2b91a636a

SHA256
50969902e6d05c16a9f0e5d314edaef46bfdcb7743ba3175438b16921a65db7f

SHA512
4cf57c28da124b8a0198be841a2f74a56c9424a1268ee78f75cff05c66b148610c0012d97e413e15402ea6d914ec9a98517063798fc8266d4a4921f80fd2b2e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56222.exe

Filesize
184KB

MD5
2cac730f2a8d20c89918c4424ec469f6

SHA1
a34428035787ab5a7fd50beff0275ab6d8f56bcc

SHA256
349e1527a7fff5c2096045cb417c5c526288edf8ff5e566b0333e6910a8854f2

SHA512
d6556595ca21aadfe3868ec595d404cc9a7254badef37035c4b788013a6231051db4fa0f3eb72fd76064405d1dac169e8a472fe2c7e8dcc477b23f360d53ec9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe

Filesize
184KB

MD5
6f4038d8fc84283c0ee7b1b8a601b26f

SHA1
2844e8add12c4d365edb18b348fad2c830093aca

SHA256
1ea67e8877a5cf03ba0dcf7d4414cf3c583f23ca1630f4893481e903f9a02233

SHA512
396f8fe65bf4a61bdc378a81df3d178ba0a4b998497857b077821d7cebc7f05e1322d31aa7c0c9e4715ddd46aa1e8b614ef85fb9f8947dc4daee2d93fb0b7df1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6041.exe

Filesize
184KB

MD5
ae4d039589b5b0b47f84f9a63e637903

SHA1
13753d145941174a5e9f712abda98e12e94ac6df

SHA256
619e17b71f7cbe1b70af632a6209bb170e48137ef054bbe801d6227e77421003

SHA512
57319ea5c41fb17e381369cbd35286d6ef51feb08a6f9f828225179a89d43f26a6274232160ef7cce953606851b4cd721ff17dcdfcd5d9933582f92cd0683be8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60883.exe

Filesize
184KB

MD5
c760cd86d057b3e67e78bfdbf2751c82

SHA1
3faa0949921fce82ae9966d6379ddc8c055a3069

SHA256
96e40532d6044107406fca4452251ae0c5183407d371f43b35a91eda0693f8e4

SHA512
57a03721cacbe53de08dbc0d57fcff6be4fb53cba7def5e77f443c90d559a01b0216eb7e2d4dde441a8b548c2832cae120b901599e2c7615b5dfd175f67bb945

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61000.exe

Filesize
184KB

MD5
4ffb2d230ffbef16725945f339790c4d

SHA1
fc550606f1033c9aa1ee2dd29149eaec062cab9a

SHA256
30be8af974a652de203c81cadaa74f7bd6dc80afba0d5702567032ad43213601

SHA512
d51db3a213fea129d8eb68aff33d68b4258bf89233e5e6eb37a9810b7391e930500da1b7e45ba7fa74b301970526917bd6d554277c2a59246c016f211070535e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62739.exe

Filesize
184KB

MD5
c10431634b0f0a3dccfdca87e1421bfc

SHA1
a923fb07beafdd82f3e5bc52bb6a75bd3e21ce92

SHA256
870e01aff83e1a4dbe8de919daed416b92cfc0d8613c16e3f3117aaa73e013c1

SHA512
b535d2a528b57b7d386d091c848998e41085374c2e79701d8279a9bd03357267900e5ada38d71dcd91de2d4b66c57046f46049bdf74047be49c339e6a0191fcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62951.exe

Filesize
184KB

MD5
fee0ddf31e18da4963aee4b81f070bd6

SHA1
12646a6978043e958534a02edf60bcadff69da3a

SHA256
a57a59684773c852a3fc6e1d9d2e5126ec90ead15251b643d31d5ad990f22e34

SHA512
cf5f819ed666f2fcf32598519dc8d339f7cc8479968370297b8e0c2ad7e3070a062e99839cd5112547933aae7fe6f20570340c8acc4d3f8c5372086714e1fabe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7472.exe

Filesize
184KB

MD5
93c488f4eb4464e414b85b34a0387f88

SHA1
431e7de148f470f026bde011950134dc4bcdaccc

SHA256
e4b9e7001e495555e940ed2efc80b37ac44c2e6af6a454a636f497be9178d4ce

SHA512
0ea53aa9c33e058f7756e66b04f92fbfd119e586ec5e75b9f6f500302a172cfa45e6a42c8ef203b1352e2225c72dabb1df353e42876767e9a122e56e1b70ddab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9111.exe

Filesize
184KB

MD5
9b22e5f20803eb258b0c12fa295916e9

SHA1
3b8215839b458d53c2fe0957f609e34ae2221401

SHA256
94adfad25827db711322b6850c3d2416e102eded22916118b09823d7da8fc389

SHA512
3260b88af30e351d27d377ebbefadb6b6c1553e1ae5deee97272edf7590ffd4d014fada4060d4d44708fcaf4929586b6fa69a2d06b0ae39673a0cb81ff8d0ab6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads