9375ec09a1b828e1b25b51d74b3ae07b20300347afe97725a8a27610876f70a1

Analysis

max time kernel
120s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2024, 03:29 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9375ec09a1b828e1b25b51d74b3ae07b20300347afe97725a8a27610876f70a1N.exe
Size

468KB
MD5

c6d40901aa72dbf9f448f52ec2d29b40
SHA1

58bd3ae9dccc4fb2f5714d12000296116b59814f
SHA256

9375ec09a1b828e1b25b51d74b3ae07b20300347afe97725a8a27610876f70a1
SHA512

c25a57f945b846b84151c7930ff254bcee16db55e95e7b73c6f53c6d5cee294070a186cb1f024c43b307a9f08f9a93fa11299dc577ecbac72f434721c6d1a1e6
SSDEEP

3072:6JACo3lwI03YtbYgPzcYNfT/rChaxIpQn1HCOVQtNijLrwjNSulK:6J1oROYt7P4YNfx0nJNin0jNS

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
888	Unicorn-12472.exe
1624	Unicorn-16233.exe
3744	Unicorn-29039.exe
1812	Unicorn-61593.exe
2460	Unicorn-41727.exe
212	Unicorn-12392.exe
468	Unicorn-38935.exe
3004	Unicorn-15288.exe
2692	Unicorn-41447.exe
2032	Unicorn-47577.exe
348	Unicorn-31241.exe
4688	Unicorn-27327.exe
3720	Unicorn-46928.exe
1400	Unicorn-27327.exe
4432	Unicorn-46093.exe
3212	Unicorn-17993.exe
1328	Unicorn-17993.exe
1560	Unicorn-17343.exe
1604	Unicorn-57442.exe
4464	Unicorn-52393.exe
2240	Unicorn-3192.exe
4656	Unicorn-19529.exe
4996	Unicorn-62791.exe
3584	Unicorn-19721.exe
4484	Unicorn-10790.exe
4872	Unicorn-15807.exe
3972	Unicorn-32143.exe
3144	Unicorn-3384.exe
1908	Unicorn-45879.exe
824	Unicorn-45097.exe
4624	Unicorn-6102.exe
2696	Unicorn-13768.exe
4888	Unicorn-43295.exe
3892	Unicorn-63161.exe
1596	Unicorn-20697.exe
1936	Unicorn-63575.exe
3680	Unicorn-11958.exe
1564	Unicorn-53369.exe
836	Unicorn-33503.exe
2824	Unicorn-20505.exe
3728	Unicorn-51568.exe
452	Unicorn-21657.exe
2916	Unicorn-21657.exe
2656	Unicorn-44623.exe
1192	Unicorn-63959.exe
832	Unicorn-37609.exe
2848	Unicorn-37609.exe
1000	Unicorn-23769.exe
2516	Unicorn-56441.exe
4284	Unicorn-36575.exe
3580	Unicorn-7432.exe
2956	Unicorn-52912.exe
820	Unicorn-52528.exe
2464	Unicorn-40297.exe
3700	Unicorn-39721.exe
3468	Unicorn-23312.exe
64	Unicorn-17446.exe
1252	Unicorn-3711.exe
4760	Unicorn-23312.exe
4360	Unicorn-48473.exe
1360	Unicorn-31945.exe
4336	Unicorn-48400.exe
860	Unicorn-12079.exe
3508	Unicorn-808.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
6404	6076	WerFault.exe	214
17268	14920	WerFault.exe	719
15964	15548	WerFault.exe	760

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29747.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25110.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61798.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20102.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28060.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56967.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31341.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43295.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53844.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8441.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17789.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40041.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56023.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62996.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16204.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40614.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28060.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6272.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62996.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32288.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15686.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21206.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8639.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58621.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28265.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12390.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35076.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53677.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23312.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21404.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	17216	dwm.exe
Token: SeChangeNotifyPrivilege	17216	dwm.exe
Token: 33	17216	dwm.exe
Token: SeIncBasePriorityPrivilege	17216	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5004	9375ec09a1b828e1b25b51d74b3ae07b20300347afe97725a8a27610876f70a1N.exe
888	Unicorn-12472.exe
1624	Unicorn-16233.exe
3744	Unicorn-29039.exe
2460	Unicorn-41727.exe
1812	Unicorn-61593.exe
212	Unicorn-12392.exe
468	Unicorn-38935.exe
3004	Unicorn-15288.exe
2692	Unicorn-41447.exe
2032	Unicorn-47577.exe
348	Unicorn-31241.exe
3720	Unicorn-46928.exe
4688	Unicorn-27327.exe
1400	Unicorn-27327.exe
4432	Unicorn-46093.exe
3212	Unicorn-17993.exe
1328	Unicorn-17993.exe
1560	Unicorn-17343.exe
1604	Unicorn-57442.exe
4464	Unicorn-52393.exe
4484	Unicorn-10790.exe
4996	Unicorn-62791.exe
2240	Unicorn-3192.exe
3972	Unicorn-32143.exe
3584	Unicorn-19721.exe
4872	Unicorn-15807.exe
4656	Unicorn-19529.exe
1908	Unicorn-45879.exe
3144	Unicorn-3384.exe
824	Unicorn-45097.exe
4624	Unicorn-6102.exe
2696	Unicorn-13768.exe
3892	Unicorn-63161.exe
4888	Unicorn-43295.exe
1596	Unicorn-20697.exe
3680	Unicorn-11958.exe
1936	Unicorn-63575.exe
1564	Unicorn-53369.exe
836	Unicorn-33503.exe
2824	Unicorn-20505.exe
3728	Unicorn-51568.exe
452	Unicorn-21657.exe
2916	Unicorn-21657.exe
1192	Unicorn-63959.exe
2656	Unicorn-44623.exe
832	Unicorn-37609.exe
1000	Unicorn-23769.exe
2516	Unicorn-56441.exe
4284	Unicorn-36575.exe
3580	Unicorn-7432.exe
2464	Unicorn-40297.exe
2956	Unicorn-52912.exe
820	Unicorn-52528.exe
2848	Unicorn-37609.exe
3700	Unicorn-39721.exe
64	Unicorn-17446.exe
3468	Unicorn-23312.exe
1252	Unicorn-3711.exe
4760	Unicorn-23312.exe
4360	Unicorn-48473.exe
4336	Unicorn-48400.exe
860	Unicorn-12079.exe
3508	Unicorn-808.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5004 wrote to memory of 888	5004	9375ec09a1b828e1b25b51d74b3ae07b20300347afe97725a8a27610876f70a1N.exe	82
PID 5004 wrote to memory of 888	5004	9375ec09a1b828e1b25b51d74b3ae07b20300347afe97725a8a27610876f70a1N.exe	82
PID 5004 wrote to memory of 888	5004	9375ec09a1b828e1b25b51d74b3ae07b20300347afe97725a8a27610876f70a1N.exe	82
PID 888 wrote to memory of 1624	888	Unicorn-12472.exe	83
PID 888 wrote to memory of 1624	888	Unicorn-12472.exe	83
PID 888 wrote to memory of 1624	888	Unicorn-12472.exe	83
PID 5004 wrote to memory of 3744	5004	9375ec09a1b828e1b25b51d74b3ae07b20300347afe97725a8a27610876f70a1N.exe	84
PID 5004 wrote to memory of 3744	5004	9375ec09a1b828e1b25b51d74b3ae07b20300347afe97725a8a27610876f70a1N.exe	84
PID 5004 wrote to memory of 3744	5004	9375ec09a1b828e1b25b51d74b3ae07b20300347afe97725a8a27610876f70a1N.exe	84
PID 1624 wrote to memory of 1812	1624	Unicorn-16233.exe	85
PID 1624 wrote to memory of 1812	1624	Unicorn-16233.exe	85
PID 1624 wrote to memory of 1812	1624	Unicorn-16233.exe	85
PID 888 wrote to memory of 2460	888	Unicorn-12472.exe	86
PID 888 wrote to memory of 2460	888	Unicorn-12472.exe	86
PID 888 wrote to memory of 2460	888	Unicorn-12472.exe	86
PID 3744 wrote to memory of 212	3744	Unicorn-29039.exe	87
PID 3744 wrote to memory of 212	3744	Unicorn-29039.exe	87
PID 3744 wrote to memory of 212	3744	Unicorn-29039.exe	87
PID 5004 wrote to memory of 468	5004	9375ec09a1b828e1b25b51d74b3ae07b20300347afe97725a8a27610876f70a1N.exe	88
PID 5004 wrote to memory of 468	5004	9375ec09a1b828e1b25b51d74b3ae07b20300347afe97725a8a27610876f70a1N.exe	88
PID 5004 wrote to memory of 468	5004	9375ec09a1b828e1b25b51d74b3ae07b20300347afe97725a8a27610876f70a1N.exe	88
PID 2460 wrote to memory of 3004	2460	Unicorn-41727.exe	93
PID 2460 wrote to memory of 3004	2460	Unicorn-41727.exe	93
PID 2460 wrote to memory of 3004	2460	Unicorn-41727.exe	93
PID 212 wrote to memory of 2032	212	Unicorn-12392.exe	94
PID 212 wrote to memory of 2032	212	Unicorn-12392.exe	94
PID 212 wrote to memory of 2032	212	Unicorn-12392.exe	94
PID 888 wrote to memory of 2692	888	Unicorn-12472.exe	95
PID 888 wrote to memory of 2692	888	Unicorn-12472.exe	95
PID 888 wrote to memory of 2692	888	Unicorn-12472.exe	95
PID 468 wrote to memory of 348	468	Unicorn-38935.exe	96
PID 468 wrote to memory of 348	468	Unicorn-38935.exe	96
PID 468 wrote to memory of 348	468	Unicorn-38935.exe	96
PID 1624 wrote to memory of 4688	1624	Unicorn-16233.exe	97
PID 1624 wrote to memory of 4688	1624	Unicorn-16233.exe	97
PID 1624 wrote to memory of 4688	1624	Unicorn-16233.exe	97
PID 5004 wrote to memory of 3720	5004	9375ec09a1b828e1b25b51d74b3ae07b20300347afe97725a8a27610876f70a1N.exe	98
PID 5004 wrote to memory of 3720	5004	9375ec09a1b828e1b25b51d74b3ae07b20300347afe97725a8a27610876f70a1N.exe	98
PID 5004 wrote to memory of 3720	5004	9375ec09a1b828e1b25b51d74b3ae07b20300347afe97725a8a27610876f70a1N.exe	98
PID 3744 wrote to memory of 1400	3744	Unicorn-29039.exe	99
PID 3744 wrote to memory of 1400	3744	Unicorn-29039.exe	99
PID 3744 wrote to memory of 1400	3744	Unicorn-29039.exe	99
PID 1812 wrote to memory of 4432	1812	Unicorn-61593.exe	101
PID 1812 wrote to memory of 4432	1812	Unicorn-61593.exe	101
PID 1812 wrote to memory of 4432	1812	Unicorn-61593.exe	101
PID 3004 wrote to memory of 3212	3004	Unicorn-15288.exe	102
PID 3004 wrote to memory of 3212	3004	Unicorn-15288.exe	102
PID 3004 wrote to memory of 3212	3004	Unicorn-15288.exe	102
PID 2692 wrote to memory of 1328	2692	Unicorn-41447.exe	103
PID 2692 wrote to memory of 1328	2692	Unicorn-41447.exe	103
PID 2692 wrote to memory of 1328	2692	Unicorn-41447.exe	103
PID 888 wrote to memory of 1560	888	Unicorn-12472.exe	104
PID 888 wrote to memory of 1560	888	Unicorn-12472.exe	104
PID 888 wrote to memory of 1560	888	Unicorn-12472.exe	104
PID 2460 wrote to memory of 1604	2460	Unicorn-41727.exe	105
PID 2460 wrote to memory of 1604	2460	Unicorn-41727.exe	105
PID 2460 wrote to memory of 1604	2460	Unicorn-41727.exe	105
PID 4688 wrote to memory of 4464	4688	Unicorn-27327.exe	106
PID 4688 wrote to memory of 4464	4688	Unicorn-27327.exe	106
PID 4688 wrote to memory of 4464	4688	Unicorn-27327.exe	106
PID 348 wrote to memory of 4656	348	Unicorn-31241.exe	108
PID 348 wrote to memory of 4656	348	Unicorn-31241.exe	108
PID 348 wrote to memory of 4656	348	Unicorn-31241.exe	108
PID 3720 wrote to memory of 2240	3720	Unicorn-46928.exe	107

C:\Users\Admin\AppData\Local\Temp\9375ec09a1b828e1b25b51d74b3ae07b20300347afe97725a8a27610876f70a1N.exe
"C:\Users\Admin\AppData\Local\Temp\9375ec09a1b828e1b25b51d74b3ae07b20300347afe97725a8a27610876f70a1N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12472.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12472.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16233.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61593.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46093.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45097.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48473.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61929.exe
        8⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        9⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55286.exe
        10⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20275.exe
        10⤵
        
        PID:16100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63629.exe
        10⤵
        
        PID:17136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27773.exe
        10⤵
        
        PID:15524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16204.exe
        9⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47866.exe
        9⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
        8⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14809.exe
        9⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33219.exe
        8⤵
        
        PID:12580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
        8⤵
        
        PID:16896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33440.exe
        8⤵
        
        PID:18140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41679.exe
        7⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        8⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60870.exe
        9⤵
        
        PID:12704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        9⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63588.exe
        8⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63629.exe
        8⤵
        
        PID:16172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7021.exe
        8⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-294.exe
        7⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39085.exe
        7⤵
        
        PID:12608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        7⤵
        
        PID:14972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24969.exe
        7⤵
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12079.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61161.exe
        7⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24031.exe
        8⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52406.exe
        9⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        9⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38212.exe
        8⤵
        
        PID:11936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38061.exe
        8⤵
        
        PID:15480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
        8⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33055.exe
        7⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28166.exe
        8⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
        8⤵
        
        PID:13736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12509.exe
        8⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6291.exe
        7⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13260.exe
        7⤵
        
        PID:15572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
        6⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
        7⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        8⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38950.exe
        9⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53613.exe
        8⤵
        
        PID:14956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
        8⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61165.exe
        7⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23923.exe
        7⤵
        
        PID:15680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37846.exe
        6⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59719.exe
        7⤵
        
        PID:7784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61741.exe
        6⤵
        
        PID:13008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23109.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6102.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31945.exe
        6⤵
        Executes dropped EXE
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61545.exe
        7⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        8⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
        9⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3939.exe
        9⤵
        
        PID:15748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13276.exe
        9⤵
        
        PID:15484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7021.exe
        9⤵
        
        PID:17360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63588.exe
        8⤵
        
        PID:13200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63629.exe
        8⤵
        
        PID:15696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        8⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
        7⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
        8⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
        8⤵
        
        PID:14720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
        8⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49156.exe
        7⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59248.exe
        7⤵
        
        PID:1396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57440.exe
        6⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        7⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7029.exe
        8⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32288.exe
        9⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        8⤵
        
        PID:15144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54637.exe
        7⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6819.exe
        7⤵
        
        PID:15916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32966.exe
        6⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32288.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6412.exe
        6⤵
        
        PID:13168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58327.exe
        6⤵
        
        PID:400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61545.exe
        6⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40041.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        8⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45828.exe
        8⤵
        
        PID:14424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12137.exe
        8⤵
        
        PID:18260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42908.exe
        7⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17763.exe
        7⤵
        
        PID:14824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14223.exe
        6⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25110.exe
        7⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44205.exe
        7⤵
        
        PID:16076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
        7⤵
        
        PID:16632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22435.exe
        6⤵
        
        PID:11776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48813.exe
        6⤵
        
        PID:16372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
        5⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57664.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25110.exe
        7⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42092.exe
        7⤵
        
        PID:15980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62996.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35949.exe
        6⤵
        
        PID:17212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7021.exe
        6⤵
        
        PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2095.exe
        5⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55462.exe
        6⤵
        
        PID:9792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        6⤵
        
        PID:15084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        6⤵
        
        PID:15764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38230.exe
        5⤵
        
        PID:10456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe
        5⤵
        
        PID:15040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
        5⤵
        
        PID:628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27327.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52393.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20505.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19257.exe
        7⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14472.exe
        8⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        9⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37276.exe
        9⤵
        
        PID:14776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37917.exe
        8⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        8⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
        7⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        8⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56692.exe
        8⤵
        
        PID:15476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9855.exe
        8⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        7⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7676.exe
        7⤵
        
        PID:14988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
        6⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
        7⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        8⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        9⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
        9⤵
        
        PID:14668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63629.exe
        9⤵
        
        PID:17160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27773.exe
        9⤵
        
        PID:14956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        8⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56596.exe
        8⤵
        
        PID:15756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23647.exe
        7⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
        8⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30573.exe
        8⤵
        
        PID:16848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62996.exe
        7⤵
        
        PID:10652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
        6⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22761.exe
        7⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25494.exe
        8⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42092.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        7⤵
        
        PID:11416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        8⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47866.exe
        7⤵
        
        PID:17256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
        6⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40324.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39692.exe
        6⤵
        
        PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51568.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
        6⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38697.exe
        7⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        8⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35076.exe
        8⤵
        
        PID:17392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29997.exe
        8⤵
        
        PID:16088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
        8⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
        7⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56701.exe
        7⤵
        
        PID:14512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64192.exe
        6⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25110.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe
        7⤵
        
        PID:16056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31773.exe
        6⤵
        
        PID:12880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59863.exe
        6⤵
        
        PID:18208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28502.exe
        5⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63673.exe
        6⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        7⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37276.exe
        7⤵
        
        PID:14752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37917.exe
        6⤵
        
        PID:12192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61684.exe
        6⤵
        
        PID:16168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41030.exe
        6⤵
        
        PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
        5⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
        6⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50214.exe
        7⤵
        
        PID:13792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
        6⤵
        
        PID:13644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        6⤵
        
        PID:12636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20595.exe
        5⤵
        
        PID:9556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63965.exe
        5⤵
        
        PID:14920
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14920 -s 464
        6⤵
        Program crash
        
        PID:17268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28982.exe
        5⤵
        
        PID:16424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40297.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60777.exe
        6⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56761.exe
        7⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62317.exe
        8⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41113.exe
        8⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62125.exe
        7⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        7⤵
        
        PID:15220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
        6⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        7⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        7⤵
        
        PID:13556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59028.exe
        7⤵
        
        PID:15840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56644.exe
        6⤵
        
        PID:9388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40349.exe
        6⤵
        
        PID:14608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7663.exe
        5⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        6⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40870.exe
        7⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
        6⤵
        
        PID:10184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30083.exe
        6⤵
        
        PID:17152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
        6⤵
        
        PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18742.exe
        5⤵
        
        PID:8784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39085.exe
        5⤵
        
        PID:12648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        5⤵
        
        PID:17340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43865.exe
        5⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11416.exe
        6⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        7⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
        7⤵
        
        PID:15008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54637.exe
        6⤵
        
        PID:9384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6819.exe
        6⤵
        
        PID:15956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61149.exe
        5⤵
        
        PID:8572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6470.exe
        6⤵
        
        PID:15528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33219.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
        5⤵
        
        PID:3408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35126.exe
      4⤵
      PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        5⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28550.exe
        6⤵
        
        PID:8800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39731.exe
        6⤵
        
        PID:15744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9276.exe
        5⤵
        
        PID:9708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17763.exe
        5⤵
        
        PID:14800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47866.exe
        5⤵
        
        PID:1132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9199.exe
      4⤵
      PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37014.exe
        5⤵
        
        PID:9680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        5⤵
        
        PID:15068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17901.exe
        5⤵
        
        PID:18068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58022.exe
      4⤵
      PID:11000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15499.exe
      4⤵
      PID:15868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43742.exe
      4⤵
      PID:8132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41727.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41727.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15288.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17993.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-808.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1400.exe
        8⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29481.exe
        9⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        10⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18739.exe
        10⤵
        
        PID:17372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19084.exe
        9⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26141.exe
        9⤵
        
        PID:16016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        9⤵
        
        PID:16388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
        9⤵
        
        PID:17180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28092.exe
        8⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16883.exe
        8⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10477.exe
        8⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
        7⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 636
        8⤵
        Program crash
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46791.exe
        7⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55478.exe
        8⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58621.exe
        8⤵
        
        PID:15944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51565.exe
        7⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        7⤵
        
        PID:15032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44640.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
        6⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
        7⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        8⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59334.exe
        9⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        9⤵
        
        PID:14588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46526.exe
        9⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49261.exe
        8⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
        7⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
        7⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
        7⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43726.exe
        7⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46007.exe
        6⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        7⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7948.exe
        7⤵
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
        6⤵
        
        PID:8804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15043.exe
        6⤵
        
        PID:12836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44640.exe
        6⤵
        
        PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14399.exe
        6⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        7⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8389.exe
        8⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42092.exe
        8⤵
        
        PID:15988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30723.exe
        7⤵
        
        PID:13248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63629.exe
        7⤵
        
        PID:16016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        7⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-294.exe
        6⤵
        
        PID:8288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21404.exe
        6⤵
        
        PID:12968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6822.exe
        6⤵
        
        PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10246.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19081.exe
        6⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9304.exe
        7⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52406.exe
        8⤵
        
        PID:11884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        8⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
        7⤵
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
        6⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13205.exe
        7⤵
        
        PID:12488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        7⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63629.exe
        6⤵
        
        PID:8
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        6⤵
        
        PID:1004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55520.exe
        5⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45817.exe
        6⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65181.exe
        6⤵
        
        PID:7860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19571.exe
        6⤵
        
        PID:11552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15964.exe
        6⤵
        
        PID:15840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        6⤵
        
        PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55364.exe
        5⤵
        
        PID:8524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55494.exe
        5⤵
        
        PID:14492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
        5⤵
        
        PID:5660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57442.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20697.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
        6⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19081.exe
        7⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27353.exe
        8⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20678.exe
        9⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        9⤵
        
        PID:15108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44305.exe
        9⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30796.exe
        8⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33331.exe
        8⤵
        
        PID:15428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33439.exe
        7⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5109.exe
        8⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
        8⤵
        
        PID:15632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
        8⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44532.exe
        7⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39197.exe
        7⤵
        
        PID:15400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3472.exe
        7⤵
        
        PID:18172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35919.exe
        6⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45817.exe
        7⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65181.exe
        7⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19763.exe
        7⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29997.exe
        7⤵
        
        PID:15476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
        7⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11756.exe
        6⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64662.exe
        7⤵
        
        PID:15708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12889.exe
        7⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3996.exe
        6⤵
        
        PID:14348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64928.exe
        5⤵
        
        PID:636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31001.exe
        6⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21254.exe
        7⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51309.exe
        7⤵
        
        PID:14540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2835.exe
        6⤵
        
        PID:10252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12684.exe
        6⤵
        
        PID:15928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52974.exe
        6⤵
        
        PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28534.exe
        5⤵
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        6⤵
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61677.exe
        6⤵
        
        PID:13604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        6⤵
        
        PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13308.exe
        5⤵
        
        PID:9488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64548.exe
        5⤵
        
        PID:14980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
        5⤵
        
        PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63575.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
        5⤵
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52137.exe
        6⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60217.exe
        7⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        8⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37276.exe
        8⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53537.exe
        8⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12156.exe
        7⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23923.exe
        7⤵
        
        PID:15660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57856.exe
        6⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
        7⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
        7⤵
        
        PID:17328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        7⤵
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62996.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35949.exe
        6⤵
        
        PID:17132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
        6⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18239.exe
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        6⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6085.exe
        7⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10188.exe
        7⤵
        
        PID:15668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16204.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64484.exe
        6⤵
        
        PID:14996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
        6⤵
        
        PID:15480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32966.exe
        5⤵
        
        PID:8408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6421.exe
        6⤵
        
        PID:15036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60116.exe
        5⤵
        
        PID:13948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18991.exe
      4⤵
      PID:216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55609.exe
        5⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53734.exe
        6⤵
        
        PID:9628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        6⤵
        
        PID:15116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
        6⤵
        
        PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
        5⤵
        
        PID:11684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40365.exe
        5⤵
        
        PID:15324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        5⤵
        
        PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9590.exe
      4⤵
      PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        5⤵
        
        PID:9944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
        5⤵
        
        PID:15016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
        5⤵
        
        PID:1784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57101.exe
      4⤵
      PID:11044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54326.exe
      4⤵
      PID:15712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17993.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63161.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49625.exe
        6⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
        7⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe
        8⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        9⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6086.exe
        10⤵
        
        PID:16388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56301.exe
        9⤵
        
        PID:13184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        9⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20323.exe
        8⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46317.exe
        8⤵
        
        PID:16212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        7⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23366.exe
        8⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
        8⤵
        
        PID:15640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        8⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16483.exe
        7⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17475.exe
        7⤵
        
        PID:14832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39964.exe
        7⤵
        
        PID:15324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7551.exe
        7⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
        6⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        7⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26070.exe
        8⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
        8⤵
        
        PID:17108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58148.exe
        8⤵
        
        PID:17232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
        8⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14387.exe
        7⤵
        
        PID:13224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63629.exe
        7⤵
        
        PID:14720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7021.exe
        7⤵
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32966.exe
        6⤵
        
        PID:8336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39085.exe
        6⤵
        
        PID:13376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56228.exe
        6⤵
        
        PID:15744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62048.exe
        5⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18889.exe
        6⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        7⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8581.exe
        8⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54868.exe
        8⤵
        
        PID:15396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
        7⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30083.exe
        7⤵
        
        PID:17136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47866.exe
        7⤵
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45005.exe
        6⤵
        
        PID:8772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
        6⤵
        
        PID:12392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63629.exe
        6⤵
        
        PID:13680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
        6⤵
        
        PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16790.exe
        5⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36201.exe
        6⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        7⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64662.exe
        8⤵
        
        PID:16048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12889.exe
        8⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61677.exe
        7⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        7⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20323.exe
        6⤵
        
        PID:11464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15372.exe
        6⤵
        
        PID:16488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52974.exe
        6⤵
        
        PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52656.exe
        5⤵
        
        PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42900.exe
        5⤵
        
        PID:12080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30348.exe
        5⤵
        
        PID:15688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33503.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51929.exe
        5⤵
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37337.exe
        6⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38550.exe
        8⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        8⤵
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        8⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29747.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56228.exe
        7⤵
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36438.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:18388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35567.exe
        6⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18227.exe
        6⤵
        
        PID:12788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
        6⤵
        
        PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43231.exe
        5⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45817.exe
        6⤵
        
        PID:8028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65181.exe
        6⤵
        
        PID:9124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36484.exe
        6⤵
        
        PID:13004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46141.exe
        6⤵
        
        PID:14520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7021.exe
        6⤵
        
        PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41828.exe
        5⤵
        
        PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39085.exe
        5⤵
        
        PID:12588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13126.exe
      4⤵
      PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12552.exe
        5⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27945.exe
        6⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        7⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
        7⤵
        
        PID:14928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36589.exe
        6⤵
        
        PID:13232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        6⤵
        
        PID:17332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
        5⤵
        
        PID:8432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1042.exe
        6⤵
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
        5⤵
        
        PID:12352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14812.exe
        5⤵
        
        PID:16040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39886.exe
        5⤵
        
        PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9215.exe
      4⤵
      PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
        5⤵
        
        PID:9612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
        5⤵
        
        PID:512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7523.exe
      4⤵
      PID:10560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14188.exe
      4⤵
      PID:15516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17343.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17343.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        5⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40425.exe
        6⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        7⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        7⤵
        
        PID:15128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20589.exe
        7⤵
        
        PID:7192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62125.exe
        6⤵
        
        PID:10540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22665.exe
        6⤵
        
        PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31222.exe
        5⤵
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        6⤵
        
        PID:8676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45828.exe
        6⤵
        
        PID:14404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62509.exe
        5⤵
        
        PID:9464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32076.exe
        5⤵
        
        PID:14620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
      4⤵
      PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6968.exe
        5⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16409.exe
        6⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
        7⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4604.exe
        7⤵
        
        PID:14760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
        6⤵
        
        PID:10976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33331.exe
        6⤵
        
        PID:15452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47866.exe
        6⤵
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        5⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24534.exe
        6⤵
        
        PID:10120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62996.exe
        5⤵
        
        PID:10392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56967.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        5⤵
        
        PID:7952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5893.exe
        6⤵
        
        PID:12188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        6⤵
        
        PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56765.exe
        5⤵
        
        PID:11572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38832.exe
      4⤵
      PID:8752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48131.exe
        5⤵
        
        PID:13680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46756.exe
      4⤵
      PID:12600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38428.exe
      4⤵
      PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18703.exe
      4⤵
      PID:18096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11958.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11958.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51929.exe
      4⤵
      PID:208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19081.exe
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43113.exe
        6⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        7⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35076.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3708.exe
        6⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7238.exe
        7⤵
        
        PID:18088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22665.exe
        6⤵
        
        PID:456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        5⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52406.exe
        6⤵
        
        PID:11904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        6⤵
        
        PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62996.exe
        5⤵
        
        PID:10404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35949.exe
        5⤵
        
        PID:17320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18173.exe
        5⤵
        
        PID:18072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33423.exe
      4⤵
      PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29481.exe
        5⤵
        
        PID:8016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25302.exe
        6⤵
        
        PID:10568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58621.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        6⤵
        
        PID:856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48877.exe
        5⤵
        
        PID:11396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32023.exe
        5⤵
        
        PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11756.exe
      4⤵
      PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10629.exe
        5⤵
        
        PID:12800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28265.exe
        5⤵
        
        PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
      4⤵
      PID:13524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50416.exe
      4⤵
      PID:6300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9551.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9551.exe
    3⤵
    PID:1832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22921.exe
      4⤵
      PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27945.exe
        5⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7029.exe
        6⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        6⤵
        
        PID:15076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        6⤵
        
        PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53677.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57940.exe
        5⤵
        
        PID:16060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
      4⤵
      PID:8380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10629.exe
        5⤵
        
        PID:11988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
        5⤵
        
        PID:5716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
      4⤵
      PID:12440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32109.exe
      4⤵
      PID:15292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57566.exe
      4⤵
      PID:5604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23368.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23368.exe
    3⤵
    PID:5968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58534.exe
      4⤵
      PID:8012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
        5⤵
        
        PID:11560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42686.exe
        5⤵
        
        PID:16812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36780.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7603.exe
      4⤵
      PID:16412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50855.exe
      4⤵
      PID:2560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
    3⤵
    PID:9816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54548.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54548.exe
    3⤵
    PID:14636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48204.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48204.exe
    3⤵
    PID:17180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49023.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49023.exe
    3⤵
    PID:6932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29039.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29039.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12392.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12392.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47577.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19721.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23769.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27721.exe
        7⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56761.exe
        8⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
        9⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        9⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62125.exe
        8⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33331.exe
        8⤵
        
        PID:15436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12137.exe
        8⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
        7⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37974.exe
        8⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
        8⤵
        
        PID:15000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
        8⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49156.exe
        7⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1139.exe
        7⤵
        
        PID:14812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38428.exe
        7⤵
        
        PID:16084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39731.exe
        7⤵
        
        PID:15968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7663.exe
        6⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56761.exe
        7⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20678.exe
        8⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
        8⤵
        
        PID:14704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62125.exe
        7⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
        7⤵
        
        PID:15536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12137.exe
        7⤵
        
        PID:18428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31222.exe
        6⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        7⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29388.exe
        7⤵
        
        PID:13476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17523.exe
        6⤵
        
        PID:11472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        6⤵
        
        PID:16176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4949.exe
        6⤵
        
        PID:17144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2824.exe
        6⤵
        
        PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3711.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60777.exe
        6⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36956.exe
        8⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8355.exe
        8⤵
        
        PID:16144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21772.exe
        7⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23155.exe
        7⤵
        
        PID:15936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35567.exe
        6⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36484.exe
        6⤵
        
        PID:12992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
        6⤵
        
        PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4486.exe
        5⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57664.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38950.exe
        7⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42860.exe
        7⤵
        
        PID:15736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62804.exe
        6⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35949.exe
        6⤵
        
        PID:17196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
        6⤵
        
        PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9423.exe
        5⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10245.exe
        6⤵
        
        PID:13484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        5⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64311.exe
        6⤵
        
        PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10748.exe
        5⤵
        
        PID:17160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44640.exe
        5⤵
        
        PID:6416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21657.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41177.exe
        6⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14472.exe
        7⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53734.exe
        8⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
        8⤵
        
        PID:14696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37917.exe
        7⤵
        
        PID:12208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61684.exe
        7⤵
        
        PID:16140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
        7⤵
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
        6⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        7⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        7⤵
        
        PID:13572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        7⤵
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56644.exe
        6⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59226.exe
        7⤵
        
        PID:8112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
        6⤵
        
        PID:14596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4783.exe
        5⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33497.exe
        6⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        7⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23331.exe
        7⤵
        
        PID:13684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12137.exe
        7⤵
        
        PID:18080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37324.exe
        6⤵
        
        PID:10160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
        6⤵
        
        PID:14768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40564.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20393.exe
        6⤵
        
        PID:11480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12509.exe
        6⤵
        
        PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30220.exe
        5⤵
        
        PID:12616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55494.exe
        5⤵
        
        PID:17216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53861.exe
        5⤵
        
        PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63959.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24841.exe
        5⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
        6⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
        7⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        7⤵
        
        PID:13500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37324.exe
        6⤵
        
        PID:10168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
        6⤵
        
        PID:15024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36439.exe
        6⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
        5⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        6⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14534.exe
        7⤵
        
        PID:9064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
        6⤵
        
        PID:13516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        5⤵
        
        PID:9924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39965.exe
        5⤵
        
        PID:14912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16144.exe
        5⤵
        
        PID:5444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40528.exe
      4⤵
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38697.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37014.exe
        6⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        6⤵
        
        PID:15100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
        5⤵
        
        PID:11692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40365.exe
        5⤵
        
        PID:15332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        5⤵
        
        PID:14796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        5⤵
        
        PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43231.exe
      4⤵
      PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        5⤵
        
        PID:9228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4604.exe
        5⤵
        
        PID:14724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9205.exe
      4⤵
      PID:10924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9531.exe
      4⤵
      PID:15416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27327.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3384.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37609.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59241.exe
        6⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55609.exe
        7⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18739.exe
        8⤵
        
        PID:17380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58093.exe
        7⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
        7⤵
        
        PID:14672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62567.exe
        6⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14041.exe
        7⤵
        
        PID:1284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21404.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        6⤵
        
        PID:15888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41030.exe
        6⤵
        
        PID:17004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40233.exe
        6⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3381.exe
        7⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10172.exe
        7⤵
        
        PID:13308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11741.exe
        7⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55549.exe
        6⤵
        
        PID:17260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21331.exe
        6⤵
        
        PID:14920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
        6⤵
        
        PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14415.exe
        5⤵
        
        PID:8144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12245.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13277.exe
        6⤵
        
        PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12739.exe
        5⤵
        
        PID:12944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40883.exe
        5⤵
        
        PID:6196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52912.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25609.exe
        5⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7560.exe
        6⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        7⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15269.exe
        8⤵
        
        PID:15508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30486.exe
        8⤵
        
        PID:15300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        7⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        7⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20323.exe
        6⤵
        
        PID:11504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46317.exe
        6⤵
        
        PID:16220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        6⤵
        
        PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33823.exe
        5⤵
        
        PID:7172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        6⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40614.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29388.exe
        6⤵
        
        PID:13468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59028.exe
        6⤵
        
        PID:15476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56644.exe
        5⤵
        
        PID:9316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56685.exe
        5⤵
        
        PID:14688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21206.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        5⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        6⤵
        
        PID:9772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4604.exe
        6⤵
        
        PID:14784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5964.exe
        5⤵
        
        PID:16048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        5⤵
        
        PID:16100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        5⤵
        
        PID:5784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
      4⤵
      PID:8880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15573.exe
      4⤵
      PID:12828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49339.exe
      4⤵
      PID:16876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46222.exe
      4⤵
      PID:560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45879.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45879.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7432.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
        5⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29481.exe
        6⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52406.exe
        7⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        7⤵
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1804.exe
        6⤵
        
        PID:12996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40084.exe
        6⤵
        
        PID:15764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32023.exe
        6⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5891.exe
        5⤵
        
        PID:8208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48989.exe
        5⤵
        
        PID:13452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40527.exe
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6792.exe
        5⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53734.exe
        6⤵
        
        PID:9652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50836.exe
        6⤵
        
        PID:15180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62125.exe
        5⤵
        
        PID:10524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7395.exe
        5⤵
        
        PID:15604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
      4⤵
      PID:7896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
        5⤵
        
        PID:9224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42686.exe
        5⤵
        
        PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3324.exe
      4⤵
      PID:9408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27283.exe
      4⤵
      PID:17200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7289.exe
      4⤵
      PID:4816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25609.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56761.exe
        5⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        6⤵
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15564.exe
        6⤵
        
        PID:16396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20323.exe
        5⤵
        
        PID:11484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8451.exe
        5⤵
        
        PID:16232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56301.exe
        5⤵
        
        PID:15632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39731.exe
        5⤵
        
        PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33823.exe
      4⤵
      PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
        5⤵
        
        PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4412.exe
        5⤵
        
        PID:15232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        5⤵
        
        PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32819.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23887.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2070.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2070.exe
    3⤵
    PID:5308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62729.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5893.exe
        5⤵
        
        PID:10236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        5⤵
        
        PID:5276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7564.exe
      4⤵
      PID:11888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64010.exe
      4⤵
      PID:3240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6540.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6540.exe
    3⤵
    PID:8564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10245.exe
      4⤵
      PID:12348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28265.exe
      4⤵
      PID:5056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14613.exe
    3⤵
    PID:12560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33963.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33963.exe
    3⤵
    PID:17260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe
    3⤵
    PID:7188
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38935.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38935.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31241.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19529.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37609.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        6⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        7⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
        8⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3939.exe
        8⤵
        
        PID:15964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7021.exe
        8⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
        7⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30083.exe
        7⤵
        
        PID:17168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
        7⤵
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
        6⤵
        
        PID:8424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
        6⤵
        
        PID:12372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42190.exe
        6⤵
        
        PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54944.exe
        5⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38697.exe
        6⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        7⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45879.exe
        8⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        7⤵
        
        PID:13548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20323.exe
        6⤵
        
        PID:11492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63229.exe
        6⤵
        
        PID:16184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17789.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:18420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12390.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62566.exe
        6⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58221.exe
        6⤵
        
        PID:13692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        6⤵
        
        PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46941.exe
        5⤵
        
        PID:10440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31683.exe
        5⤵
        
        PID:14680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36575.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25417.exe
        5⤵
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17295.exe
        6⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
        7⤵
        
        PID:12240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        7⤵
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45700.exe
        6⤵
        
        PID:12072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
        6⤵
        
        PID:16152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21331.exe
        6⤵
        
        PID:14748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22665.exe
        6⤵
        
        PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53734.exe
        6⤵
        
        PID:9636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        6⤵
        
        PID:15092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51373.exe
        5⤵
        
        PID:12128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
        5⤵
        
        PID:17360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10239.exe
        5⤵
        
        PID:4844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
      4⤵
      PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        5⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20678.exe
        6⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        6⤵
        
        PID:15060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        6⤵
        
        PID:16872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62125.exe
        5⤵
        
        PID:10548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10380.exe
        5⤵
        
        PID:15612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        5⤵
        
        PID:14396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
        5⤵
        
        PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
      4⤵
      PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        5⤵
        
        PID:8260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        5⤵
        
        PID:13532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53844.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48012.exe
      4⤵
      PID:14856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60784.exe
      4⤵
      PID:6412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15807.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39721.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        7⤵
        
        PID:17280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9676.exe
        6⤵
        
        PID:12448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
        6⤵
        
        PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38255.exe
        5⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33219.exe
        5⤵
        
        PID:13384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64893.exe
        5⤵
        
        PID:15484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56672.exe
      4⤵
      PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17295.exe
        5⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28166.exe
        6⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30486.exe
        7⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
        6⤵
        
        PID:13744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        6⤵
        
        PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50221.exe
        5⤵
        
        PID:12020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        5⤵
        
        PID:15340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38428.exe
        5⤵
        
        PID:15216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39731.exe
        5⤵
        
        PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31414.exe
      4⤵
      PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        5⤵
        
        PID:10188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        5⤵
        
        PID:14628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61518.exe
        5⤵
        
        PID:1264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55213.exe
      4⤵
      PID:9812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
      4⤵
      PID:15876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17446.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17446.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:64
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19302.exe
      4⤵
      PID:6848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37014.exe
        5⤵
        
        PID:9696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        5⤵
        
        PID:15136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26349.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34445.exe
      4⤵
      PID:10884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4595.exe
      4⤵
      PID:15556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
      4⤵
      PID:5692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27264.exe
    3⤵
    PID:5380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exe
      4⤵
      PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62182.exe
        5⤵
        
        PID:8032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25356.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        5⤵
        
        PID:1172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
      4⤵
      PID:11708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55549.exe
      4⤵
      PID:12636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
      4⤵
      PID:1932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25734.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25734.exe
    3⤵
    PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37766.exe
        5⤵
        
        PID:16072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59226.exe
        5⤵
        
        PID:3956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47453.exe
      4⤵
      PID:13696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
      4⤵
      PID:5464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37308.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37308.exe
    3⤵
    PID:9496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16454.exe
      4⤵
      PID:7072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15493.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15493.exe
    3⤵
    PID:14848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
    3⤵
    PID:7724
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46928.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46928.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3192.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3192.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56441.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8639.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46201.exe
        6⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6085.exe
        7⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3939.exe
        7⤵
        
        PID:14796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        7⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16204.exe
        6⤵
        
        PID:10916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47866.exe
        6⤵
        
        PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32966.exe
        5⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22749.exe
        5⤵
        
        PID:12516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        5⤵
        
        PID:17348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22665.exe
        5⤵
        
        PID:15684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7663.exe
      4⤵
      PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10629.exe
        6⤵
        
        PID:12876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
        6⤵
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
        5⤵
        
        PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
      4⤵
      PID:8812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23709.exe
      4⤵
      PID:12844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4803.exe
      4⤵
      PID:17248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
      4⤵
      PID:5144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52528.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52528.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11000.exe
      4⤵
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58681.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62317.exe
        6⤵
        
        PID:10632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
        6⤵
        
        PID:15524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45981.exe
        5⤵
        
        PID:10604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
        5⤵
        
        PID:15548
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15548 -s 436
        6⤵
        Program crash
        
        PID:15964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
      4⤵
      PID:7376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        5⤵
        
        PID:8456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15269.exe
        6⤵
        
        PID:15968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48634.exe
        6⤵
        
        PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        5⤵
        
        PID:13564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59028.exe
        5⤵
        
        PID:17180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
      4⤵
      PID:9524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23629.exe
      4⤵
      PID:14872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5501.exe
      4⤵
      PID:6868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
    3⤵
    PID:5400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51385.exe
      4⤵
      PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
        5⤵
        
        PID:9588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4412.exe
        5⤵
        
        PID:15208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
      4⤵
      PID:10984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33331.exe
      4⤵
      PID:15444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
    3⤵
    PID:7428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58358.exe
      4⤵
      PID:11628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20764.exe
      4⤵
      PID:16192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20035.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20035.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:12500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10239.exe
    3⤵
    PID:5944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10790.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10790.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21657.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21657.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34249.exe
      4⤵
      PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
        5⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27945.exe
        6⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43302.exe
        7⤵
        
        PID:13220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28265.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1788.exe
        6⤵
        
        PID:11444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47866.exe
        6⤵
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
        5⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
        6⤵
        
        PID:9368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
        5⤵
        
        PID:12424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31341.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42847.exe
      4⤵
      PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13173.exe
        5⤵
        
        PID:7932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30540.exe
        5⤵
        
        PID:13828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        5⤵
        
        PID:1536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46644.exe
      4⤵
      PID:9712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40541.exe
      4⤵
      PID:14732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21311.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21311.exe
    3⤵
    PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38697.exe
      4⤵
      PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53734.exe
        5⤵
        
        PID:9568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51309.exe
        5⤵
        
        PID:14548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
      4⤵
      PID:11724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40365.exe
      4⤵
      PID:15196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
      4⤵
      PID:15252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
      4⤵
      PID:5740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2895.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2895.exe
    3⤵
    PID:7372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12739.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12739.exe
    3⤵
    PID:12960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
    3⤵
    PID:3472
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8120.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8120.exe
    3⤵
    PID:1744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47337.exe
      4⤵
      PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58534.exe
        5⤵
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19478.exe
        6⤵
        
        PID:14388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55421.exe
        5⤵
        
        PID:13208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7219.exe
        5⤵
        
        PID:17128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19142.exe
        5⤵
        
        PID:15796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51933.exe
      4⤵
      PID:9824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
      4⤵
      PID:15048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14044.exe
      4⤵
      PID:16416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
      4⤵
      PID:1668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
    3⤵
    PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
      4⤵
      PID:9644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
      4⤵
      PID:15160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
      4⤵
      PID:1032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
    3⤵
    PID:10968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62461.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62461.exe
    3⤵
    PID:15776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32009.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32009.exe
  2⤵
  PID:1520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38697.exe
    3⤵
    PID:6344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
      4⤵
      PID:8736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45222.exe
        5⤵
        
        PID:13728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28265.exe
        5⤵
        
        PID:4128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15564.exe
      4⤵
      PID:16404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52974.exe
      4⤵
      PID:6872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9660.exe
    3⤵
    PID:9800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18339.exe
    3⤵
    PID:14712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54126.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54126.exe
  2⤵
  PID:7016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
    3⤵
    PID:8588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6470.exe
      4⤵
      PID:6276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
    3⤵
    PID:13508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58551.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58551.exe
    3⤵
    PID:6476
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27508.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27508.exe
  2⤵
  PID:9244
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58365.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58365.exe
  2⤵
  PID:14880
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21167.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21167.exe
  2⤵
  PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6076 -ip 6076
1⤵
PID:6856

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:17216

Network

DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

0.204.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.204.248.87.in-addr.arpa

IN PTR

Response

0.204.248.87.in-addr.arpa

IN PTR

https-87-248-204-0lhrllnwnet
DNS

23.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.159.190.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

19.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.229.111.52.in-addr.arpa

IN PTR

Response
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

0.204.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.204.248.87.in-addr.arpa
8.8.8.8:53

23.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

23.159.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

19.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

19.229.111.52.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10790.exe

Filesize
468KB

MD5
5ef012fe45541829f25e4df926876b03

SHA1
ec67390b7e8d1d1e85461a87781e6e7e1389dd87

SHA256
698b493ed09246c935337dbe1290c1b8c3d40a4b21253142abbc3652c8d07434

SHA512
183b69423c8efc4ad257d640a0a397e637fd838974ef3fd712e3097ef2447f8dbb418c1b84a7477e15ddc8b6a92f03aebc8e6457f727a0c7895ef924e243c002

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12392.exe

Filesize
468KB

MD5
ab35aad76f2a020b6248953cf9e1b494

SHA1
8b161ea228ce59808873fd42e802708d1ee71745

SHA256
bac59ce48ea8398c825c4be811ed9bb1a0f6f93b34e39c6071a6735e0feb3844

SHA512
34bb1843db7daccc26ec1d4a8c9def43f64c71f1c91164f2926fb31bc2a82fec8b378fb074ed178c690eded41d2759dd73f29db85dca5f17534dce5304afcb6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12472.exe

Filesize
468KB

MD5
11bb99c5b8129891815db44a71958ec8

SHA1
c8961e115ba36089267cf43867cfe5c60d4eb0b8

SHA256
0a8d1cc9f2b6e36cd614004c5e55b8a5f4d40039d84f5401596d989b55d24802

SHA512
8380c2f9f45418b43711a8d5df0f2a169d11340c86e0cbf58754e28f744da5148eac05d84b20cd9a85fe353ecb60182c974e67256bc842ba79816f3add3ff4a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe

Filesize
468KB

MD5
f69d3d776c3c1ebdf588476ced5349b6

SHA1
b1750167dbf66350d8039fdc008bdb9f3b6ede0f

SHA256
968dcf86494fc98018e4634ca332c5f042d9d4d2cbd662df41e6f66d5e2ac5fa

SHA512
abcac59a3840e041b80d71f2be4f859fbbe29e3a3cd34b565ef8aa8f33d91cadeb245dc92e8ebc87eb86b972cf745b9249f74e7904aa98aac5097822859ea2ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15288.exe

Filesize
468KB

MD5
5b93346e243ac1b7da4eaf9e66a3db31

SHA1
76c77ad7987930eb3c9e0ac70e10547bbb2d388c

SHA256
8b59d7a3280a7c42787d8fea0804b8cc6c7434557a546326cfdd5a9e607b6820

SHA512
d0c0d67b794267324549961f20606d048b642136f21d1d8546d9ba559da2d75028d6beece08e142a88339c7fe41b643305c2d5242543b6a464cef2f48f99eec2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15807.exe

Filesize
468KB

MD5
0fe394f89ed0ca870cf2f5ecece9f2db

SHA1
6751a62d7f380194346b22f247bd70a0f7b06f93

SHA256
3290f69bb68aa31281984a2c69400ede9a9f8f7d0b44bc3a8343213c70bd7667

SHA512
02108c855fa210293b1f54984f8be12b86be7c449f8a9e28af93d457b9337116c444a831acc300465d24cf6a53e469b3fdc111d57a363040a90f504722ccde7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16233.exe

Filesize
468KB

MD5
0cdc38084e6c0bec2ee00ca45b3c8b48

SHA1
bec38c40e5f0633e98964577a8d07d9ab560b1b9

SHA256
d1b5a2c1719781094de94f27c8580ac0706a9502261c0e440f821bcabcbb9f21

SHA512
c2b20d0330e0465a8fed15f0dec9e540d1804e9f18f8cb6bf8583990409eff90532075d36b7b4d390152482d00e308ca7f6ed2642cac8089cab037ffc902b21b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17343.exe

Filesize
468KB

MD5
591d40ea9b7adb294d2609da93d4f72d

SHA1
4397172588e34316abac99cfba425f79a958ee15

SHA256
36fc0ff06fe9ce4cc94ef064eec3d2725e9e99783d13ee961f94663a337b8299

SHA512
2912c16349f879d84da491c73276604c4893944acd1d359c7b1686759842675af9a2ee3ef6e2345736684e0fc04e17a058eafc2dc7f5e15320585966b2844db2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17993.exe

Filesize
468KB

MD5
3360d2103e33ff3c4cb355e4f93daa19

SHA1
204ddc837148a40de08237b1f06597ce74660ea6

SHA256
dda5efb16487bbb98887590af0a36631bf550354279e2998970aa406f515db81

SHA512
5e9351345517a14cf6b42fa39eb79262ddaedbffe46bfd0f0f0a5590e8d91a471122722ccd470536324a8342df421d011cbd8546cbd73bf53129703287008966

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19529.exe

Filesize
468KB

MD5
aa8d2c85e1daf466dbbdad86456442e2

SHA1
56042c566aa0a2ea2bc9fa0dfbf2856a366a0532

SHA256
2953b7c2f80ece44e8499deb79e4da241ba1aab3027e9664b1a46ea3c8c9ce8b

SHA512
f9d0ae67653ce9189af475a8788c81732ee6510e180feae18e7976175c02c972cf62397e2d082589992d4c9790a311027ba41cd9cf168bbfdf69cacbe894f544

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19721.exe

Filesize
468KB

MD5
e3b7812e0fd271a836a6210ee99cab6a

SHA1
89519eabf113e17aaea3326e6edab01c10205be7

SHA256
d4708f84638d125bad8713040c607525c1e13d4a475d970ce8c459a97d90f8da

SHA512
8423d75d82c06a647242451341af2a9884b45b0ff27d68955bf57668c466abb01d5cc900c44bc837445e3c7f942b118ac5368bc8af1477feeb764546b367fca9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27327.exe

Filesize
468KB

MD5
902d1646f7005a08f1ae5debb8f7903c

SHA1
3cf838d98d40cfa38867f4e5c64c25df65ab9fd0

SHA256
5264d9fdac07c5c8137e6daa5be90a4fc0ae2e964b192d1b23187a31b6070201

SHA512
e06817486fa4e68986ed446f79af59ff34b2cb9190e861f37b45c3f8286ea72cb43f49ac6c3897be4c2744a6dc9c2785d26a0d975db156a3b35b2053e6e2a52f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29039.exe

Filesize
468KB

MD5
b5a5db4c005bdeecce9e426baca1e15b

SHA1
dc2bf2e1559c0aa734df6f27932fb26c974e4ecd

SHA256
cf662c437d18e344d4aaaee82763fb0780b4d9dc97650bc260efcb92984b64e6

SHA512
27624005a9f8ad9f720592c48b8356a49654871a5561ee38bd0645daade132d77f1ee3c567d1e51e19840366f81d2d9e5c4ce3e5a4943a1d6d20715b364e17d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31241.exe

Filesize
468KB

MD5
3dbeb6bf4f6a055a69b7d524dccc2a1d

SHA1
a77e5f81f9cc383ac44b9c74ee1ff2e117ecc9c8

SHA256
359e29e110213f3b7ce2e5c4cc23cac579d31c10337b9326a06dcaeaeb7a7f8f

SHA512
76bc292354dade6cc223c02750a344f8cf0ae9ccfc076bc23e5d523b6353ed4b609e6558950030bed07b524a47b825949e82b7f4e78bf922dfcf4dcd31bd5b8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3192.exe

Filesize
468KB

MD5
486dddd98ede0afc0c2826bf86ac016c

SHA1
1439f3af85b900d3b2c3eabbe7073a45d4dbdef7

SHA256
e18a4372e8749fdc4eae0b0d640470594b20a34609a096fe14aff39ad3c2e947

SHA512
c08bbc160106f4a1ac52deda80b6933491fc3ed34b5f5baa1f2ab8dba39829365b67f7160f55669a245ac33504d16f734cf2745b331dcff34b698724312f6687

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe

Filesize
468KB

MD5
59ffc8043de42988b116333ba3adac6e

SHA1
e662cf215eccfda603d7ac694a5889552d2e0cbe

SHA256
e068105d8aa12066ec4fe5b911d59d7e9920c58cc30e96e5f19e588b56f696ce

SHA512
944d341058e08055e9f6f872889c9737269198b61ba38a40f6e54ff437ef7c0a8beeb14423d2f0c43bcc2b7f63cff12d12eeddbdfe78dc953460d455706684ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3384.exe

Filesize
468KB

MD5
7f1f20790025b5e2c0db7279a1c6347d

SHA1
82ed6a6b4e25e06eee8e5e87708cb571976c3f67

SHA256
9ec4cfee987da81a24f1da636c73d044555a8081a50d5d3341843cc4a7ad0f26

SHA512
776a0a6e2d23c0bbc93a1d588db3c267f9de69f33280464c3e5945696511f1c1cbd7872d1adb7aa2ea954e4bb4d7bb66052d9ee73cfb0f9be472a661c7901bc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38935.exe

Filesize
468KB

MD5
e73ac33600bc9bded1182223c081d664

SHA1
b0d13c173b7caf89778ec2b7da752c16c60ec74a

SHA256
1604ec1d97d29527049d64b01ee9ed140f7626ebeb3acd7e502557f39763052f

SHA512
7db136d6194ede33f3932eb7f77cde114b5539b04aa49050922733e8e03db52fb7e46d0087da110680cb43df5f8b028ee041b9a7022057b89345a5441025a01e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe

Filesize
468KB

MD5
ecf288f34f33bdba30a7e8a7eb082593

SHA1
c752053d13194d736232dae1b7983cd4320520bd

SHA256
d83edb16602c706ae66ad7185a4c0f3f21cdf16711fcc4555e79efebaf3d9550

SHA512
06912729e19cf24eca576df02b7fa61ae29cc07e9860007c0da56600e610dc7451b0be95b576e4e223a5dba8c3947a3e93e6b82ecbbdbe5308feb1da1efc69e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41727.exe

Filesize
468KB

MD5
2810f7060177abb47eb7e9760d48fc0c

SHA1
e4504d877b2eb81b061cb90fa2f775953c1a119a

SHA256
757e7e88b7d37911afba0dc6e804bfbb2f0f2429b407ead590cd50ec37ea3b11

SHA512
fb07e8dc171348327f510fcdd15777a2bd2dcfaa77e7c9458cbbbed297688c7f81703eba6d023764048c3f6feba6aaa3910ec85015410746612dbba6052db179

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe

Filesize
468KB

MD5
1eebfc30c4dc66bfab285647ca696264

SHA1
69d6a991a6145e71f64a173cd6813c7adf510308

SHA256
5b9729cc78ae019e48b7284852cf9fcf8d7199393de3f53a3177567462768f63

SHA512
631ee737b0e1adfe7d0c0b3ba4a2c782406ab1b33e33c56e3ee318738ad8601e6f593b9bbf19cdf5fe6ac1197f2292048005de91503f1478a2db264b42ca7a98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45097.exe

Filesize
468KB

MD5
804b66ad68fb69f9164d8d49057f0b7b

SHA1
f797f00dc23a11ca4363afcdfb3861bcc1309c8c

SHA256
a138fa22ced49cee50f5560a94b8c2989914986bcca3a13c007840b8dfb04121

SHA512
61b484b10f9be0a57d2568440ca0c1d6eaef5ae97a399b18b89c83677c2a6779987134ade62f5bfd8dac4c9906898542c8e124414b1333577292c24bc62fa038

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45879.exe

Filesize
468KB

MD5
2e385bad662edeee784fb8a2619a7414

SHA1
b42d7059b3ed53ed2b3b5dd93a44ba9399f251eb

SHA256
cb70d5660d54616058954727df7a14306de943a24b215a3c0a8be850d63aad79

SHA512
d3b84d4d3026f816585d5db3358e7050b83ddba077f3bdfef1e4baafc1a9ece4ba0d3459d1adf13898833e89e4d29e6c45b6573fffd58e43286e1bf081759f96

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46093.exe

Filesize
468KB

MD5
1e07354b4e8b95439cb6d49bbbac0c5b

SHA1
546c34e1bd21eb00a3e29836cb3b07ef1ae52c00

SHA256
b669a4c89f6bc11ea3dcafbca1b31558a36bd19682c0a1de7d4311a455349b9f

SHA512
48d0a77ec1f0a8840b503e4219e9b0675601c120ee99127fbe3968a2e4052e0b183e807ce487d3f133313fddbc42a5edc6e1c789970dec40f3152dff6d3f2951

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46928.exe

Filesize
468KB

MD5
b766cbae3929bf85e82f05257cc31939

SHA1
7ba849a520ae1c6b2a5424802728a03d72cf5536

SHA256
0abdc9ae327f33a879da482ca1d18ae4e30fa181a104c02e1024ca7806fafa1b

SHA512
8d1f9ae7f3fd3fea54980d10e65c3af4ecd05b7bb23f482b771a17661c7b46b88265d87bd74918007fa877ad1ba8a9974cc9c98d63db138d97c08c222850e33f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47577.exe

Filesize
468KB

MD5
f90b37ed3b50626465824f24bfa0930f

SHA1
342b4bce14fe89a7a9ce784e8aee021df3d7c846

SHA256
25aa8647245d93566b4cb0edd9922da5b4d2ee795a96ebd6ae31f08cafea53ef

SHA512
70237b032aedeab7f5c4df473681b8e5e33f921a4b2f06730b51ddd71c43fad929b8bbca04aad57ec4686c4b2e72ec5de24ca276e2dd04d1f358d639f7dc2266

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52393.exe

Filesize
468KB

MD5
abc2b0d63e0431679412c38f8b71bff1

SHA1
6356afd2566cbc234a69a8ec6947d33e2dad3ceb

SHA256
4f366f35749eff79d4819c2cae55b3951536461af73371fabb6b38d71b0b37d4

SHA512
9662586098894affc71a859bb57e098611b8dfaf5815f50b9733c6d6ff597293d503c3e1fad83f1cbd3b3368954bd4e17d480df6e019a44ece92dfaa39bc573e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57442.exe

Filesize
468KB

MD5
723b0c01585dfcb320420218fff1fd9b

SHA1
2d8cc3d9b572400652459298812258e578bb3683

SHA256
a203134df6161f22d869f0df80daac41caf1c8792e9d6edd29a8b58fae3bd6c2

SHA512
5b16fe48ff89d92c20957b88bd0fb30b0035286987f841c767e280bb9dff93f259ccf649fea54e8a0d9a16c0817dff03e4ca09001509388ea4c3759c78aa94ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6102.exe

Filesize
468KB

MD5
7e4ed0c65d603f6caa8cee1e5f1782bf

SHA1
181cfac61c7c9ebb28e4ea336f24ce2884f314b3

SHA256
941750fed64b3d35e64ccc2fd618b67384d9cd516f571ff25f7f9f6c0da7a6ad

SHA512
b008825fbdcdbcbeddda42ef5546d0b05b516d64f56d7bd8e67b8680b458e534660d3cc160aeb3148cf258024e660c5663182242ae4951c8b7bf9adbe2974e78

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61593.exe

Filesize
468KB

MD5
770a41414cca3cd817c3ad0a03e76787

SHA1
8acd06b362b1adc3be115caf928b8924f18bbe77

SHA256
1f5da4df163f56c4b301e8c5cdd592220c3d5cdba3ac70ffb39790819ce119e3

SHA512
7b00b872ce39d25fb572f3ede2df4b5732e691b0149710c3bd0938f8e611314d7554eb12530aad9c6fd0a21ddd872b765220d9e858742f87837b76ee772b3092

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe

Filesize
468KB

MD5
8198aaa3a00fd4ccca5ee6512f1a2de7

SHA1
8de8e9d3126d745e2d5ae02ed3c14fdea89afbac

SHA256
7d66cc102a0635da3a8aa6010ecb392e1568e1c24382111bd105686822a0ffa7

SHA512
f13fe0f4eaa687f257a715345c4e473d64da9e005e4a505758fabff16078f9b1a7de559bc24bfa67e524e435ef423ae140d61f77c8634d56420f3769cec4a9bb

Download Submit
memory/15744-2577-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16016-2376-0x0000000075460000-0x00000000754D5000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.