cddaa9c5d2d4f60b7cda516d4b513d0b7ce269bef7796f2903ec8c7d144414fb

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 03:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cddaa9c5d2d4f60b7cda516d4b513d0b7ce269bef7796f2903ec8c7d144414fb.exe
Size

468KB
MD5

dd67cf75da78ef18bc811b8f8ce9d514
SHA1

07753006b81a6e8f2d2c986ebd534fd04ca71409
SHA256

cddaa9c5d2d4f60b7cda516d4b513d0b7ce269bef7796f2903ec8c7d144414fb
SHA512

5ff3de73c314e340b836754192d274d2d365244909509032d1b659fb3e61e1dedfd8b4a951e6e51d52a9f0821135cc4a682b0eb88c4b1b611356dbd68faf4de2
SSDEEP

3072:ITfDogIdP08usbYNWbi/Vf8/Prhjt7pG9dHetVpbSO633GD/oblZ:ITLo35usSWW/VfGF/BSOYWD/o

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
208	Unicorn-32750.exe
1724	Unicorn-22195.exe
2584	Unicorn-2329.exe
2580	Unicorn-41619.exe
4680	Unicorn-48142.exe
4156	Unicorn-44613.exe
2016	Unicorn-58348.exe
724	Unicorn-19313.exe
1184	Unicorn-35457.exe
4388	Unicorn-51601.exe
1268	Unicorn-35457.exe
3108	Unicorn-29326.exe
2632	Unicorn-15591.exe
4820	Unicorn-50952.exe
5016	Unicorn-26774.exe
4368	Unicorn-38545.exe
3572	Unicorn-29478.exe
4300	Unicorn-56033.exe
4304	Unicorn-14870.exe
5008	Unicorn-41233.exe
3736	Unicorn-43102.exe
1644	Unicorn-52032.exe
3052	Unicorn-52032.exe
2020	Unicorn-57185.exe
2184	Unicorn-34334.exe
2592	Unicorn-40465.exe
2512	Unicorn-18190.exe
5052	Unicorn-4455.exe
3928	Unicorn-51383.exe
4456	Unicorn-34705.exe
760	Unicorn-42742.exe
2244	Unicorn-34321.exe
432	Unicorn-23229.exe
1796	Unicorn-37440.exe
1100	Unicorn-54160.exe
3288	Unicorn-39255.exe
3756	Unicorn-15165.exe
2368	Unicorn-5239.exe
2608	Unicorn-36288.exe
1244	Unicorn-51839.exe
1828	Unicorn-7543.exe
224	Unicorn-13615.exe
4832	Unicorn-29376.exe
2072	Unicorn-63480.exe
3600	Unicorn-14279.exe
4852	Unicorn-34145.exe
5056	Unicorn-33496.exe
4224	Unicorn-12463.exe
4200	Unicorn-31296.exe
4292	Unicorn-13598.exe
4452	Unicorn-47824.exe
4092	Unicorn-35800.exe
1672	Unicorn-64352.exe
2224	Unicorn-10798.exe
2220	Unicorn-10599.exe
1732	Unicorn-16199.exe
1648	Unicorn-32064.exe
4804	Unicorn-15535.exe
856	Unicorn-31030.exe
928	Unicorn-17351.exe
2424	Unicorn-17054.exe
5084	Unicorn-64736.exe
1188	Unicorn-1622.exe
2448	Unicorn-13584.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
5864	5584	WerFault.exe	178
6456	4832	WerFault.exe	136
9064	5584	WerFault.exe	178
9048	4832	WerFault.exe	136
15656	14836	WerFault.exe	694
15864	14040	WerFault.exe	657

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58736.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36439.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32271.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47945.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35750.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30002.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39017.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42742.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42600.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50871.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35878.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49986.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40945.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56033.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34755.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38166.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44711.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52936.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19553.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40375.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24033.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51902.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41121.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36719.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63871.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24886.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63927.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8556.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5453.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14022.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13750.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44608.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2351.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40945.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64670.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24033.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	5744	dwm.exe
Token: SeChangeNotifyPrivilege	5744	dwm.exe
Token: 33	5744	dwm.exe
Token: SeIncBasePriorityPrivilege	5744	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1772	cddaa9c5d2d4f60b7cda516d4b513d0b7ce269bef7796f2903ec8c7d144414fb.exe
208	Unicorn-32750.exe
1724	Unicorn-22195.exe
2584	Unicorn-2329.exe
2580	Unicorn-41619.exe
4156	Unicorn-44613.exe
4680	Unicorn-48142.exe
2016	Unicorn-58348.exe
724	Unicorn-19313.exe
4820	Unicorn-50952.exe
1184	Unicorn-35457.exe
1268	Unicorn-35457.exe
3108	Unicorn-29326.exe
5016	Unicorn-26774.exe
2632	Unicorn-15591.exe
4388	Unicorn-51601.exe
4368	Unicorn-38545.exe
3572	Unicorn-29478.exe
4300	Unicorn-56033.exe
4304	Unicorn-14870.exe
5008	Unicorn-41233.exe
3736	Unicorn-43102.exe
1644	Unicorn-52032.exe
3052	Unicorn-52032.exe
2020	Unicorn-57185.exe
2512	Unicorn-18190.exe
2184	Unicorn-34334.exe
5052	Unicorn-4455.exe
2592	Unicorn-40465.exe
3928	Unicorn-51383.exe
4456	Unicorn-34705.exe
760	Unicorn-42742.exe
2244	Unicorn-34321.exe
432	Unicorn-23229.exe
1796	Unicorn-37440.exe
1100	Unicorn-54160.exe
3288	Unicorn-39255.exe
3756	Unicorn-15165.exe
2608	Unicorn-36288.exe
2368	Unicorn-5239.exe
1244	Unicorn-51839.exe
1828	Unicorn-7543.exe
224	Unicorn-13615.exe
4832	Unicorn-29376.exe
2072	Unicorn-63480.exe
3600	Unicorn-14279.exe
4852	Unicorn-34145.exe
5056	Unicorn-33496.exe
4224	Unicorn-12463.exe
4200	Unicorn-31296.exe
1732	Unicorn-16199.exe
4292	Unicorn-13598.exe
4452	Unicorn-47824.exe
1672	Unicorn-64352.exe
2224	Unicorn-10798.exe
4092	Unicorn-35800.exe
2220	Unicorn-10599.exe
4804	Unicorn-15535.exe
1648	Unicorn-32064.exe
2424	Unicorn-17054.exe
856	Unicorn-31030.exe
928	Unicorn-17351.exe
1188	Unicorn-1622.exe
5084	Unicorn-64736.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1772 wrote to memory of 208	1772	cddaa9c5d2d4f60b7cda516d4b513d0b7ce269bef7796f2903ec8c7d144414fb.exe	87
PID 1772 wrote to memory of 208	1772	cddaa9c5d2d4f60b7cda516d4b513d0b7ce269bef7796f2903ec8c7d144414fb.exe	87
PID 1772 wrote to memory of 208	1772	cddaa9c5d2d4f60b7cda516d4b513d0b7ce269bef7796f2903ec8c7d144414fb.exe	87
PID 208 wrote to memory of 1724	208	Unicorn-32750.exe	88
PID 208 wrote to memory of 1724	208	Unicorn-32750.exe	88
PID 208 wrote to memory of 1724	208	Unicorn-32750.exe	88
PID 1772 wrote to memory of 2584	1772	cddaa9c5d2d4f60b7cda516d4b513d0b7ce269bef7796f2903ec8c7d144414fb.exe	89
PID 1772 wrote to memory of 2584	1772	cddaa9c5d2d4f60b7cda516d4b513d0b7ce269bef7796f2903ec8c7d144414fb.exe	89
PID 1772 wrote to memory of 2584	1772	cddaa9c5d2d4f60b7cda516d4b513d0b7ce269bef7796f2903ec8c7d144414fb.exe	89
PID 1724 wrote to memory of 2580	1724	Unicorn-22195.exe	94
PID 1724 wrote to memory of 2580	1724	Unicorn-22195.exe	94
PID 1724 wrote to memory of 2580	1724	Unicorn-22195.exe	94
PID 2584 wrote to memory of 4680	2584	Unicorn-2329.exe	95
PID 2584 wrote to memory of 4680	2584	Unicorn-2329.exe	95
PID 2584 wrote to memory of 4680	2584	Unicorn-2329.exe	95
PID 208 wrote to memory of 4156	208	Unicorn-32750.exe	97
PID 208 wrote to memory of 4156	208	Unicorn-32750.exe	97
PID 208 wrote to memory of 4156	208	Unicorn-32750.exe	97
PID 1772 wrote to memory of 2016	1772	cddaa9c5d2d4f60b7cda516d4b513d0b7ce269bef7796f2903ec8c7d144414fb.exe	96
PID 1772 wrote to memory of 2016	1772	cddaa9c5d2d4f60b7cda516d4b513d0b7ce269bef7796f2903ec8c7d144414fb.exe	96
PID 1772 wrote to memory of 2016	1772	cddaa9c5d2d4f60b7cda516d4b513d0b7ce269bef7796f2903ec8c7d144414fb.exe	96
PID 2580 wrote to memory of 724	2580	Unicorn-41619.exe	99
PID 2580 wrote to memory of 724	2580	Unicorn-41619.exe	99
PID 2580 wrote to memory of 724	2580	Unicorn-41619.exe	99
PID 4680 wrote to memory of 1184	4680	Unicorn-48142.exe	101
PID 4680 wrote to memory of 1184	4680	Unicorn-48142.exe	101
PID 4680 wrote to memory of 1184	4680	Unicorn-48142.exe	101
PID 4156 wrote to memory of 4388	4156	Unicorn-44613.exe	100
PID 4156 wrote to memory of 4388	4156	Unicorn-44613.exe	100
PID 4156 wrote to memory of 4388	4156	Unicorn-44613.exe	100
PID 2016 wrote to memory of 1268	2016	Unicorn-58348.exe	102
PID 2016 wrote to memory of 1268	2016	Unicorn-58348.exe	102
PID 2016 wrote to memory of 1268	2016	Unicorn-58348.exe	102
PID 208 wrote to memory of 3108	208	Unicorn-32750.exe	103
PID 208 wrote to memory of 3108	208	Unicorn-32750.exe	103
PID 208 wrote to memory of 3108	208	Unicorn-32750.exe	103
PID 1724 wrote to memory of 2632	1724	Unicorn-22195.exe	104
PID 1724 wrote to memory of 2632	1724	Unicorn-22195.exe	104
PID 1724 wrote to memory of 2632	1724	Unicorn-22195.exe	104
PID 1772 wrote to memory of 4820	1772	cddaa9c5d2d4f60b7cda516d4b513d0b7ce269bef7796f2903ec8c7d144414fb.exe	106
PID 1772 wrote to memory of 4820	1772	cddaa9c5d2d4f60b7cda516d4b513d0b7ce269bef7796f2903ec8c7d144414fb.exe	106
PID 1772 wrote to memory of 4820	1772	cddaa9c5d2d4f60b7cda516d4b513d0b7ce269bef7796f2903ec8c7d144414fb.exe	106
PID 2584 wrote to memory of 5016	2584	Unicorn-2329.exe	105
PID 2584 wrote to memory of 5016	2584	Unicorn-2329.exe	105
PID 2584 wrote to memory of 5016	2584	Unicorn-2329.exe	105
PID 724 wrote to memory of 4368	724	Unicorn-19313.exe	109
PID 724 wrote to memory of 4368	724	Unicorn-19313.exe	109
PID 724 wrote to memory of 4368	724	Unicorn-19313.exe	109
PID 2580 wrote to memory of 3572	2580	Unicorn-41619.exe	110
PID 2580 wrote to memory of 3572	2580	Unicorn-41619.exe	110
PID 2580 wrote to memory of 3572	2580	Unicorn-41619.exe	110
PID 1268 wrote to memory of 4300	1268	Unicorn-35457.exe	111
PID 1268 wrote to memory of 4300	1268	Unicorn-35457.exe	111
PID 1268 wrote to memory of 4300	1268	Unicorn-35457.exe	111
PID 2016 wrote to memory of 4304	2016	Unicorn-58348.exe	112
PID 2016 wrote to memory of 4304	2016	Unicorn-58348.exe	112
PID 2016 wrote to memory of 4304	2016	Unicorn-58348.exe	112
PID 4820 wrote to memory of 5008	4820	Unicorn-50952.exe	113
PID 4820 wrote to memory of 5008	4820	Unicorn-50952.exe	113
PID 4820 wrote to memory of 5008	4820	Unicorn-50952.exe	113
PID 1772 wrote to memory of 3736	1772	cddaa9c5d2d4f60b7cda516d4b513d0b7ce269bef7796f2903ec8c7d144414fb.exe	114
PID 1772 wrote to memory of 3736	1772	cddaa9c5d2d4f60b7cda516d4b513d0b7ce269bef7796f2903ec8c7d144414fb.exe	114
PID 1772 wrote to memory of 3736	1772	cddaa9c5d2d4f60b7cda516d4b513d0b7ce269bef7796f2903ec8c7d144414fb.exe	114
PID 3108 wrote to memory of 1644	3108	Unicorn-29326.exe	115

C:\Users\Admin\AppData\Local\Temp\cddaa9c5d2d4f60b7cda516d4b513d0b7ce269bef7796f2903ec8c7d144414fb.exe
"C:\Users\Admin\AppData\Local\Temp\cddaa9c5d2d4f60b7cda516d4b513d0b7ce269bef7796f2903ec8c7d144414fb.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32750.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32750.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38545.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34705.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32064.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
        9⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14911.exe
        10⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48688.exe
        11⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43959.exe
        11⤵
        
        PID:13616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
        11⤵
        
        PID:13208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
        10⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
        10⤵
        
        PID:13960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14680.exe
        10⤵
        
        PID:16964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13655.exe
        9⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
        10⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22554.exe
        10⤵
        
        PID:15160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50505.exe
        10⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49486.exe
        9⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29162.exe
        9⤵
        
        PID:14796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37281.exe
        9⤵
        
        PID:16500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18854.exe
        8⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        9⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        9⤵
        
        PID:12432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32746.exe
        9⤵
        
        PID:16340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16545.exe
        9⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59246.exe
        8⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2982.exe
        8⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33373.exe
        8⤵
        
        PID:15188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20561.exe
        8⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17351.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12207.exe
        8⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10815.exe
        9⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-87.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-87.exe
        9⤵
        
        PID:12456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
        9⤵
        
        PID:15564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22056.exe
        9⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53799.exe
        8⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58062.exe
        8⤵
        
        PID:12388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24785.exe
        8⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56254.exe
        7⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
        8⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        8⤵
        
        PID:13296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8815.exe
        8⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23047.exe
        7⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        7⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23000.exe
        7⤵
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42742.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64736.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59633.exe
        8⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26256.exe
        9⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35556.exe
        10⤵
        
        PID:16108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58393.exe
        10⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35750.exe
        9⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
        9⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27357.exe
        8⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61960.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56267.exe
        8⤵
        
        PID:15452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24785.exe
        8⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15014.exe
        7⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
        8⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
        8⤵
        
        PID:16376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        8⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23662.exe
        7⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
        7⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50050.exe
        7⤵
        
        PID:15204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23649.exe
        7⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17054.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65393.exe
        7⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26256.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58769.exe
        9⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62628.exe
        9⤵
        
        PID:15780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55024.exe
        9⤵
        
        PID:16680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35750.exe
        8⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
        8⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45762.exe
        8⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
        8⤵
        
        PID:14428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36439.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12528.exe
        8⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47031.exe
        8⤵
        
        PID:14092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37182.exe
        7⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28168.exe
        7⤵
        
        PID:14696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20177.exe
        7⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
        7⤵
        
        PID:14100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40375.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9984.exe
        7⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
        8⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        8⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe
        8⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        7⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35406.exe
        7⤵
        
        PID:15068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25503.exe
        7⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-686.exe
        6⤵
        
        PID:7992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7190.exe
        6⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
        6⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31223.exe
        6⤵
        
        PID:16660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29478.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34321.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15535.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10463.exe
        8⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
        9⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        9⤵
        
        PID:12908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
        9⤵
        
        PID:16028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3191.exe
        8⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29553.exe
        9⤵
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50871.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:13216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41488.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:14420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65032.exe
        8⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2045.exe
        8⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29912.exe
        8⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16887.exe
        7⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11567.exe
        8⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45537.exe
        9⤵
        
        PID:14868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
        9⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48062.exe
        8⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16691.exe
        8⤵
        
        PID:15792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52224.exe
        8⤵
        
        PID:16740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36719.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48392.exe
        7⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19502.exe
        7⤵
        
        PID:14484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56882.exe
        7⤵
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31030.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45248.exe
        7⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21168.exe
        8⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62375.exe
        8⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
        8⤵
        
        PID:14376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47353.exe
        8⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36823.exe
        7⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43761.exe
        8⤵
        
        PID:11492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22438.exe
        8⤵
        
        PID:15164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29839.exe
        8⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5670.exe
        7⤵
        
        PID:11508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33373.exe
        7⤵
        
        PID:15196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10881.exe
        7⤵
        
        PID:16756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2797.exe
        6⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44240.exe
        7⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13750.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24990.exe
        7⤵
        
        PID:15136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22056.exe
        7⤵
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42600.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23725.exe
        6⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33514.exe
        6⤵
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42363.exe
        6⤵
        
        PID:16408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23229.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61210.exe
        6⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24023.exe
        7⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19825.exe
        8⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        8⤵
        
        PID:13332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41488.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5453.exe
        7⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65039.exe
        7⤵
        
        PID:12352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21464.exe
        7⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17718.exe
        6⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6160.exe
        7⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59848.exe
        7⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
        7⤵
        
        PID:16248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17806.exe
        6⤵
        
        PID:8480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
        6⤵
        
        PID:13340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48914.exe
        6⤵
        
        PID:16452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
        6⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        7⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35750.exe
        7⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
        7⤵
        
        PID:14316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34903.exe
        6⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53600.exe
        7⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56263.exe
        7⤵
        
        PID:14968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41817.exe
        7⤵
        
        PID:372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7934.exe
        6⤵
        
        PID:10736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29162.exe
        6⤵
        
        PID:14844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52274.exe
        6⤵
        
        PID:15852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2916.exe
        6⤵
        
        PID:12708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60926.exe
        5⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38257.exe
        6⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21062.exe
        6⤵
        
        PID:12244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
        6⤵
        
        PID:16296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
        6⤵
        
        PID:6684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39910.exe
        5⤵
        
        PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60384.exe
        5⤵
        
        PID:11440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12373.exe
        5⤵
        
        PID:15172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
        5⤵
        
        PID:624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15591.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13615.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60896.exe
        7⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24023.exe
        8⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35984.exe
        9⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60527.exe
        9⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5453.exe
        8⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
        8⤵
        
        PID:14000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30002.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1190.exe
        7⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52704.exe
        8⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11607.exe
        8⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
        8⤵
        
        PID:15532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22175.exe
        8⤵
        
        PID:17340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5453.exe
        7⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23528.exe
        7⤵
        
        PID:12648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27089.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48631.exe
        6⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3728.exe
        7⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38880.exe
        8⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        8⤵
        
        PID:13280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21640.exe
        8⤵
        
        PID:15872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
        7⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58951.exe
        7⤵
        
        PID:15052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60672.exe
        7⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23166.exe
        6⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5567.exe
        7⤵
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32202.exe
        7⤵
        
        PID:16008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10680.exe
        7⤵
        
        PID:1088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33623.exe
        6⤵
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14494.exe
        6⤵
        
        PID:14056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exe
        6⤵
        
        PID:16976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14279.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        6⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11439.exe
        7⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40945.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54311.exe
        8⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4995.exe
        8⤵
        
        PID:16104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        8⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9943.exe
        7⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58062.exe
        7⤵
        
        PID:12372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5939.exe
        7⤵
        
        PID:16188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
        7⤵
        
        PID:12924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41750.exe
        6⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62912.exe
        7⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        7⤵
        
        PID:16536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6918.exe
        6⤵
        
        PID:10420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12627.exe
        6⤵
        
        PID:14760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19370.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        5⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16960.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
        6⤵
        
        PID:12124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29217.exe
        6⤵
        
        PID:15620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        6⤵
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54504.exe
        5⤵
        
        PID:7388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1133.exe
        5⤵
        
        PID:10908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52744.exe
        5⤵
        
        PID:14196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34334.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47824.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
        6⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28560.exe
        7⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21136.exe
        8⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15466.exe
        8⤵
        
        PID:16324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47737.exe
        8⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35366.exe
        7⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        7⤵
        
        PID:14076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
        7⤵
        
        PID:13212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        6⤵
        
        PID:7912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22381.exe
        6⤵
        
        PID:11056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
        6⤵
        
        PID:14708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39152.exe
        6⤵
        
        PID:15376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20774.exe
        5⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4831.exe
        6⤵
        
        PID:7640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48062.exe
        6⤵
        
        PID:11320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16691.exe
        6⤵
        
        PID:15800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6584.exe
        6⤵
        
        PID:7340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64399.exe
        5⤵
        
        PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2982.exe
        5⤵
        
        PID:11452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33373.exe
        5⤵
        
        PID:15152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
        5⤵
        
        PID:16364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15281.exe
        5⤵
        
        PID:6672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35800.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59233.exe
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
        6⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13873.exe
        7⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36518.exe
        6⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
        6⤵
        
        PID:14324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
        6⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45811.exe
        6⤵
        
        PID:14660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40214.exe
        5⤵
        
        PID:7304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-447.exe
        6⤵
        
        PID:10264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63559.exe
        6⤵
        
        PID:13984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34169.exe
        6⤵
        
        PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        5⤵
        
        PID:10604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54872.exe
        5⤵
        
        PID:14252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36639.exe
        5⤵
        
        PID:16292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60926.exe
      4⤵
      PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        5⤵
        
        PID:12424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32746.exe
        5⤵
        
        PID:16324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        5⤵
        
        PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10471.exe
      4⤵
      PID:7544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28864.exe
      4⤵
      PID:8556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32134.exe
      4⤵
      PID:14908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64705.exe
      4⤵
      PID:2740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44613.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51601.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe
        6⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59280.exe
        7⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21729.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55463.exe
        8⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62082.exe
        8⤵
        
        PID:16088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        8⤵
        
        PID:12660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34135.exe
        7⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
        7⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
        7⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
        7⤵
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48071.exe
        6⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47328.exe
        7⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-428.exe
        8⤵
        
        PID:15956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41288.exe
        8⤵
        
        PID:16596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
        7⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43883.exe
        7⤵
        
        PID:15712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60889.exe
        7⤵
        
        PID:16668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23662.exe
        6⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
        7⤵
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50050.exe
        6⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4682.exe
        6⤵
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16785.exe
        6⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
        7⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        7⤵
        
        PID:12892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15939.exe
        7⤵
        
        PID:15948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13391.exe
        7⤵
        
        PID:380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53799.exe
        6⤵
        
        PID:8516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58062.exe
        6⤵
        
        PID:12380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56882.exe
        6⤵
        
        PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1159.exe
        5⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
        6⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        6⤵
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41488.exe
        6⤵
        
        PID:8072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30717.exe
        5⤵
        
        PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63335.exe
        5⤵
        
        PID:13412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6545.exe
        5⤵
        
        PID:14452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12463.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34422.exe
        6⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22113.exe
        7⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
        7⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29217.exe
        7⤵
        
        PID:16052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        7⤵
        
        PID:9128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6589.exe
        6⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
        6⤵
        
        PID:10504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48942.exe
        6⤵
        
        PID:14748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
        6⤵
        
        PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46680.exe
        5⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9984.exe
        6⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
        7⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9335.exe
        7⤵
        
        PID:14836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14836 -s 472
        8⤵
        Program crash
        
        PID:15656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25480.exe
        7⤵
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24797.exe
        6⤵
        
        PID:12128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54356.exe
        6⤵
        
        PID:15084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
        6⤵
        
        PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44830.exe
        5⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55728.exe
        6⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30147.exe
        6⤵
        
        PID:15696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31785.exe
        6⤵
        
        PID:7324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10182.exe
        5⤵
        
        PID:10832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3742.exe
        5⤵
        
        PID:14548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56882.exe
        5⤵
        
        PID:15752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13598.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45086.exe
        5⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37489.exe
        6⤵
        
        PID:8392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5494.exe
        6⤵
        
        PID:11996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62082.exe
        6⤵
        
        PID:16100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        6⤵
        
        PID:16180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
        5⤵
        
        PID:9196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56599.exe
        5⤵
        
        PID:12552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39671.exe
        5⤵
        
        PID:5716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61895.exe
      4⤵
      PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14911.exe
        5⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
        6⤵
        
        PID:10660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38006.exe
        6⤵
        
        PID:14808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63472.exe
        6⤵
        
        PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9222.exe
        5⤵
        
        PID:7568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17133.exe
        5⤵
        
        PID:13356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21745.exe
        5⤵
        
        PID:16412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24590.exe
      4⤵
      PID:7184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
      4⤵
      PID:7940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58433.exe
      4⤵
      PID:11972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6626.exe
      4⤵
      PID:14984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44528.exe
      4⤵
      PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24251.exe
      4⤵
      PID:14592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29326.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52032.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64352.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61968.exe
        6⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16832.exe
        7⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53600.exe
        8⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22554.exe
        8⤵
        
        PID:15364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        8⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46887.exe
        7⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25021.exe
        7⤵
        
        PID:13692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe
        7⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe
        6⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3933.exe
        6⤵
        
        PID:10916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27400.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
        6⤵
        
        PID:16184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38646.exe
        5⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41713.exe
        6⤵
        
        PID:9200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11607.exe
        6⤵
        
        PID:12500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21331.exe
        6⤵
        
        PID:16380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53154.exe
        6⤵
        
        PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20206.exe
        5⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32391.exe
        5⤵
        
        PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40834.exe
        5⤵
        
        PID:15552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35688.exe
        5⤵
        
        PID:16784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
      4⤵
      PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
        5⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10815.exe
        6⤵
        
        PID:8644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-87.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-87.exe
        6⤵
        
        PID:12464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
        6⤵
        
        PID:15548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
        6⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30534.exe
        5⤵
        
        PID:9000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50750.exe
        5⤵
        
        PID:11300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64932.exe
        5⤵
        
        PID:16272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
        5⤵
        
        PID:16212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36935.exe
      4⤵
      PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34832.exe
        5⤵
        
        PID:8904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        5⤵
        
        PID:12900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15939.exe
        5⤵
        
        PID:16076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25503.exe
        5⤵
        
        PID:1160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57391.exe
      4⤵
      PID:7212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
      4⤵
      PID:12576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52416.exe
      4⤵
      PID:15268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51383.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51383.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24886.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50256.exe
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52704.exe
        6⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
        6⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
        6⤵
        
        PID:16368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe
        6⤵
        
        PID:7588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53752.exe
        5⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3277.exe
        5⤵
        
        PID:11636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2410.exe
        5⤵
        
        PID:16220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
        5⤵
        
        PID:16064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1054.exe
      4⤵
      PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17360.exe
        5⤵
        
        PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14742.exe
        5⤵
        
        PID:14164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15466.exe
        5⤵
        
        PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        5⤵
        
        PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29544.exe
      4⤵
      PID:8588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55262.exe
      4⤵
      PID:12320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46275.exe
      4⤵
      PID:16152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe
      4⤵
      PID:16624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10798.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
      4⤵
      PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        5⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2479.exe
        6⤵
        
        PID:10452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21978.exe
        6⤵
        
        PID:15424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30841.exe
        6⤵
        
        PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35750.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37828.exe
        5⤵
        
        PID:14744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
        5⤵
        
        PID:16068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36823.exe
      4⤵
      PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55953.exe
        5⤵
        
        PID:9800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43959.exe
        5⤵
        
        PID:13608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32271.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7934.exe
      4⤵
      PID:10744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1094.exe
      4⤵
      PID:14064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
      4⤵
      PID:16932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15174.exe
    3⤵
    PID:5632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25488.exe
      4⤵
      PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37517.exe
        5⤵
        
        PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
        5⤵
        
        PID:4308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14022.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
      4⤵
      PID:14308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
      4⤵
      PID:12268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50977.exe
    3⤵
    PID:7972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18726.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18726.exe
    3⤵
    PID:11084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42943.exe
    3⤵
    PID:14396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48344.exe
    3⤵
    PID:6500
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2329.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2329.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48142.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52032.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29376.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49472.exe
        7⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 632
        8⤵
        Program crash
        
        PID:5864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 632
        8⤵
        Program crash
        
        PID:9064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 668
        7⤵
        Program crash
        
        PID:6456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 648
        7⤵
        Program crash
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45912.exe
        6⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14911.exe
        7⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13664.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44327.exe
        8⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-74.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-74.exe
        8⤵
        
        PID:16160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        8⤵
        
        PID:15432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
        7⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17133.exe
        7⤵
        
        PID:13396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14680.exe
        7⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27390.exe
        6⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
        7⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38006.exe
        7⤵
        
        PID:14800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4920.exe
        7⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55351.exe
        6⤵
        
        PID:10472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41438.exe
        6⤵
        
        PID:13772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27089.exe
        6⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46917.exe
        6⤵
        
        PID:14632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63480.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50240.exe
        6⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50256.exe
        7⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44240.exe
        8⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57444.exe
        9⤵
        
        PID:14956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23857.exe
        9⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56894.exe
        8⤵
        
        PID:12252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58715.exe
        8⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe
        8⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23767.exe
        7⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59198.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39364.exe
        7⤵
        
        PID:15272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38688.exe
        7⤵
        
        PID:16516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17334.exe
        6⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52912.exe
        7⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65095.exe
        7⤵
        
        PID:12532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
        7⤵
        
        PID:15740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
        7⤵
        
        PID:15248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46782.exe
        6⤵
        
        PID:9996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
        6⤵
        
        PID:12560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60672.exe
        6⤵
        
        PID:7856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64670.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24801.exe
        6⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11607.exe
        6⤵
        
        PID:11648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
        6⤵
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3800.exe
        6⤵
        
        PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42767.exe
        5⤵
        
        PID:7348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11222.exe
        5⤵
        
        PID:11312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23104.exe
        5⤵
        
        PID:15036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39671.exe
        5⤵
        
        PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51839.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40528.exe
        5⤵
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50256.exe
        6⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13664.exe
        7⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        7⤵
        
        PID:12440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32746.exe
        7⤵
        
        PID:16316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2631.exe
        6⤵
        
        PID:8952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
        6⤵
        
        PID:13324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22152.exe
        6⤵
        
        PID:564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15030.exe
        5⤵
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25232.exe
        6⤵
        
        PID:8336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
        6⤵
        
        PID:16360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        6⤵
        
        PID:15992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23678.exe
        5⤵
        
        PID:8532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
        5⤵
        
        PID:11736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8410.exe
        5⤵
        
        PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64632.exe
      4⤵
      PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        5⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16960.exe
        6⤵
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5110.exe
        6⤵
        
        PID:12076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29217.exe
        6⤵
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        6⤵
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30534.exe
        5⤵
        
        PID:8992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8006.exe
        5⤵
        
        PID:13088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24785.exe
        5⤵
        
        PID:16112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12125.exe
      4⤵
      PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17744.exe
        5⤵
        
        PID:9220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14742.exe
        5⤵
        
        PID:14040
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14040 -s 472
        6⤵
        Program crash
        
        PID:15864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44121.exe
        5⤵
        
        PID:10900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
      4⤵
      PID:9256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15392.exe
      4⤵
      PID:12636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20112.exe
      4⤵
      PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48667.exe
      4⤵
      PID:12720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40465.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24886.exe
        5⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49296.exe
        6⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21168.exe
        7⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28624.exe
        8⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32067.exe
        8⤵
        
        PID:15208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9279.exe
        8⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29182.exe
        7⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54356.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        7⤵
        
        PID:14856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
        6⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59198.exe
        6⤵
        
        PID:10432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13619.exe
        6⤵
        
        PID:15524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        6⤵
        
        PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33902.exe
        5⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2351.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        6⤵
        
        PID:12916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15939.exe
        6⤵
        
        PID:324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3791.exe
        6⤵
        
        PID:16208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62140.exe
        6⤵
        
        PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29528.exe
        5⤵
        
        PID:7920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56398.exe
        5⤵
        
        PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33514.exe
        5⤵
        
        PID:14960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34407.exe
        5⤵
        
        PID:7960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16199.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61968.exe
        5⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58736.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        7⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44888.exe
        7⤵
        
        PID:15012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15167.exe
        7⤵
        
        PID:16652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52471.exe
        6⤵
        
        PID:10528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51668.exe
        6⤵
        
        PID:14904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47984.exe
        6⤵
        
        PID:15896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19527.exe
        5⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5935.exe
        6⤵
        
        PID:11532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40886.exe
        6⤵
        
        PID:14284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42080.exe
        6⤵
        
        PID:16956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4317.exe
        5⤵
        
        PID:10840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6870.exe
        5⤵
        
        PID:14468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22175.exe
        5⤵
        
        PID:8288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40431.exe
      4⤵
      PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        5⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19553.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34755.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42080.exe
        6⤵
        
        PID:16900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35366.exe
        5⤵
        
        PID:10628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        5⤵
        
        PID:14144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28969.exe
        5⤵
        
        PID:2096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17031.exe
      4⤵
      PID:7236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9309.exe
      4⤵
      PID:10924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32406.exe
      4⤵
      PID:14764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44290.exe
      4⤵
      PID:16120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18190.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18190.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34145.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17760.exe
        5⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61024.exe
        6⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22544.exe
        7⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42080.exe
        7⤵
        
        PID:16988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53799.exe
        6⤵
        
        PID:8880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
        6⤵
        
        PID:11352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41121.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
        5⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34768.exe
        6⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21978.exe
        6⤵
        
        PID:15404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32633.exe
        6⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13330.exe
        6⤵
        
        PID:10768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3310.exe
        5⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
        5⤵
        
        PID:12304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
        5⤵
        
        PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12791.exe
        5⤵
        
        PID:14688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45912.exe
      4⤵
      PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49393.exe
        5⤵
        
        PID:7776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21975.exe
        5⤵
        
        PID:10252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58623.exe
        5⤵
        
        PID:15004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49218.exe
        5⤵
        
        PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13606.exe
      4⤵
      PID:7384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28333.exe
      4⤵
      PID:11040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
      4⤵
      PID:14924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
      4⤵
      PID:15776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56903.exe
      4⤵
      PID:16588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33496.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33496.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12383.exe
      4⤵
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64688.exe
        5⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20977.exe
        6⤵
        
        PID:8080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
        6⤵
        
        PID:13388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37593.exe
        6⤵
        
        PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46887.exe
        5⤵
        
        PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25021.exe
        5⤵
        
        PID:13684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38137.exe
        5⤵
        
        PID:16752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62231.exe
      4⤵
      PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44976.exe
        5⤵
        
        PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
        5⤵
        
        PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49486.exe
      4⤵
      PID:10464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12407.exe
      4⤵
      PID:14208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38688.exe
      4⤵
      PID:15528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65534.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65534.exe
    3⤵
    PID:5856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38166.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
      4⤵
      PID:16260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
      4⤵
      PID:15996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
    3⤵
    PID:716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
      4⤵
      PID:692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24255.exe
    3⤵
    PID:10904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9698.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9698.exe
    3⤵
    PID:14704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
    3⤵
    PID:8292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58348.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58348.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56033.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37440.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40912.exe
        6⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36416.exe
        7⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41952.exe
        8⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60527.exe
        8⤵
        
        PID:11984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31855.exe
        8⤵
        
        PID:16436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30534.exe
        7⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8006.exe
        7⤵
        
        PID:13232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24785.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27997.exe
        6⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20977.exe
        7⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
        7⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34399.exe
        7⤵
        
        PID:9236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-950.exe
        6⤵
        
        PID:9744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22221.exe
        6⤵
        
        PID:13736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22152.exe
        6⤵
        
        PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53527.exe
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56312.exe
        6⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12528.exe
        7⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47031.exe
        7⤵
        
        PID:14124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15167.exe
        7⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5453.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
        6⤵
        
        PID:14008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
        6⤵
        
        PID:7632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14925.exe
        5⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22544.exe
        6⤵
        
        PID:10212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        6⤵
        
        PID:11472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6591.exe
        6⤵
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26895.exe
        6⤵
        
        PID:12960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44759.exe
        5⤵
        
        PID:9224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63871.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        5⤵
        
        PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39255.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13584.exe
        5⤵
        Executes dropped EXE
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32960.exe
        6⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18496.exe
        7⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59848.exe
        7⤵
        
        PID:11792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
        7⤵
        
        PID:16248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61641.exe
        7⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
        6⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59198.exe
        6⤵
        
        PID:11360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39364.exe
        6⤵
        
        PID:14116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe
        6⤵
        
        PID:7492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10022.exe
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
        6⤵
        
        PID:10136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22775.exe
        6⤵
        
        PID:216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33679.exe
        6⤵
        
        PID:6608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23678.exe
        5⤵
        
        PID:8548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63927.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62811.exe
        5⤵
        
        PID:16140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27089.exe
        5⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4727.exe
        5⤵
        
        PID:12996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7070.exe
      4⤵
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59249.exe
        5⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
        6⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        6⤵
        
        PID:13096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56832.exe
        6⤵
        
        PID:16024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58391.exe
        5⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24016.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45332.exe
        6⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44121.exe
        6⤵
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34174.exe
        5⤵
        
        PID:10348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57607.exe
        5⤵
        
        PID:14772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51513.exe
        5⤵
        
        PID:5880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55912.exe
      4⤵
      PID:6284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        5⤵
        
        PID:8676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        5⤵
        
        PID:12416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32746.exe
        5⤵
        
        PID:16332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        5⤵
        
        PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12798.exe
      4⤵
      PID:9036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49862.exe
      4⤵
      PID:11832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59812.exe
      4⤵
      PID:16120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57927.exe
      4⤵
      PID:6048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14870.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25152.exe
        5⤵
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22545.exe
        6⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32912.exe
        7⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        7⤵
        
        PID:12880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15939.exe
        7⤵
        
        PID:15976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60672.exe
        7⤵
        
        PID:15880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30534.exe
        6⤵
        
        PID:8984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8006.exe
        6⤵
        
        PID:12928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41121.exe
        6⤵
        
        PID:15532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52856.exe
        5⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41329.exe
        6⤵
        
        PID:7424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11607.exe
        6⤵
        
        PID:11772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
        6⤵
        
        PID:15412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
        6⤵
        
        PID:13184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23678.exe
        5⤵
        
        PID:8540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
        5⤵
        
        PID:12476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58187.exe
        5⤵
        
        PID:7864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
      4⤵
      PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-199.exe
        5⤵
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31200.exe
        6⤵
        
        PID:9860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21256.exe
        6⤵
        
        PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21758.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1862.exe
        5⤵
        
        PID:12804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13464.exe
        5⤵
        
        PID:16124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53692.exe
        5⤵
        
        PID:13020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59047.exe
      4⤵
      PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53469.exe
        5⤵
        
        PID:14896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44873.exe
        5⤵
        
        PID:8348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46302.exe
      4⤵
      PID:10588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41430.exe
      4⤵
      PID:13364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46978.exe
      4⤵
      PID:5260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15165.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50359.exe
      4⤵
      PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58544.exe
        5⤵
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44608.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44873.exe
        6⤵
        
        PID:16920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35750.exe
        5⤵
        
        PID:10496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
        5⤵
        
        PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47945.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
      4⤵
      PID:7292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61591.exe
      4⤵
      PID:11292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8556.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12736.exe
      4⤵
      PID:5612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
    3⤵
    PID:5184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46608.exe
      4⤵
      PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55112.exe
        5⤵
        
        PID:9760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22893.exe
        5⤵
        
        PID:12012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe
        5⤵
        
        PID:7700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63176.exe
      4⤵
      PID:7560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43838.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52976.exe
      4⤵
      PID:16036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
      4⤵
      PID:9804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47031.exe
      4⤵
      PID:14104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8815.exe
      4⤵
      PID:6656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57815.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57815.exe
    3⤵
    PID:10088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41968.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41968.exe
    3⤵
    PID:13940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32816.exe
    3⤵
    PID:16468
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50952.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50952.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41233.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36288.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41488.exe
        5⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21424.exe
        6⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43799.exe
        7⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38415.exe
        7⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
        7⤵
        
        PID:15720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
        7⤵
        
        PID:10732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16071.exe
        6⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49380.exe
        7⤵
        
        PID:15608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4888.exe
        7⤵
        
        PID:16892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21254.exe
        6⤵
        
        PID:11272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
        6⤵
        
        PID:15760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23649.exe
        6⤵
        
        PID:7344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36311.exe
        5⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        6⤵
        
        PID:8400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52936.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        6⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27741.exe
        5⤵
        
        PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56615.exe
        5⤵
        
        PID:10352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58034.exe
        5⤵
        
        PID:16132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46341.exe
        5⤵
        
        PID:14676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20662.exe
      4⤵
      PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21424.exe
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32865.exe
        6⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43840.exe
        7⤵
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64665.exe
        7⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24797.exe
        6⤵
        
        PID:12112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51668.exe
        6⤵
        
        PID:15120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57273.exe
        6⤵
        
        PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16071.exe
        5⤵
        
        PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31133.exe
        5⤵
        
        PID:11052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61800.exe
        5⤵
        
        PID:14916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20303.exe
        5⤵
        
        PID:15488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10301.exe
      4⤵
      PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38257.exe
        5⤵
        
        PID:8720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8062.exe
        5⤵
        
        PID:12864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15939.exe
        5⤵
        
        PID:16228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39536.exe
        5⤵
        
        PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29467.exe
        5⤵
        
        PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
      4⤵
      PID:7756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49094.exe
      4⤵
      PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17289.exe
      4⤵
      PID:5248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7543.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
      4⤵
      PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44496.exe
        5⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34640.exe
        6⤵
        
        PID:8852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37014.exe
        6⤵
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
        6⤵
        
        PID:16352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        6⤵
        
        PID:7736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22086.exe
        5⤵
        
        PID:8412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50056.exe
        5⤵
        
        PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10888.exe
        5⤵
        
        PID:15676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42518.exe
      4⤵
      PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53600.exe
        5⤵
        
        PID:11108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        5⤵
        
        PID:14860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40281.exe
        5⤵
        
        PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54476.exe
        5⤵
        
        PID:14600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53663.exe
      4⤵
      PID:10168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55479.exe
      4⤵
      PID:748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27416.exe
      4⤵
      PID:8304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
    3⤵
    PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44112.exe
      4⤵
      PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18112.exe
        5⤵
        
        PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        5⤵
        
        PID:13104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48384.exe
        5⤵
        
        PID:16484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22086.exe
      4⤵
      PID:8436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51902.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64932.exe
      4⤵
      PID:15372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30111.exe
      4⤵
      PID:16160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-775.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-775.exe
    3⤵
    PID:6804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40945.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44191.exe
      4⤵
      PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7880.exe
      4⤵
      PID:3492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18958.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18958.exe
    3⤵
    PID:10036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14487.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14487.exe
    3⤵
    PID:12632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46978.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46978.exe
    3⤵
    PID:5600
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43102.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43102.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31296.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31296.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25601.exe
      4⤵
      PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
        5⤵
        
        PID:6828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2479.exe
        6⤵
        
        PID:10416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19601.exe
        6⤵
        
        PID:15416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50498.exe
        6⤵
        
        PID:16584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35750.exe
        5⤵
        
        PID:10488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51668.exe
        5⤵
        
        PID:14088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39017.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23494.exe
      4⤵
      PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        5⤵
        
        PID:10928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        5⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57328.exe
        5⤵
        
        PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60622.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30887.exe
      4⤵
      PID:13656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56135.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56135.exe
    3⤵
    PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21168.exe
      4⤵
      PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3647.exe
        5⤵
        
        PID:12808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16074.exe
        5⤵
        
        PID:15928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12817.exe
        5⤵
        
        PID:7552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2375.exe
      4⤵
      PID:11168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35406.exe
      4⤵
      PID:15304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
      4⤵
      PID:16016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48639.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48639.exe
    3⤵
    PID:7416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43047.exe
    3⤵
    PID:10872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3742.exe
    3⤵
    PID:14540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
    3⤵
    PID:15740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48688.exe
    3⤵
    PID:6560
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10599.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10599.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57697.exe
    3⤵
    PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20065.exe
      4⤵
      PID:6984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        5⤵
        
        PID:11160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56263.exe
        5⤵
        
        PID:14976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24975.exe
        5⤵
        
        PID:17352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
      4⤵
      PID:10280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51668.exe
      4⤵
      PID:14732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22296.exe
      4⤵
      PID:5280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13655.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13655.exe
    3⤵
    PID:7200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49486.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49486.exe
    3⤵
    PID:10544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50103.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50103.exe
    3⤵
    PID:12240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
    3⤵
    PID:6512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45611.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45611.exe
    3⤵
    PID:14684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56225.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56225.exe
  2⤵
  PID:1128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9984.exe
    3⤵
    PID:8012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24797.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24797.exe
    3⤵
    PID:12136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54356.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54356.exe
    3⤵
    PID:15076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
    3⤵
    PID:8224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
  2⤵
  PID:7396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
    3⤵
    PID:9828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
    3⤵
    PID:13288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41488.exe
    3⤵
    PID:3416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19966.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19966.exe
  2⤵
  PID:10612
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19302.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19302.exe
  2⤵
  PID:14288
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21681.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21681.exe
  2⤵
  PID:3000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5584 -ip 5584
1⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4832 -ip 4832
1⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5584 -ip 5584
1⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4832 -ip 4832
1⤵
PID:8332

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:5744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14870.exe

Filesize
468KB

MD5
0cac5d85f62bba19c4b2502dd8524756

SHA1
567eef2df3f02c5b728ca32a8d9bf716daa7ae80

SHA256
18d1dfb5b7d5761247c77f016d0f90d9a975a3cc0b4c0e0d7674ae3e9bec21d6

SHA512
38e623f13e67237f715f9f329e5422b56d50fb616e75366ad582f7c5f4d1a6aed3345b0068bcd65d1f7e3b1d331025d49012c729a12003275cef262735ce8bef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15591.exe

Filesize
468KB

MD5
9b10ffa71d02931a3d31d5f774ba5ba5

SHA1
841407305b5c92cf061723844d1e440361db316e

SHA256
5fc87501ae092a0be6e131eaad3b925ef58fae616cc87a0b6918fa3216d3f5a6

SHA512
c22ca15524d2460d67b7781011522087e81dbdc68a3c94b7bdf5dfeb53fdb943d960b8a670ea42e002b8b9d0356f24d59d0f5c4c88fadfa0bbd0b31dd4db55d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18190.exe

Filesize
468KB

MD5
b87be1cefb94ba3a094e162caa73e249

SHA1
95669fffda8038016a451896798954765c65574f

SHA256
fa54c7be73f14d5e5b1772403cfdc886973d5f04d9174b7a90734cdfabf44f7b

SHA512
b517ec277e31402b50861392b94da36d9d0affff335a315da55a19bd61e554ffeb869b257779cec8cae0df621cfd34afa2f1c458940fcd574969b181f6cd2628

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe

Filesize
468KB

MD5
b21dc9e7ef9538529a77f8ca51549278

SHA1
063ed65cdc0f866880812ae0cd8dce2d71a83ba8

SHA256
c215a495946637af1d7c9566405705e3bb904c6dbb57b5db3d40ca88cafd99e8

SHA512
019babf269daa45e62b5d9dc8b25d35a9ceca1ca041745aa76e7efc40550c40fb4cacb0f4700e7525b297835e5b94a637a08d5492b7b686a54c013ea03d55cff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe

Filesize
468KB

MD5
8faca0fba9cb7df97f367ce5713febc7

SHA1
52ebcd1253a0c5177f575742fd2eeb8491302c3a

SHA256
a74c5844bf40d81009f261d97bd0ffe44e8ed2b252453590fea346939b615449

SHA512
5913ba26253814b13f5fe351ec03dee9bfa56ff6db9e56a2c5953cfb24a93b176de72e8c1c643acd7ae5a155afd42d0a0ef6fcc2262e21d1616f0414e181471a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2329.exe

Filesize
468KB

MD5
4bad6a313a956ae34949b084bf5e192d

SHA1
ece9969ee8af48d2fb25e62989eb42dc1e00b1ab

SHA256
dab3bf683218c863f8a2f5d71c278f81b1471d11d6f54ea8fbfd9436240627f0

SHA512
fe6064b3650892ab0ee268eae0c34be986687d831ac17c87842416ffb1552c2f492c0b46cf646ee6c359883d09663d81d130380fc8247e4a7e8c43abac7d9f71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe

Filesize
468KB

MD5
34a85066cda885562f07598f0cc93170

SHA1
1b24d45482610abb5929da94b98e4c80b721bb49

SHA256
8d732bd318d10b37ce5d9a42c77727c3cc72d041f7a9300a24b9fc8dc28bd702

SHA512
ae035fa921244e9eae0648666a571bf1565f13faeca433ad26c588144b7973c1a01b0033946450f7dfa31a9dc1574c808bb66a482400901b8b9b052ee24a0353

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29326.exe

Filesize
468KB

MD5
e993b36aef275601f36ebfc66b3e7018

SHA1
c3dc0bd87d0a3428cbdf86a3fad7649bd6faf9f7

SHA256
e981e5f1b8a17d9a9a59b6d1a24597920ddcdbbd1a72bca61b5b38ad9558e64f

SHA512
14fabcdce54ec83075ede469ea10b0d11b5e0a7e8ac96bbf3a395bd17d0f26beda658ece8ded22d0589f836e3375318143cd129557ddb2304db9549529a3cff5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29478.exe

Filesize
468KB

MD5
fa763aeb8580a006ca16913745f749d5

SHA1
d9dd96f66a14c287572f53c146bc367ffd72a774

SHA256
d7cd93068d690f0634f1b5620ff7d72c1faab56eccebf79a7dadbd67002814c5

SHA512
03dbc9868e503fe7fc1865540732437d4fe22de558a70cbb2342d76c88f51414381e56c99ca9e0eb9e335d754a8f1477b5551187f8def382258f2fc3b49cd775

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32750.exe

Filesize
468KB

MD5
0db58fcc3c999ba079a31d44f38c9fab

SHA1
366788d49253379bcadb9be761397bfea471c41c

SHA256
26ff42eb8584ea8af5e8d0292c3bc57068c54fad40203a270ecd55a2aaae9c3f

SHA512
185cd0789abd1ff7c66d5b22696956039cec3d3ee30667ca03c48352ce52c8182a591524508376db929117b64dd94128e6c906c5ebfe43f509dfb7fa4db02df3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34321.exe

Filesize
468KB

MD5
aa38b9494bfb97828135b48d77ca7a6f

SHA1
eac15e9614777c4e32bc0c6ee5bf8a73a4d7861c

SHA256
cdd66c5a9689739674f6ae4d1bac98d2607724651dc64e1fd334bcc847ddcf5e

SHA512
7bdfac7930ddec62e0d4d4fc5c540bffd546f8303f6467cfb5e836299ed95c1fd62427b2fdc23410da3422f4917927a182077b59d9fbc7fe5c9c75ff943fb9bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34334.exe

Filesize
468KB

MD5
b7b505753682a774af17e465193633c7

SHA1
3dba20717b4b4a8388652ae2365b8074302b56b9

SHA256
81b928dcd4e2d2797c0a1f7be4d6da7b15403f762d5d235fbba62bddf1225a9e

SHA512
82cda33ff21fb0e63ae3e330c8d65ed08a5770a90273d49e273ca4995e64fd528159fa40e2393cc16ccba3d61efe3f6f4bcd338c1505c68061b811769dfae860

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34705.exe

Filesize
468KB

MD5
1c1c4ec2d110efce3ade867e53a3fe3c

SHA1
7582f5f9821def744a973b9cf932f437b1b6f76d

SHA256
da1b2e46a19758273286b5bb664565811f66b3dbf56466bb64ef0a1a49f5248a

SHA512
5a3097b7f715cf7c82028998d88d2e62697d8afa8ae39a2f9d378323eb33ffc4adbe3de8f22a9af0612445e6d0f7f03f1e9137fdd6af9584c4abc80320ebe996

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe

Filesize
468KB

MD5
972bd31fe653c4656437397ca87699cb

SHA1
94621a00594fe42d6950d3d24ffddb331c11915c

SHA256
0df47dd0ca4c2283ff1378f24656690a4339a9617cb26bd8e1c4ac6544013e7c

SHA512
474973b85ec57ee2e101200975ee4d05206a2bfdbbc0b2adc88fe35803af20ed9b1e6e10560b1158dbbac560c4c444538a19548eda188c9a3b4c2b744856e114

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38545.exe

Filesize
468KB

MD5
cc3804af3b314c9faa573abba4ac0da7

SHA1
e01fc338679cfd538ef1028ecd995322a70e4a7e

SHA256
be021b40c05745560a52693020daefd61ca6eb6ab132d7246a05ba6854bca8f3

SHA512
9ba7b7b44487ee2f481d1a271a60be526763090469af9d834dd1e96c91de0f09525342c7297e151100d6360c10bd60df35f58c0b2641a19ecc404b4f2fa8076b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40465.exe

Filesize
468KB

MD5
fbabb834e2d07952a4a51fa91ae2aa66

SHA1
bff45627ca16fc2bca9c1247c7a54ddc2e547a21

SHA256
2797cc27abb87606c65aef451b177d8a5ba15c6f604fbd2d42bd0893d0ad5992

SHA512
d2febd05036e217ef27eab7b676c3b3cb7d0ed915e9f8cbc30503fedacd69f667b5a284116536213fb4a352ad6d523f9c6effd1d73f8c2082e38d2a233e7125b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41233.exe

Filesize
468KB

MD5
46c9213862296eeff45d357b369fec76

SHA1
34e18b25e55395fbb07339df4f7406079bbcc3d1

SHA256
a5fdd9a2d4a8f1307f45cfc5c1e2c13511ba7f25a64bd4db011a9c9f971de8db

SHA512
4f8d25bbfe8049768ba9600b8620afcc849a3e799b13f8d5d311084d9397fe7c8fbdc9628d510af924f5e96745d047db0ccaf13a2b39d3cfdb838350eb0dbac5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe

Filesize
468KB

MD5
d0b795874a06c42459b23664c2f2152f

SHA1
a94a8c3f903c3dbfca8fd294083c0e88dbbbda6b

SHA256
c704346ce9f1a243c50ab02cd1e9bae60a5c90c1340aeed029840255aec78502

SHA512
0b5dc796c17d8cb3742095d8e7def23264f2acb615895301d1446b040d74d966a965ef75cce6758206ebf4ebda25b17917ef2f0276493a2b94757f0aa63e0cd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42742.exe

Filesize
468KB

MD5
09c489dbd08bba69314f5ed1f32b1dcc

SHA1
211d361ced35fddbff91686b7f375dfee4b6df74

SHA256
24846bed7c2f8268863ea7a81842e7aa9ebdbb4c0ca583067459cd643a7e25d7

SHA512
7b07c2bad9add4c630afd7f254c58df7b96e7d42142c84cc3dd0db5cb96d501521146f6503568f7e4ecafa373e71bd8729c4cc5bce38460c8983d05bebb9edd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43102.exe

Filesize
468KB

MD5
f7125ced465bde32d903da164cd2f2ab

SHA1
9e6e0930a930d316b6ee457761779adf9d56068b

SHA256
686c3d1b345e063ee586b35ca051ebdbe8b5a68f7ae08836f7596e670b5900d0

SHA512
19e90d4cba2bab8deeba640b7281134c0765dcd6355c0cfabc966aeaef6306acc083d86fd4bd0ed325d8a1978df294b3e0c7b5c74a8921eea7a3f25fc3fa31d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe

Filesize
468KB

MD5
643fb8a5c211ad5e3511542109ae9c25

SHA1
70ea43bd4fa305b9c5839117a7a5c064aa88bcc0

SHA256
d4bc128ad480c44f77b47fc2e13848830478bff59e35113ebb0c951382576641

SHA512
af1780941a6be6d3180231afd6b5643ede55afa02ac0bb633ab5a360f2155526f8b1788e6e0fd329f3fb87abfada2c75e4e5c4e401d3905ddfc5814ce3bb53be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44613.exe

Filesize
468KB

MD5
353465511edb806d87f5ef9871e3a827

SHA1
f78319a2410eb8a9fe66102d380ba2b36d41ccef

SHA256
dbfae6c9c04b137540dd3f75cb7b5a64a64f5cae1344e279bb5369d467dd15b3

SHA512
84c251504cf19d15fcf0ed1ea973181a02b6e8271528ca07fc567444f003ce3f2c9500f2bdf2da22152c63508275ec969282dcda2144d0f5bffa234d1fc831dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48142.exe

Filesize
468KB

MD5
4a2360e97855ddcb74ad15297a669280

SHA1
17e1bda7c9ff81d864fa32e5711a75c83c7ee85a

SHA256
db904e7c97e30e909de71c21fc2b2e4cd84826adfce42e9b871750083d23cf76

SHA512
8a09c3b3532ac028264c72054177566b11a7eed063d55586b086269a10cdedb3d90c21bf185ff171ec31e06787e223676fd6a59465d1e099025f3ff6e5e8da3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50952.exe

Filesize
468KB

MD5
8dac4d700b1a48c9a3adad4079f5d2f2

SHA1
d9b94face970b6683a54d30cad6aac048e150315

SHA256
f5974108c90b10142b37c15f5de3e6b19d3c8c796ddd6b5a514dd993554f9ace

SHA512
ce740799b567bb79e604054d0f462eabe24cf15cfa97f28d471ade818b00643e8090c9b09257371e9f67d2b8273493f751bd7e498c24ca5df25e2e7debf40d9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51383.exe

Filesize
468KB

MD5
ee09a7f2ae76a22fbf6a3375eb9d3123

SHA1
54f9260ffa8d26133adf423c9239f364640e557c

SHA256
f54f02e777200597a1fef33264704dda9f24bbf763c5745bab54261ab8172f17

SHA512
bc0ea789a2b645ccc1681220dc0b7a6f1bf107e543588d5758ff9ef1811d2265cc45414fb5141c2cc150595706c13b0ad4dc9f6337c6fb59e2fcbbd0e575da44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51601.exe

Filesize
468KB

MD5
c0ec53d3af8b59b9e62d575e64490d63

SHA1
01d282258393a6edf546756dffe0f41c851552ed

SHA256
46dcde2300833ff0c3106e89ed5e76c4a78f50649784e1f999459d8e5c7605f6

SHA512
2a526968831a621679b685330f8bf39d9bffc96ac5dbb8a295f7e33ae078ebc8c13cf76b67223b4cdc26df51d59bf56811bea19bfbb0b23cbfc530b8c2fe5323

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52032.exe

Filesize
468KB

MD5
d315a07c5272aeee0b853b762bb81901

SHA1
560a5fcb0e5d2e9f71475f52f11d51108192105b

SHA256
dee8b3f068eca7d4c1ac8f863e63587ef14f5e808d878e761f34d548b47006d6

SHA512
ccecf0576db3899fab18796ad1286f7ed528852fc0bccc0e4f93c28c4b45d389a7f10f351813bc5a79686d5daad62a97f33b0e94fe42ec3a50fff233640ad2ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56033.exe

Filesize
468KB

MD5
9f6237c6876607462f87fb806dfcc5d2

SHA1
61199c1222ff835feca10f446e799bea39885222

SHA256
9b8dde02adcc3a41e3bb11deef4eaa067d7f4a876691698d697cf589cc4c711a

SHA512
4621c4b962d7a2947d68226778d72cc95ff0e71608b63cc890b2ea1d5b0e9a61caf0c1bd1622ee08a57a10d284dbf7feb71ecf1179c96b6a31d972615a275900

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe

Filesize
468KB

MD5
96c84afb697929f4f8210d8ad7cd7e4d

SHA1
e896cb586b8b60d6be1cfdf2568ced0a8cdf6bf1

SHA256
e7fa5163ef97c9e3bbe1e237a4cbf4bdbe06b27b157acb49c472eef2d6437fe1

SHA512
81d23dcc34f74882ead68208c0ac88e318985d8151da8cae1992ed9d917e74404b27198f6bbc35f6c1eadb9a9b7636f2c71cc4d9f4b88d6f5e394c91d81f937c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58348.exe

Filesize
468KB

MD5
82e68e553eecba44d61ecb1a6774d4b1

SHA1
c7cc50d76077b8e13d5a186bf6dce9e4a8e41e9a

SHA256
d0c7c66a4abef61d8999b8d73ca362644828356b58d3d2001e8ba111f9a29845

SHA512
833df7689700d7e35e87138aef50905418bbaa5b405821210a9ca359e2265967809a1956359dc385e6804e10c4a62ccceebc84fd6a7765d7efcf308c3d946dda

Download Submit
memory/208-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/224-273-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/432-227-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/724-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/760-216-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/856-373-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/880-418-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/928-384-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1100-238-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1184-75-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1188-389-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1244-263-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1268-88-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1396-419-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1488-415-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1644-154-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1648-371-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1672-330-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1724-16-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1732-329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1772-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1796-235-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1828-266-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2016-44-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2020-163-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2072-287-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2184-183-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2220-331-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2224-328-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2244-220-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2368-256-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2424-385-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2448-407-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2480-409-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2512-195-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2580-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2584-18-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2592-189-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2608-257-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2632-90-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2836-414-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3108-89-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3288-243-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3504-416-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3572-119-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3580-411-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3600-292-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3736-153-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3736-2670-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3756-247-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3928-192-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4092-327-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4156-42-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4200-321-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4224-307-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4292-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4300-125-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4304-131-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4368-111-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4388-78-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4452-322-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4456-209-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4680-35-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4804-372-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4820-91-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4832-275-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4852-298-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5008-140-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5016-92-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5052-191-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5056-293-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5084-386-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5132-417-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5148-426-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5172-427-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5184-446-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5200-428-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5216-429-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5352-477-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5356-445-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5428-471-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5436-479-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5548-512-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5560-495-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5584-494-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5604-480-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5696-513-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5724-514-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5816-515-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5840-535-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5892-528-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5908-531-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5920-551-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5968-552-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6000-530-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6016-570-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6116-566-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16120-2659-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16376-2658-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads