f04ad92ca6880739a2077a520d8abaf653977427b6c0bc48e2cc84588a7f64aa

Analysis

max time kernel
150s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 05:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f04ad92ca6880739a2077a520d8abaf653977427b6c0bc48e2cc84588a7f64aa.exe
Size

468KB
MD5

7d66de2c5a6b1739dca5b41ca95790fc
SHA1

fdd97ce1ee926babc2413bd8d99512fa9747396c
SHA256

f04ad92ca6880739a2077a520d8abaf653977427b6c0bc48e2cc84588a7f64aa
SHA512

eb72949621609a8338227e9c292891b3b5485c11bbe8a4c757dc5975a61e396958b416a6e4ef7a78b2d46a2a70d86040352f20e13616c3cd99a4cd95149ac790
SSDEEP

3072:tho5owLsj38U6bYCfz5sff5EChj+IpBnmHdKV4+ilBC40KNmylK:thKoBsU6hf1sffU0EGilcNKNm

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3664	Unicorn-32489.exe
1716	Unicorn-45592.exe
1528	Unicorn-65457.exe
3360	Unicorn-27601.exe
4104	Unicorn-65104.exe
1728	Unicorn-3096.exe
3336	Unicorn-4942.exe
2496	Unicorn-35489.exe
4476	Unicorn-18961.exe
2772	Unicorn-35297.exe
1652	Unicorn-35297.exe
2268	Unicorn-15431.exe
3228	Unicorn-29166.exe
4436	Unicorn-26864.exe
4844	Unicorn-65208.exe
4260	Unicorn-28001.exe
3000	Unicorn-26967.exe
400	Unicorn-54425.exe
4584	Unicorn-5032.exe
456	Unicorn-50704.exe
4880	Unicorn-5032.exe
3204	Unicorn-37705.exe
3472	Unicorn-9182.exe
2260	Unicorn-54233.exe
224	Unicorn-60984.exe
4420	Unicorn-15312.exe
4996	Unicorn-64248.exe
3172	Unicorn-41855.exe
1564	Unicorn-11783.exe
1784	Unicorn-39055.exe
4680	Unicorn-55201.exe
2020	Unicorn-18807.exe
4784	Unicorn-63561.exe
3248	Unicorn-23798.exe
212	Unicorn-62793.exe
2476	Unicorn-12367.exe
1892	Unicorn-12367.exe
3740	Unicorn-48185.exe
756	Unicorn-13903.exe
2276	Unicorn-17817.exe
848	Unicorn-33961.exe
3236	Unicorn-16862.exe
464	Unicorn-1096.exe
3880	Unicorn-41169.exe
4180	Unicorn-40207.exe
1372	Unicorn-65408.exe
1804	Unicorn-136.exe
3404	Unicorn-136.exe
1072	Unicorn-26678.exe
3036	Unicorn-24641.exe
1676	Unicorn-65481.exe
1540	Unicorn-37447.exe
1168	Unicorn-27254.exe
2700	Unicorn-33385.exe
4360	Unicorn-46192.exe
4672	Unicorn-520.exe
3520	Unicorn-62720.exe
3088	Unicorn-10918.exe
4060	Unicorn-32928.exe
4496	Unicorn-33193.exe
4964	Unicorn-54168.exe
2316	Unicorn-40135.exe
2444	Unicorn-42705.exe
3792	Unicorn-42705.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
5792	5584	WerFault.exe	185
7044	6128	WerFault.exe	221
11572	6208	WerFault.exe	232
14852	13640	WerFault.exe	656
4320	7112	WerFault.exe	334
12664	2892	WerFault.exe	779

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54049.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35289.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33456.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36608.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21368.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32943.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34081.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50417.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63816.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11792.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14319.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56145.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42721.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34695.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17007.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27135.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18793.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43922.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18961.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5175.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59793.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56040.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5671.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34713.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24007.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51128.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38497.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42487.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11816.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64584.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10103.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17687.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	2364	dwm.exe
Token: SeChangeNotifyPrivilege	2364	dwm.exe
Token: 33	2364	dwm.exe
Token: SeIncBasePriorityPrivilege	2364	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5096	f04ad92ca6880739a2077a520d8abaf653977427b6c0bc48e2cc84588a7f64aa.exe
3664	Unicorn-32489.exe
1528	Unicorn-65457.exe
1716	Unicorn-45592.exe
4104	Unicorn-65104.exe
3360	Unicorn-27601.exe
3336	Unicorn-4942.exe
1728	Unicorn-3096.exe
2496	Unicorn-35489.exe
2772	Unicorn-35297.exe
4476	Unicorn-18961.exe
2268	Unicorn-15431.exe
4844	Unicorn-65208.exe
1652	Unicorn-35297.exe
4436	Unicorn-26864.exe
3228	Unicorn-29166.exe
4260	Unicorn-28001.exe
3000	Unicorn-26967.exe
400	Unicorn-54425.exe
4584	Unicorn-5032.exe
224	Unicorn-60984.exe
4880	Unicorn-5032.exe
456	Unicorn-50704.exe
1564	Unicorn-11783.exe
4996	Unicorn-64248.exe
4420	Unicorn-15312.exe
3172	Unicorn-41855.exe
3204	Unicorn-37705.exe
2260	Unicorn-54233.exe
3472	Unicorn-9182.exe
1784	Unicorn-39055.exe
4680	Unicorn-55201.exe
2020	Unicorn-18807.exe
4784	Unicorn-63561.exe
3248	Unicorn-23798.exe
212	Unicorn-62793.exe
2476	Unicorn-12367.exe
1892	Unicorn-12367.exe
3740	Unicorn-48185.exe
756	Unicorn-13903.exe
2276	Unicorn-17817.exe
3236	Unicorn-16862.exe
464	Unicorn-1096.exe
848	Unicorn-33961.exe
3880	Unicorn-41169.exe
3404	Unicorn-136.exe
4180	Unicorn-40207.exe
1372	Unicorn-65408.exe
1676	Unicorn-65481.exe
1804	Unicorn-136.exe
3036	Unicorn-24641.exe
1540	Unicorn-37447.exe
4672	Unicorn-520.exe
4360	Unicorn-46192.exe
1168	Unicorn-27254.exe
1072	Unicorn-26678.exe
3520	Unicorn-62720.exe
4496	Unicorn-33193.exe
3088	Unicorn-10918.exe
2700	Unicorn-33385.exe
4060	Unicorn-32928.exe
4964	Unicorn-54168.exe
2444	Unicorn-42705.exe
4176	Unicorn-42824.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5096 wrote to memory of 3664	5096	f04ad92ca6880739a2077a520d8abaf653977427b6c0bc48e2cc84588a7f64aa.exe	91
PID 5096 wrote to memory of 3664	5096	f04ad92ca6880739a2077a520d8abaf653977427b6c0bc48e2cc84588a7f64aa.exe	91
PID 5096 wrote to memory of 3664	5096	f04ad92ca6880739a2077a520d8abaf653977427b6c0bc48e2cc84588a7f64aa.exe	91
PID 5096 wrote to memory of 1716	5096	f04ad92ca6880739a2077a520d8abaf653977427b6c0bc48e2cc84588a7f64aa.exe	93
PID 5096 wrote to memory of 1716	5096	f04ad92ca6880739a2077a520d8abaf653977427b6c0bc48e2cc84588a7f64aa.exe	93
PID 5096 wrote to memory of 1716	5096	f04ad92ca6880739a2077a520d8abaf653977427b6c0bc48e2cc84588a7f64aa.exe	93
PID 3664 wrote to memory of 1528	3664	Unicorn-32489.exe	94
PID 3664 wrote to memory of 1528	3664	Unicorn-32489.exe	94
PID 3664 wrote to memory of 1528	3664	Unicorn-32489.exe	94
PID 1528 wrote to memory of 3360	1528	Unicorn-65457.exe	97
PID 1528 wrote to memory of 3360	1528	Unicorn-65457.exe	97
PID 1528 wrote to memory of 3360	1528	Unicorn-65457.exe	97
PID 3664 wrote to memory of 4104	3664	Unicorn-32489.exe	98
PID 3664 wrote to memory of 4104	3664	Unicorn-32489.exe	98
PID 3664 wrote to memory of 4104	3664	Unicorn-32489.exe	98
PID 1716 wrote to memory of 1728	1716	Unicorn-45592.exe	99
PID 1716 wrote to memory of 1728	1716	Unicorn-45592.exe	99
PID 1716 wrote to memory of 1728	1716	Unicorn-45592.exe	99
PID 5096 wrote to memory of 3336	5096	f04ad92ca6880739a2077a520d8abaf653977427b6c0bc48e2cc84588a7f64aa.exe	100
PID 5096 wrote to memory of 3336	5096	f04ad92ca6880739a2077a520d8abaf653977427b6c0bc48e2cc84588a7f64aa.exe	100
PID 5096 wrote to memory of 3336	5096	f04ad92ca6880739a2077a520d8abaf653977427b6c0bc48e2cc84588a7f64aa.exe	100
PID 4104 wrote to memory of 2496	4104	Unicorn-65104.exe	101
PID 4104 wrote to memory of 2496	4104	Unicorn-65104.exe	101
PID 4104 wrote to memory of 2496	4104	Unicorn-65104.exe	101
PID 3360 wrote to memory of 4476	3360	Unicorn-27601.exe	102
PID 3360 wrote to memory of 4476	3360	Unicorn-27601.exe	102
PID 3360 wrote to memory of 4476	3360	Unicorn-27601.exe	102
PID 1728 wrote to memory of 2772	1728	Unicorn-3096.exe	103
PID 1728 wrote to memory of 2772	1728	Unicorn-3096.exe	103
PID 1728 wrote to memory of 2772	1728	Unicorn-3096.exe	103
PID 3336 wrote to memory of 1652	3336	Unicorn-4942.exe	104
PID 3336 wrote to memory of 1652	3336	Unicorn-4942.exe	104
PID 3336 wrote to memory of 1652	3336	Unicorn-4942.exe	104
PID 1528 wrote to memory of 2268	1528	Unicorn-65457.exe	105
PID 1528 wrote to memory of 2268	1528	Unicorn-65457.exe	105
PID 1528 wrote to memory of 2268	1528	Unicorn-65457.exe	105
PID 3664 wrote to memory of 3228	3664	Unicorn-32489.exe	106
PID 3664 wrote to memory of 3228	3664	Unicorn-32489.exe	106
PID 3664 wrote to memory of 3228	3664	Unicorn-32489.exe	106
PID 5096 wrote to memory of 4436	5096	f04ad92ca6880739a2077a520d8abaf653977427b6c0bc48e2cc84588a7f64aa.exe	107
PID 5096 wrote to memory of 4436	5096	f04ad92ca6880739a2077a520d8abaf653977427b6c0bc48e2cc84588a7f64aa.exe	107
PID 5096 wrote to memory of 4436	5096	f04ad92ca6880739a2077a520d8abaf653977427b6c0bc48e2cc84588a7f64aa.exe	107
PID 1716 wrote to memory of 4844	1716	Unicorn-45592.exe	108
PID 1716 wrote to memory of 4844	1716	Unicorn-45592.exe	108
PID 1716 wrote to memory of 4844	1716	Unicorn-45592.exe	108
PID 2496 wrote to memory of 4260	2496	Unicorn-35489.exe	109
PID 2496 wrote to memory of 4260	2496	Unicorn-35489.exe	109
PID 2496 wrote to memory of 4260	2496	Unicorn-35489.exe	109
PID 4104 wrote to memory of 3000	4104	Unicorn-65104.exe	110
PID 4104 wrote to memory of 3000	4104	Unicorn-65104.exe	110
PID 4104 wrote to memory of 3000	4104	Unicorn-65104.exe	110
PID 4476 wrote to memory of 400	4476	Unicorn-18961.exe	111
PID 4476 wrote to memory of 400	4476	Unicorn-18961.exe	111
PID 4476 wrote to memory of 400	4476	Unicorn-18961.exe	111
PID 2772 wrote to memory of 4584	2772	Unicorn-35297.exe	112
PID 2772 wrote to memory of 4584	2772	Unicorn-35297.exe	112
PID 2772 wrote to memory of 4584	2772	Unicorn-35297.exe	112
PID 2268 wrote to memory of 4880	2268	Unicorn-15431.exe	114
PID 2268 wrote to memory of 4880	2268	Unicorn-15431.exe	114
PID 2268 wrote to memory of 4880	2268	Unicorn-15431.exe	114
PID 3360 wrote to memory of 456	3360	Unicorn-27601.exe	113
PID 3360 wrote to memory of 456	3360	Unicorn-27601.exe	113
PID 3360 wrote to memory of 456	3360	Unicorn-27601.exe	113
PID 3228 wrote to memory of 2260	3228	Unicorn-29166.exe	115

C:\Users\Admin\AppData\Local\Temp\f04ad92ca6880739a2077a520d8abaf653977427b6c0bc48e2cc84588a7f64aa.exe
"C:\Users\Admin\AppData\Local\Temp\f04ad92ca6880739a2077a520d8abaf653977427b6c0bc48e2cc84588a7f64aa.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5096
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65457.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27601.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18961.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54425.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62793.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8024.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
        9⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14376.exe
        10⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61185.exe
        11⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5215.exe
        11⤵
        
        PID:12636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        11⤵
        
        PID:16984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9134.exe
        10⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:16016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13831.exe
        9⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46873.exe
        10⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exe
        10⤵
        
        PID:14576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
        10⤵
        
        PID:17948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24285.exe
        10⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24702.exe
        9⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41808.exe
        9⤵
        
        PID:16104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18897.exe
        9⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16993.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:11408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20679.exe
        10⤵
        
        PID:15496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28655.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21832.exe
        9⤵
        
        PID:16552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11142.exe
        8⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-280.exe
        9⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56145.exe
        9⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15495.exe
        8⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11816.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33659.exe
        7⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57936.exe
        8⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16033.exe
        9⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29423.exe
        9⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45455.exe
        8⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35514.exe
        8⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65024.exe
        7⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32369.exe
        8⤵
        
        PID:11468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
        8⤵
        
        PID:15596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57033.exe
        7⤵
        
        PID:11944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37143.exe
        7⤵
        
        PID:16052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12367.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9487.exe
        7⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39737.exe
        8⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
        9⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
        10⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13087.exe
        10⤵
        
        PID:15996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60560.exe
        9⤵
        
        PID:12088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        9⤵
        
        PID:15372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        8⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        8⤵
        
        PID:13104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42960.exe
        8⤵
        
        PID:15892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13534.exe
        7⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
        8⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
        8⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        8⤵
        
        PID:14884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47376.exe
        7⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61703.exe
        7⤵
        
        PID:14428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29504.exe
        7⤵
        
        PID:17308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47395.exe
        6⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-567.exe
        7⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
        8⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19705.exe
        9⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6368.exe
        9⤵
        
        PID:16152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1078.exe
        8⤵
        
        PID:12812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41649.exe
        8⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
        7⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-497.exe
        8⤵
        
        PID:17448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16830.exe
        7⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18409.exe
        7⤵
        
        PID:15644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53448.exe
        7⤵
        
        PID:17220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15335.exe
        6⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26977.exe
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
        7⤵
        
        PID:13152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        7⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2920.exe
        6⤵
        
        PID:10120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63287.exe
        6⤵
        
        PID:13520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33456.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50704.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        7⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19561.exe
        8⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34081.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-848.exe
        10⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43471.exe
        10⤵
        
        PID:15084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        10⤵
        
        PID:18280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12406.exe
        9⤵
        
        PID:12640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
        9⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22103.exe
        8⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9822.exe
        8⤵
        
        PID:12888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13008.exe
        8⤵
        
        PID:17648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56465.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exe
        7⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20449.exe
        8⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10887.exe
        8⤵
        
        PID:14940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
        8⤵
        
        PID:15528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60936.exe
        7⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44791.exe
        7⤵
        
        PID:14964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5583.exe
        7⤵
        
        PID:14796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50701.exe
        7⤵
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58496.exe
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61745.exe
        7⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        8⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20679.exe
        8⤵
        
        PID:15652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32103.exe
        7⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11846.exe
        7⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35097.exe
        7⤵
        
        PID:15780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14302.exe
        6⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32265.exe
        7⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56040.exe
        7⤵
        
        PID:12468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        7⤵
        
        PID:15180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36608.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
        6⤵
        
        PID:13212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43490.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27254.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42721.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
        7⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42841.exe
        8⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7711.exe
        8⤵
        
        PID:13484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        8⤵
        
        PID:17576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58720.exe
        7⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
        7⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41649.exe
        7⤵
        
        PID:17968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29487.exe
        6⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
        7⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        7⤵
        
        PID:14940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47863.exe
        6⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        6⤵
        
        PID:16176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe
        5⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18129.exe
        6⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 540
        7⤵
        Program crash
        
        PID:4320
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 652
        6⤵
        Program crash
        
        PID:11572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1518.exe
        5⤵
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-497.exe
        6⤵
        
        PID:17440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64192.exe
        5⤵
        
        PID:13012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22057.exe
        5⤵
        
        PID:16496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15431.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5032.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
        7⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53385.exe
        8⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43017.exe
        9⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22177.exe
        10⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38242.exe
        11⤵
        
        PID:16932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2598.exe
        11⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
        10⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        10⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10967.exe
        9⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        9⤵
        
        PID:14732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56120.exe
        8⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9630.exe
        8⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1104.exe
        8⤵
        
        PID:17484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33711.exe
        7⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11792.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39335.exe
        8⤵
        
        PID:13364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42305.exe
        8⤵
        
        PID:16116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45839.exe
        7⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-497.exe
        8⤵
        
        PID:17416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17711.exe
        7⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        7⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe
        6⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2560.exe
        7⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41305.exe
        8⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
        8⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59791.exe
        7⤵
        
        PID:12736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21176.exe
        7⤵
        
        PID:17600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19310.exe
        6⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29231.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64888.exe
        6⤵
        
        PID:12944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34784.exe
        6⤵
        
        PID:15580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37447.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34169.exe
        6⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
        7⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50856.exe
        7⤵
        
        PID:13720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        7⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe
        6⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-497.exe
        7⤵
        
        PID:16428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        6⤵
        
        PID:12452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59793.exe
        6⤵
        
        PID:16008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27760.exe
        5⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        6⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58936.exe
        6⤵
        
        PID:14444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
        6⤵
        
        PID:16904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24311.exe
        6⤵
        
        PID:10876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15496.exe
        6⤵
        
        PID:15744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38487.exe
        5⤵
        
        PID:1256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21377.exe
        6⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61745.exe
        7⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57153.exe
        8⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17977.exe
        9⤵
        
        PID:14080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56449.exe
        9⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        8⤵
        
        PID:12240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62096.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56311.exe
        7⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50969.exe
        8⤵
        
        PID:17924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58881.exe
        8⤵
        
        PID:17512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4831.exe
        7⤵
        
        PID:14488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        7⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19103.exe
        6⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23905.exe
        7⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64208.exe
        7⤵
        
        PID:12580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        7⤵
        
        PID:12732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14406.exe
        6⤵
        
        PID:9256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1463.exe
        6⤵
        
        PID:13260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
        6⤵
        
        PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25438.exe
        5⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
        6⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9808.exe
        7⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7520.exe
        7⤵
        
        PID:15396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1078.exe
        6⤵
        
        PID:13348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24285.exe
        6⤵
        
        PID:7204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
        5⤵
        
        PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7022.exe
        5⤵
        
        PID:12872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1648.exe
        5⤵
        
        PID:6928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32928.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21377.exe
        5⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4096.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57345.exe
        7⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1448.exe
        8⤵
        
        PID:12920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7328.exe
        8⤵
        
        PID:15936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        7⤵
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        7⤵
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42087.exe
        6⤵
        
        PID:8340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
        6⤵
        
        PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44095.exe
        5⤵
        
        PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46336.exe
        5⤵
        
        PID:11776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14142.exe
        5⤵
        
        PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40568.exe
        5⤵
        
        PID:18004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49743.exe
      4⤵
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14184.exe
        5⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45721.exe
        6⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26352.exe
        7⤵
        
        PID:16804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20173.exe
        7⤵
        
        PID:10960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
        6⤵
        
        PID:13476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        6⤵
        
        PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18646.exe
        5⤵
        
        PID:11248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58336.exe
        5⤵
        
        PID:15952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40415.exe
      4⤵
      PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13152.exe
        5⤵
        
        PID:9992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        5⤵
        
        PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38577.exe
      4⤵
      PID:10700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31808.exe
      4⤵
      PID:16064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65104.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65104.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35489.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28001.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55201.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42705.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60873.exe
        8⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29369.exe
        9⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26343.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43649.exe
        10⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8471.exe
        9⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49703.exe
        9⤵
        
        PID:15080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14639.exe
        9⤵
        
        PID:15028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        9⤵
        
        PID:17680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1823.exe
        8⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57065.exe
        9⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:15060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
        9⤵
        
        PID:15588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24510.exe
        8⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
        8⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40343.exe
        7⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61185.exe
        8⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
        8⤵
        
        PID:11936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        8⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30166.exe
        7⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1463.exe
        7⤵
        
        PID:13248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10591.exe
        7⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40135.exe
        6⤵
        Executes dropped EXE
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19945.exe
        7⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30271.exe
        8⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        8⤵
        
        PID:12936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58177.exe
        8⤵
        
        PID:17716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe
        7⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9808.exe
        8⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64617.exe
        8⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        7⤵
        
        PID:12436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
        7⤵
        
        PID:15560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37743.exe
        6⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56961.exe
        7⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
        8⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62096.exe
        7⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16648.exe
        8⤵
        
        PID:16320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        7⤵
        
        PID:14924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17761.exe
        7⤵
        
        PID:15104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27864.exe
        6⤵
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
        6⤵
        
        PID:12536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17641.exe
        6⤵
        
        PID:16240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18807.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42705.exe
        6⤵
        Executes dropped EXE
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60873.exe
        7⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61465.exe
        8⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61185.exe
        9⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
        9⤵
        
        PID:11932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        9⤵
        
        PID:15716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        8⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
        8⤵
        
        PID:14536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8976.exe
        8⤵
        
        PID:17564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29487.exe
        7⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
        8⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49912.exe
        8⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12511.exe
        8⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9134.exe
        8⤵
        
        PID:16380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47863.exe
        7⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        7⤵
        
        PID:15960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-271.exe
        6⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
        7⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50856.exe
        7⤵
        
        PID:13704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        7⤵
        
        PID:15056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52751.exe
        6⤵
        
        PID:8296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9135.exe
        6⤵
        
        PID:16036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36575.exe
        5⤵
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28113.exe
        6⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41865.exe
        7⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46873.exe
        8⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
        8⤵
        
        PID:14956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        8⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13079.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43649.exe
        7⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        6⤵
        
        PID:12460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        6⤵
        
        PID:12496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
        6⤵
        
        PID:16748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38497.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43608.exe
        5⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16993.exe
        6⤵
        
        PID:11396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        6⤵
        
        PID:15364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19198.exe
        5⤵
        
        PID:8888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41799.exe
        5⤵
        
        PID:13284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33234.exe
        5⤵
        
        PID:7472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63561.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42513.exe
        6⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        7⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
        8⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-497.exe
        9⤵
        
        PID:16448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
        8⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        8⤵
        
        PID:17896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        7⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27416.exe
        7⤵
        
        PID:12824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
        7⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41761.exe
        7⤵
        
        PID:17672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48512.exe
        6⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1216.exe
        7⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65425.exe
        8⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
        8⤵
        
        PID:14752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12511.exe
        8⤵
        
        PID:15504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45568.exe
        7⤵
        
        PID:11960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29231.exe
        7⤵
        
        PID:15860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34024.exe
        6⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9710.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13640 -s 464
        7⤵
        Program crash
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-576.exe
        6⤵
        
        PID:16248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38983.exe
        5⤵
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34169.exe
        6⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41865.exe
        7⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49289.exe
        8⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15496.exe
        8⤵
        
        PID:15900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
        7⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        7⤵
        
        PID:15660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20374.exe
        6⤵
        
        PID:9404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49704.exe
        6⤵
        
        PID:13396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
        6⤵
        
        PID:1208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27760.exe
        5⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        6⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58272.exe
        6⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        6⤵
        
        PID:15692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54087.exe
        5⤵
        
        PID:9524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5671.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21209.exe
        5⤵
        
        PID:17760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23798.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1480.exe
        5⤵
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42721.exe
        6⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4096.exe
        7⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53697.exe
        8⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
        8⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        8⤵
        
        PID:15228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58986.exe
        8⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64503.exe
        7⤵
        
        PID:14412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1104.exe
        7⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38039.exe
        6⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30073.exe
        7⤵
        
        PID:11868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19911.exe
        7⤵
        
        PID:16292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14998.exe
        6⤵
        
        PID:11112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26431.exe
        6⤵
        
        PID:15756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57344.exe
        5⤵
        
        PID:8748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56753.exe
        5⤵
        
        PID:12912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62912.exe
        5⤵
        
        PID:1388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18601.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61081.exe
        6⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56961.exe
        7⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39113.exe
        8⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31151.exe
        8⤵
        
        PID:16700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62096.exe
        7⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        7⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33535.exe
        6⤵
        
        PID:8636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61135.exe
        6⤵
        
        PID:13728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8976.exe
        6⤵
        
        PID:17908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21319.exe
        5⤵
        
        PID:7976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
        6⤵
        
        PID:9696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
        6⤵
        
        PID:14344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3959.exe
        6⤵
        
        PID:16220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49583.exe
        6⤵
        
        PID:10568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47863.exe
        5⤵
        
        PID:10944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34983.exe
        5⤵
        
        PID:928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59831.exe
      4⤵
      PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50801.exe
        5⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25161.exe
        6⤵
        
        PID:11320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        5⤵
        
        PID:11980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        5⤵
        
        PID:1276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57066.exe
        5⤵
        
        PID:14176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42351.exe
      4⤵
      PID:8908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15720.exe
      4⤵
      PID:12984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62912.exe
      4⤵
      PID:6124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29166.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24641.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29545.exe
        6⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 220
        7⤵
        Program crash
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7583.exe
        6⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46873.exe
        7⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26352.exe
        8⤵
        
        PID:16812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61206.exe
        8⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        7⤵
        
        PID:15232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26814.exe
        6⤵
        
        PID:11088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35097.exe
        6⤵
        
        PID:15788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57640.exe
        5⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1216.exe
        6⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-88.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-88.exe
        7⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7520.exe
        7⤵
        
        PID:1392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34519.exe
        6⤵
        
        PID:11680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59793.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28438.exe
        5⤵
        
        PID:8440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60145.exe
        6⤵
        
        PID:11976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16568.exe
        6⤵
        
        PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9911.exe
        5⤵
        
        PID:12564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4999.exe
        5⤵
        
        PID:16596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62720.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        5⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49177.exe
        6⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24969.exe
        7⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-497.exe
        8⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15112.exe
        7⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        7⤵
        
        PID:14600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        6⤵
        
        PID:12216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
        6⤵
        
        PID:15604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
        5⤵
        
        PID:8136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        5⤵
        
        PID:13112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-311.exe
        5⤵
        
        PID:17568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23702.exe
      4⤵
      PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46873.exe
        5⤵
        
        PID:10320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
        5⤵
        
        PID:14972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27121.exe
        5⤵
        
        PID:736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36887.exe
      4⤵
      PID:9340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5431.exe
      4⤵
      PID:15768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64248.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64248.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36281.exe
        6⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
        7⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
        7⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        7⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe
        6⤵
        
        PID:8276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        6⤵
        
        PID:12428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6279.exe
        6⤵
        
        PID:15196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        6⤵
        
        PID:17328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24007.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42487.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        6⤵
        
        PID:15732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21998.exe
        5⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-497.exe
        6⤵
        
        PID:17436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1463.exe
        5⤵
        
        PID:12292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34711.exe
        5⤵
        
        PID:6908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55616.exe
      4⤵
      PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44833.exe
        5⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42249.exe
        6⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49673.exe
        7⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6176.exe
        7⤵
        
        PID:16256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11712.exe
        7⤵
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12406.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29809.exe
        6⤵
        
        PID:16896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56486.exe
        6⤵
        
        PID:10652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31231.exe
        5⤵
        
        PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4046.exe
        5⤵
        
        PID:12508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29617.exe
        5⤵
        
        PID:16880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        5⤵
        
        PID:10612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27760.exe
      4⤵
      PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
        5⤵
        
        PID:14856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52312.exe
        5⤵
        
        PID:17644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13630.exe
      4⤵
      PID:10280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30367.exe
      4⤵
      PID:7700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6504.exe
      4⤵
      PID:14884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52351.exe
      4⤵
      PID:7220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16862.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16862.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
      4⤵
      PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43031.exe
        5⤵
        
        PID:8108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        6⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58272.exe
        6⤵
        
        PID:15352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        6⤵
        
        PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
        5⤵
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58713.exe
        5⤵
        
        PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17951.exe
      4⤵
      PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13359.exe
        5⤵
        
        PID:8540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17711.exe
        5⤵
        
        PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-311.exe
        5⤵
        
        PID:17544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52751.exe
      4⤵
      PID:8524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37465.exe
        5⤵
        
        PID:11728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1743.exe
      4⤵
      PID:12596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25895.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25895.exe
    3⤵
    PID:5440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4952.exe
      4⤵
      PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
        5⤵
        
        PID:9244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
        5⤵
        
        PID:12084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        5⤵
        
        PID:5700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55840.exe
      4⤵
      PID:9388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6440.exe
        5⤵
        
        PID:15292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        5⤵
        
        PID:15420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43839.exe
      4⤵
      PID:13408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37287.exe
      4⤵
      PID:16824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29225.exe
    3⤵
    PID:6532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
      4⤵
      PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16417.exe
        5⤵
        
        PID:11576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4919.exe
        5⤵
        
        PID:15540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
      4⤵
      PID:12208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53928.exe
      4⤵
      PID:16208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21166.exe
    3⤵
    PID:8416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40447.exe
    3⤵
    PID:12524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64353.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64353.exe
    3⤵
    PID:16628
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45592.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45592.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3096.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3096.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5032.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48185.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
        7⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27345.exe
        8⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
        9⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17977.exe
        10⤵
        
        PID:14056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
        10⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
        9⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29617.exe
        9⤵
        
        PID:16740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39766.exe
        9⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        8⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55641.exe
        9⤵
        
        PID:15220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64208.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:16616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48431.exe
        9⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25496.exe
        8⤵
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
        8⤵
        
        PID:17356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21894.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62057.exe
        8⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
        8⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        8⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22296.exe
        7⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44791.exe
        7⤵
        
        PID:14980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42530.exe
        7⤵
        
        PID:15972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22559.exe
        6⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19753.exe
        7⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
        8⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50856.exe
        8⤵
        
        PID:13712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5398.exe
        8⤵
        
        PID:14420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45256.exe
        8⤵
        
        PID:16788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32128.exe
        8⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe
        7⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46330.exe
        8⤵
        
        PID:17872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2598.exe
        8⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        7⤵
        
        PID:12408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
        7⤵
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23518.exe
        6⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25175.exe
        7⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25496.exe
        7⤵
        
        PID:12540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        7⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3935.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58335.exe
        6⤵
        
        PID:12308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45368.exe
        6⤵
        
        PID:17976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
        6⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        7⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17361.exe
        8⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11320.exe
        9⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
        9⤵
        
        PID:14360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53928.exe
        9⤵
        
        PID:16192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43920.exe
        8⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
        8⤵
        
        PID:14496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27121.exe
        8⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
        7⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64385.exe
        8⤵
        
        PID:15316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16568.exe
        8⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12406.exe
        7⤵
        
        PID:12628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27121.exe
        7⤵
        
        PID:15428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32368.exe
        6⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8256.exe
        7⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
        7⤵
        
        PID:15636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3838.exe
        6⤵
        
        PID:11136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58866.exe
        6⤵
        
        PID:15920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19766.exe
        5⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        6⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42249.exe
        7⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
        8⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
        8⤵
        
        PID:14888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        8⤵
        
        PID:17780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52960.exe
        7⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        7⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28158.exe
        6⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
        6⤵
        
        PID:13572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12703.exe
        6⤵
        
        PID:17900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24278.exe
        6⤵
        
        PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        5⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51009.exe
        6⤵
        
        PID:9492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40383.exe
        6⤵
        
        PID:13512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39816.exe
        6⤵
        
        PID:17740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
        5⤵
        
        PID:9980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4864.exe
        5⤵
        
        PID:14384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48879.exe
        5⤵
        
        PID:17612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60984.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25735.exe
        6⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
        7⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63209.exe
        8⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58360.exe
        8⤵
        
        PID:14908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15503.exe
        8⤵
        
        PID:17912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58223.exe
        8⤵
        
        PID:15012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27495.exe
        7⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10784.exe
        7⤵
        
        PID:15552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
        6⤵
        
        PID:8976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23856.exe
        6⤵
        
        PID:12996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49232.exe
        6⤵
        
        PID:7556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
        5⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42249.exe
        6⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
        7⤵
        
        PID:11448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        7⤵
        
        PID:15708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
        6⤵
        
        PID:11752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16942.exe
        6⤵
        
        PID:14924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
        6⤵
        
        PID:18016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34024.exe
        5⤵
        
        PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65210.exe
        5⤵
        
        PID:17340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10918.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3504.exe
        5⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30801.exe
        6⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
        7⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29882.exe
        8⤵
        
        PID:16580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33054.exe
        8⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe
        7⤵
        
        PID:12572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63056.exe
        7⤵
        
        PID:15844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30759.exe
        6⤵
        
        PID:9700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44991.exe
        6⤵
        
        PID:13696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
        6⤵
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
        5⤵
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29489.exe
        6⤵
        
        PID:10264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        6⤵
        
        PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14318.exe
        5⤵
        
        PID:8384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62200.exe
        5⤵
        
        PID:14624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
        5⤵
        
        PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2767.exe
      4⤵
      PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44465.exe
        5⤵
        
        PID:9420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30103.exe
        5⤵
        
        PID:13416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        5⤵
        
        PID:5668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27366.exe
      4⤵
      PID:9056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41799.exe
      4⤵
      PID:13268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61648.exe
      4⤵
      PID:16308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65208.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12367.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41273.exe
        5⤵
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57936.exe
        6⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
        7⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        7⤵
        
        PID:15412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45455.exe
        6⤵
        
        PID:11672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18409.exe
        6⤵
        
        PID:15488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16022.exe
        5⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
        6⤵
        
        PID:9596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49912.exe
        6⤵
        
        PID:13740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20679.exe
        6⤵
        
        PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61976.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22648.exe
        5⤵
        
        PID:14732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59839.exe
        5⤵
        
        PID:16484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35143.exe
      4⤵
      PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34169.exe
        5⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32265.exe
        6⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3073.exe
        7⤵
        
        PID:15916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56040.exe
        6⤵
        
        PID:12688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10784.exe
        6⤵
        
        PID:16080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50256.exe
        5⤵
        
        PID:8284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2920.exe
        5⤵
        
        PID:6588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
      4⤵
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55041.exe
        5⤵
        
        PID:9252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exe
        5⤵
        
        PID:14520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29617.exe
        5⤵
        
        PID:16660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56185.exe
        5⤵
        
        PID:10456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21791.exe
      4⤵
      PID:10256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58294.exe
      4⤵
      PID:15216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2016.exe
      4⤵
      PID:16680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41855.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33961.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
        5⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24687.exe
        6⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39473.exe
        7⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
        7⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        7⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        6⤵
        
        PID:14512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37399.exe
        6⤵
        
        PID:17856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33022.exe
        6⤵
        
        PID:8356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9783.exe
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        6⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1448.exe
        7⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56145.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        6⤵
        
        PID:12248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        6⤵
        
        PID:15380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31126.exe
        5⤵
        
        PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42112.exe
        5⤵
        
        PID:13172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        5⤵
        
        PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-359.exe
      4⤵
      PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56177.exe
        5⤵
        
        PID:7724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        6⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15688.exe
        7⤵
        
        PID:15440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        6⤵
        
        PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18943.exe
        5⤵
        
        PID:10720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
        5⤵
        
        PID:15468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
        5⤵
        
        PID:12844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42751.exe
      4⤵
      PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46873.exe
        5⤵
        
        PID:9208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exe
        5⤵
        
        PID:15204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        5⤵
        
        PID:15668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32680.exe
      4⤵
      PID:11068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
      4⤵
      PID:15852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
      4⤵
      PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61745.exe
        5⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35145.exe
        6⤵
        
        PID:9200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
        6⤵
        
        PID:13124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        6⤵
        
        PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
        5⤵
        
        PID:15124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5974.exe
        5⤵
        
        PID:15176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61705.exe
        5⤵
        
        PID:17960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41344.exe
        5⤵
        
        PID:6112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18911.exe
      4⤵
      PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49177.exe
        5⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51593.exe
        6⤵
        
        PID:12188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26080.exe
        6⤵
        
        PID:17720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        5⤵
        
        PID:12224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        5⤵
        
        PID:14796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
      4⤵
      PID:6296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58448.exe
      4⤵
      PID:13184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57976.exe
      4⤵
      PID:16456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8902.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8902.exe
    3⤵
    PID:5252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1216.exe
      4⤵
      PID:7704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64593.exe
        5⤵
        
        PID:14052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64617.exe
        5⤵
        
        PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4151.exe
      4⤵
      PID:11880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53928.exe
      4⤵
      PID:16184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16503.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16503.exe
    3⤵
    PID:8612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24969.exe
      4⤵
      PID:8932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56145.exe
      4⤵
      PID:15612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33489.exe
    3⤵
    PID:11552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37143.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37143.exe
    3⤵
    PID:16072
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4942.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4942.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15312.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33385.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25735.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4143.exe
        7⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        7⤵
        
        PID:15724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44024.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46903.exe
        6⤵
        
        PID:15160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35514.exe
        6⤵
        
        PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe
        5⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42249.exe
        6⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11241.exe
        7⤵
        
        PID:16532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        7⤵
        
        PID:12708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45568.exe
        6⤵
        
        PID:11952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        6⤵
        
        PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
        5⤵
        
        PID:8620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2311.exe
        5⤵
        
        PID:9984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26042.exe
        6⤵
        
        PID:16280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43447.exe
        5⤵
        
        PID:12884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32696.exe
        5⤵
        
        PID:7552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28969.exe
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61745.exe
        6⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25825.exe
        7⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53735.exe
        7⤵
        
        PID:13864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        7⤵
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63816.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
        6⤵
        
        PID:13748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        6⤵
        
        PID:17688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49768.exe
        5⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
        6⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55760.exe
        6⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        6⤵
        
        PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29694.exe
        5⤵
        
        PID:10104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27416.exe
        5⤵
        
        PID:13676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        5⤵
        
        PID:5596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21022.exe
      4⤵
      PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25175.exe
        5⤵
        
        PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11166.exe
        5⤵
        
        PID:13368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
        5⤵
        
        PID:16776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39649.exe
        5⤵
        
        PID:10500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe
      4⤵
      PID:8472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
      4⤵
      PID:13580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18793.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11783.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41169.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
        5⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52233.exe
        6⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30271.exe
        7⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37282.exe
        8⤵
        
        PID:16764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        7⤵
        
        PID:12928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
        7⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18333.exe
        7⤵
        
        PID:12808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe
        6⤵
        
        PID:8304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        6⤵
        
        PID:12444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26623.exe
        6⤵
        
        PID:15452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1615.exe
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37169.exe
        6⤵
        
        PID:9936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
        6⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
        5⤵
        
        PID:8568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1463.exe
        5⤵
        
        PID:13240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        5⤵
        
        PID:17664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-359.exe
      4⤵
      PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45321.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20833.exe
        6⤵
        
        PID:9440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26545.exe
        6⤵
        
        PID:15516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
        6⤵
        
        PID:17320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
        5⤵
        
        PID:9584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
        5⤵
        
        PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
        5⤵
        
        PID:16644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51775.exe
      4⤵
      PID:8036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32953.exe
        5⤵
        
        PID:12024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7520.exe
        5⤵
        
        PID:15388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20863.exe
      4⤵
      PID:10976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44127.exe
      4⤵
      PID:15236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-768.exe
      4⤵
      PID:16164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54049.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30609.exe
        5⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61185.exe
        6⤵
        
        PID:9296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64312.exe
        6⤵
        
        PID:13632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        6⤵
        
        PID:15700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64584.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        5⤵
        
        PID:12952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8976.exe
        5⤵
        
        PID:17880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26415.exe
      4⤵
      PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
        5⤵
        
        PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
        5⤵
        
        PID:14864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7143.exe
        5⤵
        
        PID:17628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33335.exe
        5⤵
        
        PID:440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22206.exe
      4⤵
      PID:10548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
      4⤵
      PID:15880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
    3⤵
    PID:6128
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
      4⤵
      Program crash
      PID:7044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
    3⤵
    PID:8208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58608.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58608.exe
    3⤵
    PID:12488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53194.exe
    3⤵
    PID:3728
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26864.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26864.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37705.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37705.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33193.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53281.exe
        5⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56177.exe
        6⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        7⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58272.exe
        7⤵
        
        PID:15344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        7⤵
        
        PID:15404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40951.exe
        6⤵
        
        PID:10620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32214.exe
        6⤵
        
        PID:14768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58177.exe
        6⤵
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28631.exe
        5⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14968.exe
        6⤵
        
        PID:9316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58360.exe
        6⤵
        
        PID:14900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10208.exe
        6⤵
        
        PID:15624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
        5⤵
        
        PID:11256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33831.exe
        5⤵
        
        PID:15984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7095.exe
      4⤵
      PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19665.exe
        5⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44657.exe
        6⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
        6⤵
        
        PID:13292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52312.exe
        6⤵
        
        PID:17588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17302.exe
        5⤵
        
        PID:10464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59751.exe
      4⤵
      PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46873.exe
        5⤵
        
        PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50192.exe
        5⤵
        
        PID:14924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        5⤵
        
        PID:15176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61896.exe
      4⤵
      PID:10904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
      4⤵
      PID:16128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54168.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54168.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
      4⤵
      PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61745.exe
        5⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32265.exe
        6⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56145.exe
        7⤵
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56040.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15391.exe
        6⤵
        
        PID:16840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40263.exe
        6⤵
        
        PID:10840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17007.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25496.exe
        5⤵
        
        PID:13404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9711.exe
        5⤵
        
        PID:676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10742.exe
      4⤵
      PID:7916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60033.exe
        5⤵
        
        PID:9140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12423.exe
        5⤵
        
        PID:12960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23479.exe
        5⤵
        
        PID:17772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52088.exe
      4⤵
      PID:10084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18750.exe
      4⤵
      PID:12588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18176.exe
      4⤵
      PID:6756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
    3⤵
    PID:6120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50417.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33521.exe
        5⤵
        
        PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43471.exe
        5⤵
        
        PID:14712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        5⤵
        
        PID:232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53736.exe
      4⤵
      PID:11924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29423.exe
      4⤵
      PID:15460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34304.exe
    3⤵
    PID:8448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29882.exe
      4⤵
      PID:16608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48322.exe
      4⤵
      PID:17024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1246.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1246.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:12516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4416.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4416.exe
    3⤵
    PID:16728
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39055.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39055.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
      4⤵
      PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57552.exe
        5⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14968.exe
        6⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 444
        7⤵
        Program crash
        
        PID:12664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16622.exe
        5⤵
        
        PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4831.exe
        5⤵
        
        PID:14392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12703.exe
        5⤵
        
        PID:18184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58984.exe
      4⤵
      PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16313.exe
        5⤵
        
        PID:7928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30191.exe
        5⤵
        
        PID:11328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        5⤵
        
        PID:15676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63991.exe
      4⤵
      PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42112.exe
      4⤵
      PID:13136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
      4⤵
      PID:17656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8134.exe
      4⤵
      PID:8776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
    3⤵
    PID:5732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38409.exe
      4⤵
      PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        5⤵
        
        PID:10892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        5⤵
        
        PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
      4⤵
      PID:11764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51625.exe
      4⤵
      PID:15872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36887.exe
    3⤵
    PID:7316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17401.exe
      4⤵
      PID:12820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55489.exe
      4⤵
      PID:6516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14623.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14623.exe
    3⤵
    PID:12100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2119.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2119.exe
    3⤵
    PID:16140
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40207.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40207.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60873.exe
    3⤵
    PID:5852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
      4⤵
      PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
        5⤵
        
        PID:9268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
        5⤵
        
        PID:12376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17302.exe
      4⤵
      PID:8640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34983.exe
      4⤵
      PID:2720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21319.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21319.exe
    3⤵
    PID:7984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
      4⤵
      PID:9016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
      4⤵
      PID:14872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43952.exe
      4⤵
      PID:17944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56031.exe
    3⤵
    PID:10916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34983.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34983.exe
    3⤵
    PID:15476
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51809.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51809.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53697.exe
    3⤵
    PID:9632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
    3⤵
    PID:14352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
    3⤵
    PID:15684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6366.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6366.exe
  2⤵
  PID:4788
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31999.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31999.exe
  2⤵
  PID:13300
- C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
  2⤵
  PID:16092
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6377.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6377.exe
  2⤵
  PID:17228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5584 -ip 5584
1⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 6128 -ip 6128
1⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 6208 -ip 6208
1⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 13640 -ip 13640
1⤵
PID:14716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 12928 -ip 12928
1⤵
PID:14744

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 7112 -ip 7112
1⤵
PID:17324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2892 -ip 2892
1⤵
PID:13652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11783.exe

Filesize
468KB

MD5
c1dd32a74dc11f37825b56b652d6ed3a

SHA1
bd9ad0b464755390fc4c11e2c87a073c04754828

SHA256
ad827cfe59ad219d4500d992ee452046383b3794188c91625b02d07977eabac2

SHA512
8fee4c308ae26ef6b257cacd899c3c3a1ae5e572b6d5041d0f29e5b37b85c3d6ee1d1f60e9a63521813b581bcf20fd0ab43d2cef640ce49c86e56079eae44c42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15312.exe

Filesize
468KB

MD5
04dbc7e762a9197321edc890f955314b

SHA1
fbef3074825a3f0708cf640c8b0cfaf65e74b7c9

SHA256
a75d63d95a99468d12db3cbc53c88df87a857b4ae1ada20627ab77471d0840c0

SHA512
95fa7db8d32e06feca9d4915d79e078ca7f8c0077d8844a15ace10f1d582ae8aef890458f423909deaea1a18ebbc2d77f1b331ba5739c6b8606b01fc9ebcb85a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15431.exe

Filesize
468KB

MD5
86f495d7163e82d0432013572da00333

SHA1
0eba454be55cc7b3c00fb61d3bdacb5ccec3e9df

SHA256
7114af63a0fcfd56c3b2de72095ff56212a9e3ffe7a8d9f177078490312f2b05

SHA512
4dc060cdecb8542d2ec26ab8cc9f1babd53384562a0139eb55cc09a5ba3751f4bb2cd52956a438ef20301baca99f59bb02b999a2d63dd7b3239df09c10a7ead6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18807.exe

Filesize
468KB

MD5
ef495b8e3a086efe3fe85a95f2c5c90e

SHA1
e17ad6c85243528cdbadd57c06a9f13fb4487f0b

SHA256
d2d06093641aee87fea75a28d9fb23d518c0ee11410ac1c127d0ca92c5b535c0

SHA512
daaf9df711e9caf4c111b667dca6915f9b6ab0dec4dabbd27e16aa97b8406e6e3b230fcf57006c863e0cd123ccc5bf548e06fae337889157b6d0fcee983c677f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18961.exe

Filesize
468KB

MD5
5ae036159def5c3bcc38bd163203597c

SHA1
fb2fa97f05bb9878a2cc9b049586182d3c5278e2

SHA256
647b86387f874088d37db0c6af5c3f8a18a1d2f9b9ed45c70f434759887515ba

SHA512
bef207d5fb85964784e005d4cb74bd6cfe62bc3ded3c630df853bbc7d60a325e13383ea949bc45c60bc3257f17055c8cf81d323d602b491bfd42b6f25f8e8200

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26864.exe

Filesize
468KB

MD5
96b453d7b526fcf60815b62a95fa0604

SHA1
39e73c7875a0363012a25d39364c840776ffad85

SHA256
5370377e81f57d653f9c64952afaad40415358b5f0852976685d6e99628a781a

SHA512
9517c3560df6830547fc9081e57c13f4422cf9835038f95f3deefa87eed38b6584621e2e2a83a6c1285f1abe7b9ce75423fab1d822b9c9b96c2af3cd01d90372

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe

Filesize
468KB

MD5
fe10f56e11c732a62226897ce2aa40fd

SHA1
7b0ab5d4048d1b89c6c7079de9ab9011276fe691

SHA256
eddab4cb653f2e7b0f3bdac8f32a6756c810a430e81c4a466c42f0c364823576

SHA512
1927f7659358bdfc55d70fedc5805e51a3cad27141330c2ed2ec6dfc4d2b73a700b2c5e1952e95969d74dd03e336570ebeb20b72dd9609c232aff967b7604fec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27601.exe

Filesize
468KB

MD5
dee763861bd4f283096ecea92f9ff8bb

SHA1
b9f5c27295439f6507ebcb40cc454e4284e775e7

SHA256
626e3f84c87edc610e36c1b2ab7914d58c9afa3f670e95105434f6f4e96e217c

SHA512
d40ca2bd152b0ea236efcc70f269092c7242b9d18c4a0a929556576973f56e72946212d156bd3cbcd2662f45cc09a7c5ca761c0168d0134ce5ff5828ea199d00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28001.exe

Filesize
468KB

MD5
3c6b50f4a6aebfc5a9ca7239569de386

SHA1
76241ac61e74b95024a7c4f5ba343f4eb8bf5d38

SHA256
d0faa671d35aa5f10521fe00f8480be4d7ce55f0372afdcec014ce66960557f0

SHA512
cc7f02bb3cc6a2b9a38ecbc61ee9f6b3d8291d540c7adde39fd0ee5e29fa3617095d4fc0088cdc19321963636cdf9afff531875155081e6ef8002eb477841c8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29166.exe

Filesize
468KB

MD5
0fbf348323729f0828b631479ebc4e98

SHA1
5aa7dcb3d49899e791db5403a0f3f0b0297df77e

SHA256
83efa32aa5335b7f8a9efd5ca1e7d9b3c5a99d8a4c760b12a70c801c706c01db

SHA512
01749ebeca430559af92306e1ed5190f3e40fb1474bb4e0821f0a8d98c0f9122bdeba29bef357502d938423ed07e96e9fe75ef6b05ad02b0536cf54190c7239f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3096.exe

Filesize
468KB

MD5
4536aa66985f689fac531e6558d2d987

SHA1
f943eee7719eff514f366a01b3960c5e9f34438d

SHA256
c0c440ddb0c2fe2a5547ee9661b2f242d43b40315de285ca394cc1d0187934c6

SHA512
96d81b2443d2913c22886c6e6f857803f8c7af6915fb55168ab7e545ac19897a0f81dd4f55ca95c72fad5af116ccc9c6da20c8a7a76f1fa042151620d7bdb47f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe

Filesize
468KB

MD5
2ba7e5d5a96e9dd3d429565233fa0df1

SHA1
0c89184071401307abc81e53fd3be4ea92259dc4

SHA256
081206c59107f848ef75a12d50fda1e1938366975a84545be39d2cac2ae96353

SHA512
660f96b3340524998bdaeb9c7b165a35dbff4bd755ed20aff0819742f4bca03cbc27b2e516d8facdbdd4fa4dc4d823ae74c74901a8ff22345b5e56caa40204da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe

Filesize
468KB

MD5
2b92953e73f63ffca1a716c6dd0f2b06

SHA1
80cb3ce99a7d78d17b45c31a1bad6af824bbb50a

SHA256
453061c47bd86ee7e27e6df5a54106035107a24f2695664b43aa46252bb445e1

SHA512
6936fb016d5620d99e75896a0a48732651b60571d1b6a7fd0f6fe465ec1ad6861739de75e2c7ce0a8f0edae31d1e89c9de5e160141e5c1c47ccfbf7e8c624d5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35489.exe

Filesize
468KB

MD5
598896dad2e87bfb44db58d133058160

SHA1
8e2d6ee486cf330cae9ec136a1c5a0ccde0e639f

SHA256
3abfb0cc8409d40c2f8960d710e5f8a573c294b67d8fd217b695ebc9f1ce69e8

SHA512
edebc916608d42519e12cce031d158e1c0edc37772283664192ecd539b8481e5ef8e5c780d8b4a9557c48930478e26c4593a08c2fc465a2fb661537329528426

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37705.exe

Filesize
468KB

MD5
c0247f816636b372b9ce2aeed7ad40b4

SHA1
e7eeb2a56f8948846f7c52fb8a036fb1e29db2ee

SHA256
e28afdb55790b3a578dd8b1dd77360122099ed891822e591bda5b6360e985fa3

SHA512
6db1865be5c83404117111ef82834f5b7b229d6d035fdc7ff8860cf0fd70d83934209e7d63302be2e0f762f5824a19c2f96471c6a4cd46b9796cf7ff9ea26ab7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39055.exe

Filesize
468KB

MD5
b36045dc86f91e6217234d90c5d0608d

SHA1
1683e1fad0695c517a02adc9fbe84a38b5f70e73

SHA256
e2783ff38e39341cc1abc7faea5ce543d0960f5d82a8d7a16a30b72a73e9cc91

SHA512
bfb26aac5160b1e24bb5bf266749dd396e90b6a2771a39a72a359204edf88bc7e19f60a47a7b9da51e9e5985b4e2a45d5f33054b1c76abf357c2d21186ae3937

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41855.exe

Filesize
468KB

MD5
d613bb31644397fc5236c5e01a56cc97

SHA1
144f2abc03158e6628338f48b748607b52fb0650

SHA256
9ab81e68c01731cd2aecd3e5f1b9ee135f33f6ca176fa8cfe6e55f0d416aa97e

SHA512
6f4fd28677e22ede0aba427474f2b9491e3f09ee143300167eb70264d4627a4e825eea523b4c8a3d8157def9c045472f7a344b4d40023728e187c12119f2a4d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45592.exe

Filesize
468KB

MD5
308cb6d9db21e891cfcd55d682d44c30

SHA1
49c16222a08d1761812daf1c950ae7528659b6aa

SHA256
ff9ff8f9b1dfe987ad14a6d296e192460459398457f7421bdbf09a045041dc6e

SHA512
45ed77989dd4836cc94391bec86c405fd0b1d43acae16af09c9b7290b917ae8e0c67cd710f0596b9f02d32199d51a9932fef47270b29d66e41bbb6d4ff32abfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4942.exe

Filesize
468KB

MD5
743f3e1fe2f90bef8e29358caa2a9ac9

SHA1
85277dc540a387b98333b13a62aab4fd575aafe6

SHA256
8a3244c5d449f9037d589c0e2c6a3f23da67e2b371c25e90fb1d5610ae34429d

SHA512
08138a1a2128ac01d551fe836ff4cce06f09ea9ad47e9c81630deebf7c2a39f493e534ff6bd040cbae97380fa741805f97b2cb30e94071ec5ba5ac818be54b26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5032.exe

Filesize
468KB

MD5
c8717eb5aa8099f5128d825e43290c4d

SHA1
c14320615cb955a8f1331b793fc8047761044e62

SHA256
6afed3a917d86bdef7713e4a2ad85ec6040d1fa8f7ce504403905ac8a6b286d8

SHA512
34bdfc1dda6921eec721fcd733efdda3d5c646324784117bf6bd8bc4a1314dd240aabae840da6ccb2eac48c7030c8251904a1cd7d6bf06c7fdd9cc4d0e5e41e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50704.exe

Filesize
468KB

MD5
34b8580618112033a6fed2c36b9739e4

SHA1
83ef58bfb693392aee4613f08541574a387a977b

SHA256
9d71d6f103ae77b9e930697e56d9f81354af5ca68f5c82627ad9a66527b53b9e

SHA512
c493f36a37fffc0662f24cdec602091c315d39fcdf83dc30b5cdaa5779870c22749f89c9a4e47c1282605ff7609feb39e640790211222ef2a9272d711db61175

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe

Filesize
468KB

MD5
c13f4968eea9ba0bffd491aa269e719a

SHA1
2381eb1d428802107512798477157b9b40e98750

SHA256
a57e54b00345a722fed05e38c47eefe25c871238b0efbe91fe017f1b95b591c2

SHA512
d4249003dee1d28f1dda182e6a90f4fec1fcf97c71faa4b3b75727824d51685fbf0bb20883110852745f8ce717ac624978e2ef74b72e251735e7d42914e012df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54425.exe

Filesize
468KB

MD5
476155a04dcbe01a76e2f6fcf16ed1c4

SHA1
4c0a95d468287adcf2160780a6d00332743bc896

SHA256
a2c7310a8bf965fc762763b804384347edd64c7ca26f1164f50e28a66c8522fe

SHA512
7aadfee2163e05c3ab51ab8d2c4f3e0c0ee67404e55be661939d2123990b006b3ced31ad370d73b03b1e2a6888368fc28a4e679b801a6cb12f5f0b916f92070a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55201.exe

Filesize
468KB

MD5
b24069247d6d03182458deda949ecace

SHA1
fbc0cc874555c51421c8a3bd19b5ccb94722b491

SHA256
601f9a358e7be526c5cbeeeeac155c44053a80e33a7acc1f1fc99c1548df4c31

SHA512
34420c3f5d9675c87a487f9fd9d3f6dfc6a1bb4098eac45bbf04522f786fdd5b0b3e836c1742abd74d4e984111d7e947d684747432b456625663c388f8b01273

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58177.exe

Filesize
468KB

MD5
1de4d1b3f2625f90c0b2b1c80c959690

SHA1
f5bc1d6c33c7451e8c74c5080ac6d31171008764

SHA256
be7563c88a89bd8381d98243ab0911af27313d6926bed28661c9e66c596132ed

SHA512
df77c2c1965faafd6555730cc3b1de4cedbc6dc622917389edadaadeb5f7d8896b35391aa99a59251bfc4f84debf201e3c9e78cab972fe9ce519dbc753f289ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60984.exe

Filesize
468KB

MD5
8911df42cffd0ed173ce36c575de83fe

SHA1
34f92ed9014a7aa75a1c6d97c55879800a498a32

SHA256
b4b6d7b4181e13595b4b4320d3d4ba102a391fcd1947415222633e16ed98d574

SHA512
9689f655bd947de278227fc9fe092507465ccbeed16c81acd5a2a78d0e15ef60f6478f85be914fc136340cf6c8c20151a52b5ccfbb05072022f4a3afa59c3ede

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63561.exe

Filesize
468KB

MD5
4cc3ee83a0984a3107f8c9618d24bcf4

SHA1
4818822635916636a7a1960906bef5ef687a6e18

SHA256
979a0f0068ac9c206d76f2f451597fa3bfe57c7c171568ea948b10f66de791af

SHA512
674f31c65e399b854333f17fd1f9b5e743a643fcc86c2b22afb20d503af90179715621df841bbad56307373aef47177f133de21136ac490de4e58a2c3a015ce0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64248.exe

Filesize
468KB

MD5
d7bcb302fc4af573f7bb3228ed889432

SHA1
6284e5bf8ee6fa5ac445f22b0adadb9d2805ce17

SHA256
5e589b80d8d4722ddf54c265055b63ec15252ca60d11f17b88f48a53ca05a931

SHA512
f67befeaae61bc0e8a599785b57bf5a59b99aac295d8340e1e837c833320089cf2929b6f4e8aaa64fd61682cfb47039e50af1487264db4fc3b18be281ca81ec4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65104.exe

Filesize
468KB

MD5
6ec3c158c8598fab73a21dcd18e106b4

SHA1
b2aab41cca457557a1498a398a86303d6823def8

SHA256
3e7d5346956ea3e15c7a102c19e15ca5aca4314d72dfbd5300850f54afac2a4b

SHA512
356d8bf7c6a8197d3aa480c49607ea58836689b797a68f4645c076dd64fbd548158f417ffa90a58595624700bb99871911a315e804acd196a9c58c3e484b6462

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65208.exe

Filesize
468KB

MD5
49c1f11e1095864a9d3be4f27bcc1c92

SHA1
a3dac78aa0d1a1304d937df821b69281d0865f6d

SHA256
58e184ccdf845cd50873d7f037500298e9a591e85db18653819805f70f1af7c6

SHA512
448487ad6f3af823e219ade5a4ecfd847acf6013f2e4926968775ef19ed6998c809e2580a91aeb0fdd4440e0397ad65f725568b21c5b3cd537f0279fc0c93100

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65457.exe

Filesize
468KB

MD5
053b872040278a57966adc02218ba8d5

SHA1
1e3281ebe1e16d49216587be51bae3cca1a896e5

SHA256
5cadee756bd133682880ad865c006a9f737015105de8c64594fdac3d49cde822

SHA512
cf35b405b0b1c71985235ed81fc8c6bf7c0ab59a6e2bd23b60c9016d50c4ac713dcdf7cdbcb52a924fc7576ede46e3b41a5dc94d33e54c89e91a18ad915f82fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe

Filesize
468KB

MD5
a015a78310538c3c2b2fe225826b62ef

SHA1
401ce3129afedd88f4ed7d3a51abed739f80a7f4

SHA256
332aaadb77eeb6bb038e05b4314c86f3a47c505b65cbfa0a03a984a680413872

SHA512
c9534e0f718fb8c1bd8f0126cee3a9396c66c59e8ce8b4bc8365c44d01e8c976430ff5a51ce439a90a30fd9a11135b5ae220ca41c472f05d4700d76d6f6c0560

Download Submit
memory/212-236-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/224-185-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/400-124-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/452-439-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/456-141-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/464-273-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/468-2535-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/756-256-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/848-270-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1052-443-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1072-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1168-330-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1180-418-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1372-307-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1452-441-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1528-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1540-326-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1560-410-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1564-188-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1652-88-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1676-325-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1708-392-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1716-18-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1728-48-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1784-200-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1804-312-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1892-244-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2020-219-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2260-184-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2268-89-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2276-261-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2316-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2444-377-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2476-243-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2496-58-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2588-417-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2700-327-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2772-87-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2892-3231-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3000-117-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3036-313-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3088-342-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3172-187-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3184-419-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3204-171-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3228-90-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3236-271-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3248-231-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3336-51-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3360-28-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3416-411-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3472-172-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3520-348-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3664-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3740-251-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3780-413-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3880-289-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3904-440-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3992-391-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4060-343-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4104-32-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4176-412-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4180-304-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4260-111-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4360-328-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4420-186-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4436-91-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4476-75-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4496-344-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4584-140-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4620-415-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4672-329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4680-213-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4784-226-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4844-92-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4964-345-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4996-195-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5096-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5148-442-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5164-446-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5268-458-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5380-469-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5440-474-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5480-484-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5492-485-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5512-486-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5540-490-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5584-499-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5612-502-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5644-511-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5672-516-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5732-524-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5752-525-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5760-560-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5828-526-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5840-537-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5852-559-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5920-561-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/11728-3477-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/12920-2552-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14964-2463-0x00007FFD383D0000-0x00007FFD385C5000-memory.dmp

Filesize
2.0MB

Download
memory/15028-2629-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15160-2454-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15204-2458-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16380-3491-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads