d99090eb3c16e16e1834b831769f3e43e62bb7d36424fb447a229e5562116416

Analysis

max time kernel
141s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/09/2024, 03:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d99090eb3c16e16e1834b831769f3e43e62bb7d36424fb447a229e5562116416.exe
Size

184KB
MD5

b21e0684b9e10d640b3229cdc7474d43
SHA1

b1e8402ab4749e5371ef55cd5a70a683e4e0d353
SHA256

d99090eb3c16e16e1834b831769f3e43e62bb7d36424fb447a229e5562116416
SHA512

7becc901c187ebc56ce54651d402d87ab17e519258b220f59436b811fd80c81cce256fc9612d0bfebb82dd8e8fe3addb8e6a58ac8c46ba15e0f75fb5cf8f5947
SSDEEP

3072:KPUQXkon2OqdVX3wgOn8xLz15vnqnxiul:KPwovmVXa8Jz15Pqnxiu

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4248	Unicorn-51806.exe
244	Unicorn-64686.exe
3924	Unicorn-12340.exe
2732	Unicorn-32222.exe
1444	Unicorn-15008.exe
2636	Unicorn-60680.exe
4668	Unicorn-61644.exe
3612	Unicorn-19550.exe
4408	Unicorn-49077.exe
1832	Unicorn-35310.exe
1204	Unicorn-47733.exe
3488	Unicorn-18398.exe
3896	Unicorn-34734.exe
4748	Unicorn-1988.exe
636	Unicorn-61660.exe
4216	Unicorn-65486.exe
4900	Unicorn-28708.exe
4260	Unicorn-15710.exe
2396	Unicorn-58972.exe
712	Unicorn-17246.exe
1252	Unicorn-46773.exe
5112	Unicorn-40030.exe
2392	Unicorn-7549.exe
676	Unicorn-7549.exe
3092	Unicorn-16686.exe
216	Unicorn-13886.exe
2912	Unicorn-56293.exe
1672	Unicorn-52645.exe
1088	Unicorn-36692.exe
5116	Unicorn-15556.exe
4800	Unicorn-2365.exe
1984	Unicorn-2365.exe
2844	Unicorn-15172.exe
1076	Unicorn-28907.exe
632	Unicorn-35038.exe
1836	Unicorn-2292.exe
4336	Unicorn-50798.exe
4468	Unicorn-756.exe
1916	Unicorn-17092.exe
1428	Unicorn-17092.exe
4528	Unicorn-14683.exe
5032	Unicorn-20814.exe
4040	Unicorn-21582.exe
1552	Unicorn-1140.exe
1668	Unicorn-53870.exe
3944	Unicorn-7876.exe
4028	Unicorn-10528.exe
3168	Unicorn-60222.exe
1224	Unicorn-1892.exe
3868	Unicorn-60414.exe
4916	Unicorn-60414.exe
1092	Unicorn-40548.exe
3968	Unicorn-4014.exe
4688	Unicorn-34955.exe
376	Unicorn-59838.exe
4372	Unicorn-10637.exe
2676	Unicorn-59765.exe
2488	Unicorn-53900.exe
1432	Unicorn-15822.exe
3792	Unicorn-8622.exe
764	Unicorn-4000.exe
2412	Unicorn-4685.exe
456	Unicorn-4685.exe
3980	Unicorn-4685.exe

Program crash 23 IoCs

pid	pid_target	Process	procid_target
1356	4216	WerFault.exe	111
7772	6048	WerFault.exe	197
7508	6056	WerFault.exe	198
12020	9656	WerFault.exe	454
12012	10648	WerFault.exe
14500	8448	WerFault.exe	396
19344	16724	WerFault.exe	831
11004	5204	Process not Found	1096
20316	6008	Process not Found	1127
9796	7204	Process not Found	391
11692	12164	Process not Found	566
14616	7644	Process not Found	313
15588	12152	Process not Found	569
12472	10076	Process not Found	463
20320	7888	Process not Found	329
9412	15712	Process not Found	760
10856	9024	Process not Found	370
19552	8400	Process not Found	358
8076	8632	Process not Found	403
20140	13508	Process not Found	641
14404	14592	Process not Found	682
9116	9592	Process not Found	451
20164	7248	Process not Found	298

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63135.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11008.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39662.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38821.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64478.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13618.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11207.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61660.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18295.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37695.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8119.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47285.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3790.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2750.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51761.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-420.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7611.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14683.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49473.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30759.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13015.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31191.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23358.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46223.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34952.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64686.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35742.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59944.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7549.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23918.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14621.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12638.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	6392	dwm.exe
Token: SeChangeNotifyPrivilege	6392	dwm.exe
Token: 33	6392	dwm.exe
Token: SeIncBasePriorityPrivilege	6392	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1220	d99090eb3c16e16e1834b831769f3e43e62bb7d36424fb447a229e5562116416.exe
4248	Unicorn-51806.exe
244	Unicorn-64686.exe
3924	Unicorn-12340.exe
2732	Unicorn-32222.exe
1444	Unicorn-15008.exe
2636	Unicorn-60680.exe
4668	Unicorn-61644.exe
3612	Unicorn-19550.exe
4408	Unicorn-49077.exe
1832	Unicorn-35310.exe
1204	Unicorn-47733.exe
3488	Unicorn-18398.exe
3896	Unicorn-34734.exe
636	Unicorn-61660.exe
4748	Unicorn-1988.exe
4216	Unicorn-65486.exe
4900	Unicorn-28708.exe
4260	Unicorn-15710.exe
2396	Unicorn-58972.exe
712	Unicorn-17246.exe
1252	Unicorn-46773.exe
5112	Unicorn-40030.exe
676	Unicorn-7549.exe
1672	Unicorn-52645.exe
216	Unicorn-13886.exe
3092	Unicorn-16686.exe
2392	Unicorn-7549.exe
2912	Unicorn-56293.exe
1088	Unicorn-36692.exe
5116	Unicorn-15556.exe
632	Unicorn-35038.exe
1984	Unicorn-2365.exe
4800	Unicorn-2365.exe
2844	Unicorn-15172.exe
1076	Unicorn-28907.exe
1836	Unicorn-2292.exe
4336	Unicorn-50798.exe
1916	Unicorn-17092.exe
4468	Unicorn-756.exe
1428	Unicorn-17092.exe
4528	Unicorn-14683.exe
5032	Unicorn-20814.exe
4040	Unicorn-21582.exe
1552	Unicorn-1140.exe
1668	Unicorn-53870.exe
3944	Unicorn-7876.exe
4028	Unicorn-10528.exe
1224	Unicorn-1892.exe
3168	Unicorn-60222.exe
1092	Unicorn-40548.exe
3868	Unicorn-60414.exe
4916	Unicorn-60414.exe
4688	Unicorn-34955.exe
3968	Unicorn-4014.exe
376	Unicorn-59838.exe
4372	Unicorn-10637.exe
2488	Unicorn-53900.exe
2676	Unicorn-59765.exe
1432	Unicorn-15822.exe
3792	Unicorn-8622.exe
764	Unicorn-4000.exe
2412	Unicorn-4685.exe
3980	Unicorn-4685.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 4248	1220	d99090eb3c16e16e1834b831769f3e43e62bb7d36424fb447a229e5562116416.exe	91
PID 1220 wrote to memory of 4248	1220	d99090eb3c16e16e1834b831769f3e43e62bb7d36424fb447a229e5562116416.exe	91
PID 1220 wrote to memory of 4248	1220	d99090eb3c16e16e1834b831769f3e43e62bb7d36424fb447a229e5562116416.exe	91
PID 4248 wrote to memory of 244	4248	Unicorn-51806.exe	94
PID 4248 wrote to memory of 244	4248	Unicorn-51806.exe	94
PID 4248 wrote to memory of 244	4248	Unicorn-51806.exe	94
PID 1220 wrote to memory of 3924	1220	d99090eb3c16e16e1834b831769f3e43e62bb7d36424fb447a229e5562116416.exe	95
PID 1220 wrote to memory of 3924	1220	d99090eb3c16e16e1834b831769f3e43e62bb7d36424fb447a229e5562116416.exe	95
PID 1220 wrote to memory of 3924	1220	d99090eb3c16e16e1834b831769f3e43e62bb7d36424fb447a229e5562116416.exe	95
PID 244 wrote to memory of 2732	244	Unicorn-64686.exe	97
PID 244 wrote to memory of 2732	244	Unicorn-64686.exe	97
PID 244 wrote to memory of 2732	244	Unicorn-64686.exe	97
PID 3924 wrote to memory of 1444	3924	Unicorn-12340.exe	99
PID 3924 wrote to memory of 1444	3924	Unicorn-12340.exe	99
PID 3924 wrote to memory of 1444	3924	Unicorn-12340.exe	99
PID 4248 wrote to memory of 2636	4248	Unicorn-51806.exe	100
PID 4248 wrote to memory of 2636	4248	Unicorn-51806.exe	100
PID 4248 wrote to memory of 2636	4248	Unicorn-51806.exe	100
PID 1220 wrote to memory of 4668	1220	d99090eb3c16e16e1834b831769f3e43e62bb7d36424fb447a229e5562116416.exe	101
PID 1220 wrote to memory of 4668	1220	d99090eb3c16e16e1834b831769f3e43e62bb7d36424fb447a229e5562116416.exe	101
PID 1220 wrote to memory of 4668	1220	d99090eb3c16e16e1834b831769f3e43e62bb7d36424fb447a229e5562116416.exe	101
PID 2732 wrote to memory of 3612	2732	Unicorn-32222.exe	103
PID 2732 wrote to memory of 3612	2732	Unicorn-32222.exe	103
PID 2732 wrote to memory of 3612	2732	Unicorn-32222.exe	103
PID 244 wrote to memory of 4408	244	Unicorn-64686.exe	104
PID 244 wrote to memory of 4408	244	Unicorn-64686.exe	104
PID 244 wrote to memory of 4408	244	Unicorn-64686.exe	104
PID 1444 wrote to memory of 1832	1444	Unicorn-15008.exe	105
PID 1444 wrote to memory of 1832	1444	Unicorn-15008.exe	105
PID 1444 wrote to memory of 1832	1444	Unicorn-15008.exe	105
PID 3924 wrote to memory of 1204	3924	Unicorn-12340.exe	106
PID 3924 wrote to memory of 1204	3924	Unicorn-12340.exe	106
PID 3924 wrote to memory of 1204	3924	Unicorn-12340.exe	106
PID 2636 wrote to memory of 3488	2636	Unicorn-60680.exe	107
PID 2636 wrote to memory of 3488	2636	Unicorn-60680.exe	107
PID 2636 wrote to memory of 3488	2636	Unicorn-60680.exe	107
PID 4668 wrote to memory of 3896	4668	Unicorn-61644.exe	108
PID 4668 wrote to memory of 3896	4668	Unicorn-61644.exe	108
PID 4668 wrote to memory of 3896	4668	Unicorn-61644.exe	108
PID 1220 wrote to memory of 4748	1220	d99090eb3c16e16e1834b831769f3e43e62bb7d36424fb447a229e5562116416.exe	109
PID 1220 wrote to memory of 4748	1220	d99090eb3c16e16e1834b831769f3e43e62bb7d36424fb447a229e5562116416.exe	109
PID 1220 wrote to memory of 4748	1220	d99090eb3c16e16e1834b831769f3e43e62bb7d36424fb447a229e5562116416.exe	109
PID 4248 wrote to memory of 636	4248	Unicorn-51806.exe	110
PID 4248 wrote to memory of 636	4248	Unicorn-51806.exe	110
PID 4248 wrote to memory of 636	4248	Unicorn-51806.exe	110
PID 3612 wrote to memory of 4216	3612	Unicorn-19550.exe	111
PID 3612 wrote to memory of 4216	3612	Unicorn-19550.exe	111
PID 3612 wrote to memory of 4216	3612	Unicorn-19550.exe	111
PID 2732 wrote to memory of 4900	2732	Unicorn-32222.exe	112
PID 2732 wrote to memory of 4900	2732	Unicorn-32222.exe	112
PID 2732 wrote to memory of 4900	2732	Unicorn-32222.exe	112
PID 4408 wrote to memory of 4260	4408	Unicorn-49077.exe	113
PID 4408 wrote to memory of 4260	4408	Unicorn-49077.exe	113
PID 4408 wrote to memory of 4260	4408	Unicorn-49077.exe	113
PID 244 wrote to memory of 2396	244	Unicorn-64686.exe	114
PID 244 wrote to memory of 2396	244	Unicorn-64686.exe	114
PID 244 wrote to memory of 2396	244	Unicorn-64686.exe	114
PID 1832 wrote to memory of 712	1832	Unicorn-35310.exe	115
PID 1832 wrote to memory of 712	1832	Unicorn-35310.exe	115
PID 1832 wrote to memory of 712	1832	Unicorn-35310.exe	115
PID 1444 wrote to memory of 1252	1444	Unicorn-15008.exe	116
PID 1444 wrote to memory of 1252	1444	Unicorn-15008.exe	116
PID 1444 wrote to memory of 1252	1444	Unicorn-15008.exe	116
PID 636 wrote to memory of 5112	636	Unicorn-61660.exe	117

C:\Users\Admin\AppData\Local\Temp\d99090eb3c16e16e1834b831769f3e43e62bb7d36424fb447a229e5562116416.exe
"C:\Users\Admin\AppData\Local\Temp\d99090eb3c16e16e1834b831769f3e43e62bb7d36424fb447a229e5562116416.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64686.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64686.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19550.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65486.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 720
        7⤵
        Program crash
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15556.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15822.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35054.exe
        8⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7776.exe
        9⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
        9⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
        9⤵
        
        PID:14692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25621.exe
        9⤵
        
        PID:18336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        9⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3392.exe
        9⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5575.exe
        9⤵
        
        PID:13428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44239.exe
        9⤵
        
        PID:17164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19191.exe
        8⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41916.exe
        8⤵
        
        PID:15504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33987.exe
        8⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47477.exe
        7⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17582.exe
        8⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11472.exe
        9⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
        9⤵
        
        PID:15036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18603.exe
        9⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1015.exe
        8⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5470.exe
        8⤵
        
        PID:13888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49144.exe
        8⤵
        
        PID:17628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        8⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19326.exe
        7⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48104.exe
        7⤵
        
        PID:10648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10648 -s 220
        8⤵
        Program crash
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41695.exe
        7⤵
        
        PID:14620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
        7⤵
        
        PID:18384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47098.exe
        7⤵
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8622.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1312.exe
        7⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
        7⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        8⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        8⤵
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46543.exe
        8⤵
        
        PID:17244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        8⤵
        
        PID:18920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19150.exe
        7⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52648.exe
        7⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        7⤵
        
        PID:16644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        6⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23918.exe
        7⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62001.exe
        8⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46120.exe
        8⤵
        
        PID:12980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34430.exe
        8⤵
        
        PID:17056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5225.exe
        8⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        7⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29294.exe
        7⤵
        
        PID:13152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46648.exe
        7⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63249.exe
        7⤵
        
        PID:5924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12686.exe
        6⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37319.exe
        6⤵
        
        PID:10256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42225.exe
        6⤵
        
        PID:14608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61492.exe
        6⤵
        
        PID:18400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20232.exe
        6⤵
        
        PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2365.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        8⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15662.exe
        9⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34145.exe
        10⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3344.exe
        11⤵
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39159.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:18572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        11⤵
        
        PID:19156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5575.exe
        10⤵
        
        PID:13372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59807.exe
        10⤵
        
        PID:17416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31959.exe
        9⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        9⤵
        
        PID:13516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33768.exe
        9⤵
        
        PID:16968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        9⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1751.exe
        8⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1616.exe
        9⤵
        
        PID:14916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20327.exe
        9⤵
        
        PID:18316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40703.exe
        8⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50360.exe
        8⤵
        
        PID:14628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16955.exe
        8⤵
        
        PID:18320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38644.exe
        7⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
        8⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
        8⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44495.exe
        8⤵
        
        PID:14716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25237.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:18108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:19292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21163.exe
        7⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46833.exe
        8⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30759.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19371.exe
        8⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55233.exe
        8⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49064.exe
        7⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63599.exe
        7⤵
        
        PID:14964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        7⤵
        
        PID:18836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30459.exe
        6⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23918.exe
        7⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62193.exe
        8⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28455.exe
        9⤵
        
        PID:15532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15559.exe
        8⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        8⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34168.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:18720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        8⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43396.exe
        7⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29294.exe
        7⤵
        
        PID:13232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29928.exe
        7⤵
        
        PID:16972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        7⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
        6⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11216.exe
        7⤵
        
        PID:14288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15319.exe
        7⤵
        
        PID:18008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11950.exe
        6⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51672.exe
        6⤵
        
        PID:13836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25550.exe
        6⤵
        
        PID:17660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6543.exe
        6⤵
        
        PID:19336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
        6⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23918.exe
        7⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44897.exe
        8⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63992.exe
        8⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        8⤵
        
        PID:15780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34168.exe
        8⤵
        
        PID:18984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21161.exe
        8⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        7⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        7⤵
        
        PID:13216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46648.exe
        7⤵
        
        PID:15900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47297.exe
        7⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15486.exe
        6⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
        7⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25476.exe
        7⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43279.exe
        7⤵
        
        PID:17556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        6⤵
        
        PID:8556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58031.exe
        6⤵
        
        PID:14668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36.exe
        6⤵
        
        PID:17656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38821.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61006.exe
        6⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50376.exe
        7⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2750.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
        7⤵
        
        PID:15680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35502.exe
        7⤵
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7428.exe
        6⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3920.exe
        7⤵
        
        PID:15176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39159.exe
        7⤵
        
        PID:18564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        7⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43775.exe
        6⤵
        
        PID:10816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55928.exe
        6⤵
        
        PID:14776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25502.exe
        6⤵
        
        PID:18668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        6⤵
        
        PID:8112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44095.exe
        5⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46225.exe
        6⤵
        
        PID:9132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        6⤵
        
        PID:12076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55759.exe
        6⤵
        
        PID:15868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        6⤵
        
        PID:19168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36720.exe
        6⤵
        
        PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13847.exe
        5⤵
        
        PID:8760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44513.exe
        5⤵
        
        PID:12392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31766.exe
        5⤵
        
        PID:16592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49077.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15710.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2365.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
        7⤵
        Executes dropped EXE
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        8⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34231.exe
        9⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10640.exe
        10⤵
        
        PID:13948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14084.exe
        10⤵
        
        PID:17696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35807.exe
        9⤵
        
        PID:11308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
        9⤵
        
        PID:15712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47059.exe
        9⤵
        
        PID:16196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7428.exe
        8⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45809.exe
        9⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15319.exe
        9⤵
        
        PID:17944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
        8⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11639.exe
        8⤵
        
        PID:17184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32484.exe
        7⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7392.exe
        8⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1616.exe
        9⤵
        
        PID:14900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4567.exe
        9⤵
        
        PID:17732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10247.exe
        8⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63135.exe
        8⤵
        
        PID:15060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23400.exe
        8⤵
        
        PID:18268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        8⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21163.exe
        7⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51761.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27047.exe
        8⤵
        
        PID:15812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-512.exe
        8⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49640.exe
        7⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47263.exe
        7⤵
        
        PID:14752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        7⤵
        
        PID:19016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
        6⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13099.exe
        7⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56664.exe
        7⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
        7⤵
        
        PID:15184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
        7⤵
        
        PID:19288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59692.exe
        6⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34289.exe
        7⤵
        
        PID:15096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3799.exe
        7⤵
        
        PID:18480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21191.exe
        6⤵
        
        PID:10076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2670.exe
        6⤵
        
        PID:13848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23943.exe
        6⤵
        
        PID:17576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15172.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        7⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
        8⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5776.exe
        9⤵
        
        PID:17320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4758.exe
        9⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10247.exe
        8⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63135.exe
        8⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23400.exe
        8⤵
        
        PID:18472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        8⤵
        
        PID:16172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45384.exe
        7⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37662.exe
        8⤵
        
        PID:14328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23975.exe
        8⤵
        
        PID:19300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26094.exe
        7⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22103.exe
        7⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25502.exe
        7⤵
        
        PID:19120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22308.exe
        6⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7776.exe
        7⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
        7⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44495.exe
        7⤵
        
        PID:14592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25621.exe
        7⤵
        
        PID:18360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        7⤵
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36623.exe
        6⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4992.exe
        7⤵
        
        PID:15664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48129.exe
        7⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49640.exe
        6⤵
        
        PID:10764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63599.exe
        6⤵
        
        PID:14928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57592.exe
        6⤵
        
        PID:19312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33531.exe
        5⤵
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        6⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1629.exe
        7⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50600.exe
        7⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
        7⤵
        
        PID:13580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-327.exe
        7⤵
        
        PID:17456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        7⤵
        
        PID:8332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3671.exe
        6⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
        7⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19991.exe
        7⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44239.exe
        7⤵
        
        PID:17224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19872.exe
        7⤵
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39551.exe
        6⤵
        
        PID:10536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2695.exe
        6⤵
        
        PID:15336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
        6⤵
        
        PID:18812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        6⤵
        
        PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60741.exe
        5⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43495.exe
        6⤵
        
        PID:8572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46223.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57608.exe
        6⤵
        
        PID:19100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        6⤵
        
        PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64031.exe
        5⤵
        
        PID:9784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23415.exe
        5⤵
        
        PID:12736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38897.exe
        5⤵
        
        PID:17300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59544.exe
        5⤵
        
        PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58972.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4000.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34286.exe
        7⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61336.exe
        8⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1323.exe
        8⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28072.exe
        8⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5399.exe
        7⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
        7⤵
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11639.exe
        7⤵
        
        PID:17176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        6⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61528.exe
        7⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
        8⤵
        
        PID:12840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30503.exe
        8⤵
        
        PID:15660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65215.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60936.exe
        7⤵
        
        PID:14996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43759.exe
        7⤵
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52191.exe
        6⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44529.exe
        7⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
        7⤵
        
        PID:14652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19755.exe
        7⤵
        
        PID:18372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10526.exe
        6⤵
        
        PID:10684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        6⤵
        
        PID:15420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36088.exe
        6⤵
        
        PID:19020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36132.exe
        5⤵
        
        PID:808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
        6⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42369.exe
        7⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25815.exe
        7⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62367.exe
        7⤵
        
        PID:14068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57992.exe
        7⤵
        
        PID:18840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        7⤵
        
        PID:16244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5118.exe
        6⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43889.exe
        7⤵
        
        PID:14140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48376.exe
        7⤵
        
        PID:17708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        6⤵
        
        PID:11848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34235.exe
        6⤵
        
        PID:15924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51503.exe
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        6⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37151.exe
        6⤵
        
        PID:11388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6071.exe
        6⤵
        
        PID:15744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7458.exe
        6⤵
        
        PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        5⤵
        
        PID:8004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6574.exe
        5⤵
        
        PID:10560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43031.exe
        5⤵
        
        PID:14176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49473.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:19048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2292.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        6⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42919.exe
        6⤵
        
        PID:10296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44495.exe
        6⤵
        
        PID:14572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25621.exe
        6⤵
        
        PID:18344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59119.exe
        5⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        6⤵
        
        PID:14952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4868.exe
        6⤵
        
        PID:17540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        6⤵
        
        PID:19200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31960.exe
        5⤵
        
        PID:10896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13438.exe
        5⤵
        
        PID:14960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        5⤵
        
        PID:18460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30731.exe
      4⤵
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
        5⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46225.exe
        6⤵
        
        PID:9124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        6⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40191.exe
        6⤵
        
        PID:15200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        6⤵
        
        PID:16108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        5⤵
        
        PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        5⤵
        
        PID:10948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        5⤵
        
        PID:16792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40356.exe
      4⤵
      PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        5⤵
        
        PID:9156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        5⤵
        
        PID:11812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31934.exe
        5⤵
        
        PID:15992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        5⤵
        
        PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63393.exe
      4⤵
      PID:5400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22982.exe
      4⤵
      PID:12448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13660.exe
      4⤵
      PID:16808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26873.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:18924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60680.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60680.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7549.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25822.exe
        7⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31156.exe
        8⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61761.exe
        9⤵
        
        PID:13884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15319.exe
        9⤵
        
        PID:17936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38600.exe
        8⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35742.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
        8⤵
        
        PID:19192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11208.exe
        8⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27783.exe
        7⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45695.exe
        7⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57848.exe
        7⤵
        
        PID:13560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57007.exe
        7⤵
        
        PID:16588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22484.exe
        6⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63829.exe
        7⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        8⤵
        
        PID:15108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38391.exe
        8⤵
        
        PID:18824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64527.exe
        7⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1616.exe
        8⤵
        
        PID:14908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20519.exe
        8⤵
        
        PID:17828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        8⤵
        
        PID:17092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44008.exe
        7⤵
        
        PID:13744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57007.exe
        7⤵
        
        PID:16928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
        6⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43495.exe
        7⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63135.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57608.exe
        7⤵
        
        PID:19076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        7⤵
        
        PID:19256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19463.exe
        6⤵
        
        PID:9388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16510.exe
        6⤵
        
        PID:13380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40471.exe
        6⤵
        
        PID:400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47098.exe
        6⤵
        
        PID:18288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40548.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65422.exe
        6⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 636
        7⤵
        Program crash
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1751.exe
        6⤵
        
        PID:7636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43016.exe
        6⤵
        
        PID:11396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62943.exe
        6⤵
        
        PID:15756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18967.exe
        6⤵
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42764.exe
        5⤵
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47566.exe
        6⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31191.exe
        6⤵
        
        PID:8916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33726.exe
        6⤵
        
        PID:10656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        6⤵
        
        PID:16272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2235.exe
        5⤵
        
        PID:8988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26087.exe
        5⤵
        
        PID:10824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58097.exe
        5⤵
        
        PID:15428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3089.exe
        5⤵
        
        PID:1364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52645.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60414.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32942.exe
        6⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47649.exe
        7⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43495.exe
        8⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-862.exe
        8⤵
        
        PID:15120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34168.exe
        8⤵
        
        PID:18992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31959.exe
        7⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        7⤵
        
        PID:13536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33768.exe
        7⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        7⤵
        
        PID:1280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19815.exe
        6⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46878.exe
        7⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63944.exe
        7⤵
        
        PID:18112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23022.exe
        6⤵
        
        PID:10464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52280.exe
        6⤵
        
        PID:15156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
        6⤵
        
        PID:18592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12692.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64862.exe
        6⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10832.exe
        7⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48376.exe
        7⤵
        
        PID:17836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64632.exe
        6⤵
        
        PID:9456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19310.exe
        6⤵
        
        PID:13472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        6⤵
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        6⤵
        
        PID:7480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49887.exe
        5⤵
        
        PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45800.exe
        5⤵
        
        PID:10424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6903.exe
        5⤵
        
        PID:15700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36529.exe
        5⤵
        
        PID:16184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4014.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32942.exe
        5⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28455.exe
        7⤵
        
        PID:15544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        7⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31959.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        6⤵
        
        PID:13768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33685.exe
        6⤵
        
        PID:17736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        6⤵
        
        PID:16116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36151.exe
        5⤵
        
        PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60111.exe
        5⤵
        
        PID:10732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20567.exe
        5⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51439.exe
        5⤵
        
        PID:19404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48437.exe
      4⤵
      PID:6136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26139.exe
      4⤵
      PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7325.exe
        5⤵
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35159.exe
        5⤵
        
        PID:12728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56911.exe
        5⤵
        
        PID:16988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        5⤵
        
        PID:17228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15575.exe
      4⤵
      PID:8200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19334.exe
      4⤵
      PID:13156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11647.exe
      4⤵
      PID:15800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41113.exe
      4⤵
      PID:2632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61660.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40030.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21582.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
        6⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        7⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18737.exe
        8⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42014.exe
        9⤵
        
        PID:17368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17760.exe
        9⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21790.exe
        8⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36824.exe
        8⤵
        
        PID:15708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39601.exe
        8⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exe
        7⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8142.exe
        7⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61624.exe
        7⤵
        
        PID:1424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61144.exe
        6⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5342.exe
        6⤵
        
        PID:12224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19895.exe
        6⤵
        
        PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54581.exe
        5⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37758.exe
        6⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46417.exe
        7⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        7⤵
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39999.exe
        7⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        7⤵
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34631.exe
        6⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8448 -s 632
        7⤵
        Program crash
        
        PID:14500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        6⤵
        
        PID:11112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12039.exe
        6⤵
        
        PID:16568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25675.exe
        5⤵
        
        PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46463.exe
        5⤵
        
        PID:10968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13239.exe
        5⤵
        
        PID:15008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26033.exe
        5⤵
        
        PID:18908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54608.exe
        5⤵
        
        PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1140.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40046.exe
        5⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        6⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14621.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12000.exe
        8⤵
        
        PID:15000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32823.exe
        8⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        8⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56527.exe
        7⤵
        
        PID:16224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        7⤵
        
        PID:19136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20023.exe
        6⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        6⤵
        
        PID:12436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47016.exe
        6⤵
        
        PID:16856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61144.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5342.exe
        5⤵
        
        PID:12152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37191.exe
        5⤵
        
        PID:1108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52556.exe
      4⤵
      PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37758.exe
        5⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        6⤵
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        6⤵
        
        PID:12200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47887.exe
        6⤵
        
        PID:16600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61722.exe
        6⤵
        
        PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20023.exe
        5⤵
        
        PID:8632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        5⤵
        
        PID:11216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46056.exe
        5⤵
        
        PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15396.exe
      4⤵
      PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9056.exe
        5⤵
        
        PID:18928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42895.exe
      4⤵
      PID:9768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47799.exe
      4⤵
      PID:11136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
      4⤵
      PID:15140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22758.exe
      4⤵
      PID:1384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56293.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56293.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60414.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49086.exe
        5⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
        6⤵
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27464.exe
        6⤵
        
        PID:11020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54303.exe
        6⤵
        
        PID:17088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
        6⤵
        
        PID:8176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7428.exe
        5⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10640.exe
        6⤵
        
        PID:13992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13015.exe
        6⤵
        
        PID:17640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34952.exe
        5⤵
        
        PID:12080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50255.exe
        5⤵
        
        PID:16336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
        5⤵
        
        PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29028.exe
      4⤵
      PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47566.exe
        5⤵
        
        PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31191.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2014.exe
        5⤵
        
        PID:12828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        5⤵
        
        PID:848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        5⤵
        
        PID:18808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15486.exe
      4⤵
      PID:7644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46568.exe
      4⤵
      PID:1380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41695.exe
      4⤵
      PID:14600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:17532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34955.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34955.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65422.exe
      4⤵
      PID:6048
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 632
        5⤵
        Program crash
        
        PID:7772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
      4⤵
      PID:7820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5533.exe
        5⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30980.exe
        5⤵
        
        PID:14700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11502.exe
        5⤵
        
        PID:18988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
        5⤵
        
        PID:7352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39935.exe
      4⤵
      PID:10416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36328.exe
      4⤵
      PID:15124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
      4⤵
      PID:18444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25924.exe
    3⤵
    PID:5380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23918.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        5⤵
        
        PID:9164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        5⤵
        
        PID:12184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37695.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
        5⤵
        
        PID:5724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19831.exe
      4⤵
      PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        5⤵
        
        PID:14972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4868.exe
        5⤵
        
        PID:18488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        5⤵
        
        PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
      4⤵
      PID:12064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45288.exe
      4⤵
      PID:16604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
      4⤵
      PID:8072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23405.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23405.exe
    3⤵
    PID:7128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21894.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21894.exe
    3⤵
    PID:9656
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 9656 -s 464
      4⤵
      Program crash
      PID:12020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38991.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38991.exe
    3⤵
    PID:13528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35063.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35063.exe
    3⤵
    PID:17484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43209.exe
    3⤵
    PID:7304
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12340.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12340.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15008.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15008.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35310.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17246.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50798.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39662.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62241.exe
        8⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28545.exe
        9⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        9⤵
        
        PID:12208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39807.exe
        9⤵
        
        PID:15408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        9⤵
        
        PID:19312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54424.exe
        8⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30446.exe
        8⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45096.exe
        8⤵
        
        PID:16388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        8⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59884.exe
        7⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10832.exe
        8⤵
        
        PID:14044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13015.exe
        8⤵
        
        PID:17684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        8⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46101.exe
        7⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
        7⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58344.exe
        7⤵
        
        PID:18120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52277.exe
        6⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
        7⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39793.exe
        8⤵
        
        PID:16724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16724 -s 464
        9⤵
        Program crash
        
        PID:19344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56730.exe
        8⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55980.exe
        7⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        8⤵
        
        PID:14304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15319.exe
        8⤵
        
        PID:18024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7687.exe
        7⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
        7⤵
        
        PID:18276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56796.exe
        6⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18737.exe
        7⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65128.exe
        8⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        8⤵
        
        PID:16344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60024.exe
        8⤵
        
        PID:19308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39409.exe
        8⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53509.exe
        7⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23358.exe
        7⤵
        
        PID:15480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22164.exe
        7⤵
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46920.exe
        6⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5342.exe
        6⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19236.exe
        6⤵
        
        PID:15956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-756.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55422.exe
        6⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21038.exe
        7⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51601.exe
        8⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21790.exe
        8⤵
        
        PID:10804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20487.exe
        8⤵
        
        PID:15728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63249.exe
        8⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10791.exe
        7⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8142.exe
        7⤵
        
        PID:12216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12615.exe
        7⤵
        
        PID:16580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58453.exe
        6⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45809.exe
        7⤵
        
        PID:13552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63944.exe
        7⤵
        
        PID:18164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        7⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        6⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1104.exe
        7⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-272.exe
        7⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39592.exe
        6⤵
        
        PID:12000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41439.exe
        6⤵
        
        PID:436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11008.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15851.exe
        5⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27758.exe
        6⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10864.exe
        7⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        7⤵
        
        PID:11724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55759.exe
        7⤵
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52120.exe
        6⤵
        
        PID:8840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        6⤵
        
        PID:12304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        6⤵
        
        PID:16548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        6⤵
        
        PID:7948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57084.exe
        5⤵
        
        PID:7408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3303.exe
        5⤵
        
        PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42993.exe
        5⤵
        
        PID:14168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
        5⤵
        
        PID:18096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
        5⤵
        
        PID:7536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46773.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20814.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38318.exe
        6⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        7⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53729.exe
        8⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29294.exe
        8⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46648.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63249.exe
        8⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55301.exe
        7⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13136.exe
        8⤵
        
        PID:14248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15319.exe
        8⤵
        
        PID:18016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63503.exe
        7⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12423.exe
        7⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
        7⤵
        
        PID:19068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61144.exe
        6⤵
        
        PID:7816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5342.exe
        6⤵
        
        PID:11840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53720.exe
        6⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37668.exe
        5⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13099.exe
        6⤵
        
        PID:8440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39944.exe
        6⤵
        
        PID:11176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
        6⤵
        
        PID:15384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
        6⤵
        
        PID:19180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7611.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
        5⤵
        
        PID:8400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31854.exe
        5⤵
        
        PID:11156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3364.exe
        5⤵
        
        PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44289.exe
        5⤵
        
        PID:3160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14683.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55230.exe
        5⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60622.exe
        6⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7776.exe
        7⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
        7⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
        7⤵
        
        PID:15672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
        7⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6743.exe
        6⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15351.exe
        7⤵
        
        PID:12156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53055.exe
        7⤵
        
        PID:16320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43496.exe
        7⤵
        
        PID:19164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22496.exe
        7⤵
        
        PID:19192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41087.exe
        6⤵
        
        PID:10716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20567.exe
        6⤵
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51439.exe
        6⤵
        
        PID:19352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15588.exe
        5⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        6⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44574.exe
        7⤵
        
        PID:14028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13015.exe
        7⤵
        
        PID:17668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        6⤵
        
        PID:12176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
        6⤵
        
        PID:16000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        6⤵
        
        PID:8256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33758.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52648.exe
        5⤵
        
        PID:12296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55263.exe
        5⤵
        
        PID:16816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
        5⤵
        
        PID:5204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21716.exe
      4⤵
      PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62241.exe
        5⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
        6⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43111.exe
        6⤵
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63135.exe
        6⤵
        
        PID:15052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23400.exe
        6⤵
        
        PID:18452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        6⤵
        
        PID:8264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6359.exe
        5⤵
        
        PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43199.exe
        5⤵
        
        PID:10848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6727.exe
        5⤵
        
        PID:15192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25502.exe
        5⤵
        
        PID:18656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        5⤵
        
        PID:7496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53244.exe
      4⤵
      PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19905.exe
        5⤵
        
        PID:8408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45809.exe
        6⤵
        
        PID:13708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15319.exe
        6⤵
        
        PID:17952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33047.exe
        5⤵
        
        PID:12384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24814.exe
        5⤵
        
        PID:16896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        5⤵
        
        PID:19148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38948.exe
      4⤵
      PID:9284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61233.exe
      4⤵
      PID:9452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31958.exe
      4⤵
      PID:884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47733.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47733.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22366.exe
        5⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58069.exe
        6⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
        7⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43431.exe
        7⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31934.exe
        7⤵
        
        PID:16316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        7⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39592.exe
        6⤵
        
        PID:12132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
        6⤵
        
        PID:19156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
        5⤵
        
        PID:6716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        6⤵
        
        PID:9148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        6⤵
        
        PID:12100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39807.exe
        6⤵
        
        PID:16312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        6⤵
        
        PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
        5⤵
        
        PID:8372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19975.exe
        5⤵
        
        PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3758.exe
        5⤵
        
        PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26567.exe
        5⤵
        
        PID:19272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13618.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49292.exe
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46782.exe
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62110.exe
        6⤵
        
        PID:10160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53624.exe
        6⤵
        
        PID:12048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44239.exe
        6⤵
        
        PID:17220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3895.exe
        5⤵
        
        PID:9800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42668.exe
        5⤵
        
        PID:12844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47032.exe
        5⤵
        
        PID:17172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15008.exe
        5⤵
        
        PID:5524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52485.exe
      4⤵
      PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9904.exe
        5⤵
        
        PID:9024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        5⤵
        
        PID:11560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55759.exe
        5⤵
        
        PID:16396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        5⤵
        
        PID:7972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63439.exe
      4⤵
      PID:7768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27447.exe
      4⤵
      PID:12324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55793.exe
      4⤵
      PID:16776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59838.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58821.exe
        5⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
        6⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45809.exe
        7⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63944.exe
        7⤵
        
        PID:18144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        7⤵
        
        PID:8232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
        6⤵
        
        PID:9644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44495.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25621.exe
        6⤵
        
        PID:18328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9534.exe
        5⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44529.exe
        6⤵
        
        PID:10148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
        6⤵
        
        PID:15144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        6⤵
        
        PID:18552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36209.exe
        6⤵
        
        PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31576.exe
        5⤵
        
        PID:10608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43423.exe
        5⤵
        
        PID:13976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-119.exe
        5⤵
        
        PID:19108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31524.exe
      4⤵
      PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15662.exe
        5⤵
        
        PID:6952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21777.exe
        6⤵
        
        PID:12748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27908.exe
        6⤵
        
        PID:17048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        6⤵
        
        PID:17148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31959.exe
        5⤵
        
        PID:9044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        5⤵
        
        PID:13568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-135.exe
        5⤵
        
        PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        5⤵
        
        PID:3732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-878.exe
      4⤵
      PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59649.exe
        5⤵
        
        PID:14124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48376.exe
        5⤵
        
        PID:17724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
      4⤵
      PID:10472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60143.exe
      4⤵
      PID:15224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33559.exe
      4⤵
      PID:18600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47098.exe
      4⤵
      PID:4500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16222.exe
      4⤵
      PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7776.exe
        5⤵
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
        5⤵
        
        PID:9096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
        5⤵
        
        PID:15688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31875.exe
        5⤵
        
        PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22887.exe
      4⤵
      PID:7784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34952.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50255.exe
      4⤵
      PID:16372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
      4⤵
      PID:8016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55231.exe
    3⤵
    PID:5172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-285.exe
      4⤵
      PID:6684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51057.exe
        5⤵
        
        PID:8808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19991.exe
        5⤵
        
        PID:13140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44239.exe
        5⤵
        
        PID:17160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16199.exe
      4⤵
      PID:8428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19310.exe
      4⤵
      PID:13400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-135.exe
      4⤵
      PID:15808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
      4⤵
      PID:8280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48231.exe
    3⤵
    PID:8096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
      4⤵
      PID:14944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3799.exe
      4⤵
      PID:18464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23056.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23056.exe
    3⤵
    PID:10676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22422.exe
    3⤵
    PID:13988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55855.exe
    3⤵
    PID:19036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5408.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5408.exe
    3⤵
    PID:6460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61644.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61644.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34734.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34734.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55230.exe
        5⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27758.exe
        6⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35265.exe
        7⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        7⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23358.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22164.exe
        7⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65162.exe
        7⤵
        
        PID:19372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59436.exe
        6⤵
        
        PID:9488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57640.exe
        6⤵
        
        PID:13012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62575.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24711.exe
        5⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15504.exe
        6⤵
        
        PID:10580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
        6⤵
        
        PID:14136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51743.exe
        6⤵
        
        PID:18996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45416.exe
        5⤵
        
        PID:10524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
        5⤵
        
        PID:14164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
        5⤵
        
        PID:19008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48716.exe
      4⤵
      PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        5⤵
        
        PID:6604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43495.exe
        6⤵
        
        PID:10244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44495.exe
        6⤵
        
        PID:14584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25621.exe
        6⤵
        
        PID:18352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        6⤵
        
        PID:18972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57320.exe
        5⤵
        
        PID:9872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60431.exe
        5⤵
        
        PID:12904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47032.exe
        5⤵
        
        PID:17336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31536.exe
        5⤵
        
        PID:5508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41354.exe
      4⤵
      PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49905.exe
        5⤵
        
        PID:10776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
        5⤵
        
        PID:13940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28302.exe
        5⤵
        
        PID:19024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46263.exe
      4⤵
      PID:10996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46641.exe
      4⤵
      PID:14284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22758.exe
      4⤵
      PID:3296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36692.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10637.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15838.exe
        5⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
        6⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64168.exe
        6⤵
        
        PID:11008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44332.exe
        6⤵
        
        PID:14424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17367.exe
        6⤵
        
        PID:19328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        6⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32711.exe
        5⤵
        
        PID:8204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        5⤵
        
        PID:11380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12039.exe
        5⤵
        
        PID:16540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44296.exe
      4⤵
      PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7776.exe
        5⤵
        
        PID:7704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
        5⤵
        
        PID:9680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44495.exe
        5⤵
        
        PID:14548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25621.exe
        5⤵
        
        PID:18308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36623.exe
      4⤵
      PID:7572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49640.exe
      4⤵
      PID:11420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50255.exe
      4⤵
      PID:16360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30915.exe
      4⤵
      PID:16136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53900.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32750.exe
      4⤵
      PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        6⤵
        
        PID:14936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3799.exe
        6⤵
        
        PID:18504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        6⤵
        
        PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31959.exe
        5⤵
        
        PID:9648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        5⤵
        
        PID:13496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33768.exe
        5⤵
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        5⤵
        
        PID:3664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21927.exe
      4⤵
      PID:7932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23022.exe
      4⤵
      PID:10456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3271.exe
      4⤵
      PID:15208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
      4⤵
      PID:18608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32101.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32101.exe
    3⤵
    PID:5276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56206.exe
      4⤵
      PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
        5⤵
        
        PID:8672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21790.exe
        5⤵
        
        PID:10952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53736.exe
        5⤵
        
        PID:15648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49409.exe
        5⤵
        
        PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59436.exe
      4⤵
      PID:9480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57832.exe
      4⤵
      PID:12932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62575.exe
      4⤵
      PID:17352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38719.exe
    3⤵
    PID:7056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31985.exe
      4⤵
      PID:15612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55002.exe
      4⤵
      PID:16092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26359.exe
    3⤵
    PID:9664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-320.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-320.exe
    3⤵
    PID:13508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4102.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4102.exe
    3⤵
    PID:17168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
    3⤵
    PID:7476
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7549.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7549.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53870.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40046.exe
        5⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59816.exe
        7⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
        7⤵
        
        PID:13044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38367.exe
        7⤵
        
        PID:17260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65354.exe
        7⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18295.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        7⤵
        
        PID:15068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3799.exe
        7⤵
        
        PID:18496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49368.exe
        7⤵
        
        PID:7568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        6⤵
        
        PID:10740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        6⤵
        
        PID:16784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        5⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3008.exe
        6⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5575.exe
        6⤵
        
        PID:13388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59807.exe
        6⤵
        
        PID:16892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59343.exe
        5⤵
        
        PID:12068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33719.exe
        5⤵
        
        PID:16328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51464.exe
        5⤵
        
        PID:5488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55349.exe
      4⤵
      PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13099.exe
        5⤵
        
        PID:8288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46878.exe
        6⤵
        
        PID:13872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63944.exe
        6⤵
        
        PID:18128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
        6⤵
        
        PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7463.exe
        5⤵
        
        PID:11128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
        5⤵
        
        PID:15376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
        5⤵
        
        PID:19268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25675.exe
      4⤵
      PID:5844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51560.exe
      4⤵
      PID:9692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9104.exe
        5⤵
        
        PID:13440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30503.exe
        5⤵
        
        PID:14504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65327.exe
      4⤵
      PID:13592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40471.exe
      4⤵
      PID:16948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28074.exe
      4⤵
      PID:1112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7876.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7876.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9293.exe
      4⤵
      PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        5⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        6⤵
        
        PID:9172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        6⤵
        
        PID:11928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6558.exe
        6⤵
        
        PID:15624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        6⤵
        
        PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3790.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65489.exe
        6⤵
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48020.exe
        6⤵
        
        PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48533.exe
        5⤵
        
        PID:12860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38367.exe
        5⤵
        
        PID:17252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46713.exe
        5⤵
        
        PID:5376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45957.exe
      4⤵
      PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44529.exe
        5⤵
        
        PID:8944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30759.exe
        5⤵
        
        PID:14676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19371.exe
        5⤵
        
        PID:18160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29934.exe
      4⤵
      PID:8416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25176.exe
      4⤵
      PID:13356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57007.exe
      4⤵
      PID:17464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2779.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2779.exe
    3⤵
    PID:5788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63829.exe
      4⤵
      PID:7248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18798.exe
      4⤵
      PID:11120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26823.exe
      4⤵
      PID:17280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65425.exe
      4⤵
      PID:18292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31541.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31541.exe
    3⤵
    PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62001.exe
      4⤵
      PID:9976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46120.exe
      4⤵
      PID:12964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41167.exe
      4⤵
      PID:17268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
      4⤵
      PID:4044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13591.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13591.exe
    3⤵
    PID:10940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30305.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30305.exe
    3⤵
    PID:15032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exe
    3⤵
    PID:18820
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13886.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13886.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60222.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60222.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47358.exe
      4⤵
      PID:5912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54094.exe
        5⤵
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        6⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        6⤵
        
        PID:12144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47887.exe
        6⤵
        
        PID:16536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47498.exe
        6⤵
        
        PID:19120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        5⤵
        
        PID:9372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32856.exe
        5⤵
        
        PID:12992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31630.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
        5⤵
        
        PID:8576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42015.exe
      4⤵
      PID:7616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5543.exe
      4⤵
      PID:11040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52271.exe
      4⤵
      PID:15172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
      4⤵
      PID:19276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
      4⤵
      PID:7396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62661.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62661.exe
    3⤵
    PID:5956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
      4⤵
      PID:6632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12608.exe
        5⤵
        
        PID:10068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29502.exe
        5⤵
        
        PID:13936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57608.exe
        5⤵
        
        PID:19128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46568.exe
        5⤵
        
        PID:3804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8119.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11230.exe
      4⤵
      PID:12928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47032.exe
      4⤵
      PID:17200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13664.exe
      4⤵
      PID:16164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9531.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9531.exe
    3⤵
    PID:6916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1616.exe
      4⤵
      PID:14744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37431.exe
      4⤵
      PID:17992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42807.exe
    3⤵
    PID:12056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
    3⤵
    PID:16352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13830.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13830.exe
    3⤵
    PID:19148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29601.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1892.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1892.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48126.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48126.exe
    3⤵
    PID:5860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31156.exe
      4⤵
      PID:7224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64335.exe
      4⤵
      PID:9956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11335.exe
      4⤵
      PID:13864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40479.exe
      4⤵
      PID:17548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11940.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11940.exe
    3⤵
    PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43697.exe
      4⤵
      PID:14020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13015.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:17744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
      4⤵
      PID:8276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55128.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55128.exe
    3⤵
    PID:10976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29774.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29774.exe
    3⤵
    PID:15016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
    3⤵
    PID:19032
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39150.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39150.exe
  2⤵
  PID:5876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44549.exe
      4⤵
      PID:9276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63503.exe
      4⤵
      PID:11892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12039.exe
      4⤵
      PID:16624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19831.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19831.exe
    3⤵
    PID:8596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
    3⤵
    PID:11996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48661.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48661.exe
    3⤵
    PID:16696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
    3⤵
    PID:6164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49347.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49347.exe
  2⤵
  PID:6528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
  2⤵
  PID:8348
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59912.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59912.exe
  2⤵
  PID:13420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7327.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7327.exe
  2⤵
  PID:17432
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25008.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25008.exe
  2⤵
  PID:19328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4216 -ip 4216
1⤵
PID:4820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 6056 -ip 6056
1⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 6048 -ip 6048
1⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 9656 -ip 9656
1⤵
PID:11212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 10648 -ip 10648
1⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 8448 -ip 8448
1⤵
PID:13820

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:6392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12340.exe

Filesize
184KB

MD5
1f0ca7e21c2f1026cc5ea37e433d2015

SHA1
69743cec24fd5cf6d1339998310d33ff0e4c43b8

SHA256
6b7ff3fcade2eec0f05909924709156682246a9252ffd89e535905f5181319a4

SHA512
996b6683ab6d0c745e4b27f9f1b80858a4e15d7d3ea9459f63e0c1a98ad28d5a9e61174e0be92ffdd730a91525b0f37d8c5db0cee2ba81ad6de53ddeee8ee032

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13886.exe

Filesize
184KB

MD5
a87a504b213b9d758ae83ccf85ad2358

SHA1
cc30437e1d561905ee66a26eaead9406e70422c3

SHA256
351fee6fb21424aaf5a1be65c47fa7f7f2c947141724a6927f1691405ea2e61b

SHA512
cf7648dd6fc10d6462b0abbbf8e01f4f4a76b51b7b0a0516a73d2951a02dedf26af616c02454e2d1c8fdb4258b709d719109a5c71bc2a0d6faef32d31aab06e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15008.exe

Filesize
184KB

MD5
45399827c2b4a5fd0473134ffda57a32

SHA1
eef59444f2820830d6037024ceeccf53e88e0d11

SHA256
05644901a14fe9847ac7781b92735cde80112f112299070b625f2e7ec4744c4d

SHA512
7218362a5bf89fcc939c00a3b08634adae53fa4d22cc606657135550d8af45139e91d29649bcd7343340f09dd9129f1c5f647976ed706026842af9cc9281d561

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15556.exe

Filesize
184KB

MD5
889fe57830bfd38d3dc199b88444e06c

SHA1
39afa6ea5be2dcb61989394fbb1c5eb819a42e38

SHA256
ac3e8395da772d527585bd93fefca2087cb7a378bfd5091329bb9a9000ebe3f4

SHA512
ffe28a3012695fbba74dce90b450fd88bb77d75d941024e40b80d7ae6517370bba35b365cdd03473a0082e204d156c03bf503af4b75f8b8383863da41eb6dbce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15710.exe

Filesize
184KB

MD5
aef13fa6927159e1eadcea86f82a953b

SHA1
d0f9aa93e82d2c0109dcf336b04948fa70501a41

SHA256
f58d7fe37d7ace28f053e446c0114729288caa86a948e85585e1b2d1c14d509c

SHA512
6107c32730663aa63d0f87bf69e3e3ae4424c53fdc4c68f9f5418adb77c81e59ceb0a1eaf029bcbd6d98a5027f98e12d1ce8be0dc859e3a3f85b9a47b2c9a859

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe

Filesize
184KB

MD5
93805657aea80d84d8966aab91ab55f0

SHA1
8bf2629e0f710b214e940d977647e027162561ad

SHA256
034efbd05631f3927013936c0dcf0ab33dc539bfab6b7a89109173fa28e3a046

SHA512
0223c1d0f2bd0bc1fa5e0e80656e7d422a042028d16fe79305e941dc233f4ab8eac04cc486a14c05147b8a0544c6570e8d6f8e842566a618f8dc13808cc4b816

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17246.exe

Filesize
184KB

MD5
01d2b4564602076d209922ca1108975c

SHA1
2dcd70c81914a7e305899e26876665a091fdb57d

SHA256
8bf82507ace63a7d6aad11a3883a7b8f179f8877bf0f6bfc69f744824b8e6fd1

SHA512
96b15b8330aa62098e146a40720be865385df2dc17d9f1c6a0bf1d4beeb89b81f150d3ea45479e17a80f3a6c97ca4a8048dbb47f02277ba0b68538437bfa1796

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe

Filesize
184KB

MD5
92ed23c214696743e69a0620a6ee5f69

SHA1
d715b667e16d58935637f27c8a6341da3d2b115e

SHA256
5e02b74c7d0427fcbe7b71160caf2651bdbc1d9dc58482eb498d1ba9443d1e7e

SHA512
166972b5c53443bfcfa2c846710a7fc6d069d68193966c7a44fd39bae527abaee4ec0682c8f6cae0c4ec9fe167d680b8a9718700f72d06a0b18c99ba1c435801

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19550.exe

Filesize
184KB

MD5
7c420d03c3735c5f02b37fd814699755

SHA1
5c9e41fcbaa46f0fd5e1a133281e7e4938fc511b

SHA256
60373747381b9e12f37292eb6355ae9111b666c1c6a553a122997a29c6170a94

SHA512
67a650a92527677ace832ec27266c9b44c8b43b5f436cceb61d38a0d13bfb11aa69c3c8ff1f9d429510e43c119ab6eaf7c9bd895de4ff583720ff4af610e9b94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe

Filesize
184KB

MD5
cbc6c82e2d330d45d18dc9c67f6f6b25

SHA1
085d858837a06ad2bae469e001749fd6e6e865aa

SHA256
d599075f76b1710e71356693e188b5232507bded308109e1f7f090634976c1fd

SHA512
38ad2cba306c62d69f3df052c939e0dd98a01e6b6cff3a06082a308efabeb0223081bea39ee0df7e8d7e22dc762d774d6bb9501a86ac942e0e6a9d8a0bbe0422

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2365.exe

Filesize
184KB

MD5
1caa6561c969a2e4fc218b4f7a1119aa

SHA1
c9bbd138cb3b0118029dfd36f61f7316fd7a8d1f

SHA256
df248269a88568f8a6b485a2ccd2d787aad5a4c2910f7367c6bd94941db659ca

SHA512
d0ea78cb3625dbb876d0cd782b8f4944ca3bb85dcb415161b76f068a7b9c2fda5a829ecbe8b5f5aa4de572fe6c9885f84b03682346b24aa4af3e91e340e1cd9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-272.exe

Filesize
184KB

MD5
4da778c7f8af30ef761cb5320c0cd27e

SHA1
5f1e2a90aaffb43835ad1927fa08f1a21e3d188a

SHA256
e289927be3202f0e791b4c8ef72ed173fccc3118848e960479171cecd9c137eb

SHA512
4a6ec5233c63f57bbd3cdc42142c7445308dc4c9ce1cd6b1b0dbc103caa223365b31b615a073218a6d6b8f2ed1d06ad946d0fc1e02e7508a20107c55e1858d93

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe

Filesize
184KB

MD5
38a680baa8b20f39702756d1454a10e1

SHA1
6870dcdbb812346beb80b204a50de60554a829af

SHA256
7be52d7d003064e4839398c796cc4656991fc6f0ba10c592a4b09784d3e99f14

SHA512
d717d4108da7838dfdfcb13e49b943376f7444fd08c73c114022f86cc71a810924a1a49a1e08c61e46a4ba9f84e21344891c711e412d15103d7e41a0b6a3bc65

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe

Filesize
184KB

MD5
b8d2b21636f082849a26bab5d17f3ae9

SHA1
811edf3a3a045dc26bd35ba2811b5faa5dfac1d4

SHA256
67d3ab6a8075e786b834dd44b1e60252938e1aebb98d0428a92e805bf6d437f9

SHA512
af55d199c58b411dbcd127f91bde48c80699676ba482cae5af31fe7c109481426ce82ddb5fc1311f69cbcba8aaaa1ffe5e21b25f1bbed1379b216e8fca5028ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34734.exe

Filesize
184KB

MD5
db6b0ceb696e87ca8484f56295191059

SHA1
c30615a8dd64070a24e733d328b1ae6d41b0e043

SHA256
22a9dc79e79da8127a3b6bbf09549f3295cf68e3e0d22add5a546653e2b72119

SHA512
ff36d323ad5b55a195b7939b7379e273a18979784356f20556ae8d1254d5f700d683f536504194021e73a88883f8623d9859cd6c55d0acc0c9516a6e6e371989

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35310.exe

Filesize
184KB

MD5
65c162ca26f79b917121241381621f7c

SHA1
8235d7d89a7229279b49ca6813a61d2912983118

SHA256
54c9d1db9e0de8278e1592889816f656148adf4085b8b1f8ba8ef5041f0a8716

SHA512
3977e0ccb4a0e2fb46aee4e46bbd8eba1cbded5f2b42f8ba4bbba5eb8cbe30130599fbe8d05e61868738702c4c2341ab1566cb90f014df1b41630f0e9ded9ffa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36692.exe

Filesize
184KB

MD5
7d88359ff83e62d82e6f86daa5af0a56

SHA1
4a76680576a4a990a60794594c862912258c7a4f

SHA256
9392642f332bf7e7494473c5517920a675defbe0ed330813252e180911aab770

SHA512
0e8db761dce2020fb72f0163307239ad2c974a3bebc790736a6732fe32708415705c94c7e1511f6f5103733d383bd606bab11f558735cb4a56b142627c92b2e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40030.exe

Filesize
184KB

MD5
96eeb4909d5083d38e2bb82a41a38959

SHA1
1ca76998c2323eb06d36bc6e2a5e2d690ad8b90e

SHA256
e7aef419c99034589c366d66a64fd94bb6ab84fe7e6b15f76da815fa138d450c

SHA512
0a25641a6ba51297c1071d799549d4001add47f1f7f7d90c32458f3253568941eec05851690281a045cea9151f73d9739f5203d6f2213b5d8d722d5ca0d09cf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43016.exe

Filesize
184KB

MD5
16c333ff7f644cda6bf7d0b3fddc1799

SHA1
65fd429fbaa968b8844261165bfa79ba78895e5a

SHA256
67b1445ccebc3933bcef9f9f269a0fa6fd0303bfa0beeb9b4be07ee92a4fd822

SHA512
617ec78a6eb9ed2b9c60f61d48bda888c9d73c3e759e64a47537a7f278c1ed2718b75c7ad947b04743adc1632d8954403fbc243fb91c667806b358a1e1a85bbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44655.exe

Filesize
184KB

MD5
0eb791e66c6455dc4448a06392f94820

SHA1
b693c7c9d87abb672a38f32116bb533b3adad84b

SHA256
42a166a70221676c84af22a9e8da9c6fbdc8ae72b448e0a1de5213aac00abbcb

SHA512
3ee62271bce48b83d211b14a23d7096d99904d7bf3a5755b8ac0cd2c11909bd066157be1e9295220c211d03187bdc988ebd24ee72aab749f3b11e63eb6e8d778

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46773.exe

Filesize
184KB

MD5
b82cf2f464509a34cb5679627e1461be

SHA1
3a0775a08e86d717d692dd3c70891a4531d1dc99

SHA256
d6c6c63ceee12bb0752426d90cb97057cdee82522032228e4d86d526bcf12fd5

SHA512
676c545dd9555f232a5d2eb4571dbf29c7020502cfd3917bbfba0844a8f1c41ab286ae7206330a86450fc93dc854a3f2eb7998f462ab7f460bb1ce768e2bc63d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47733.exe

Filesize
184KB

MD5
8c58d8f057834723f131509ebc8fbe9d

SHA1
504df12011e97a1228da0ebddd3bc9dc9b79fad3

SHA256
f48d782e0f1fce355f66fa46b8a6f0e86cc1a5007e2f6f8711892dc5d625177b

SHA512
c5b8cb4a479015dc637bfcb41cd8a0ae708688dc238e003468ffc0c4ab0b1770027e581ebecf4d32900d0599cb14cfc78e75b27216f63495bf0eda650e8462ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49077.exe

Filesize
184KB

MD5
1978bea096baabdc96dc0c4f55e2c5e0

SHA1
0ab5b64eb9714270a74124fe245a0f9069b4c58a

SHA256
34e539dfcd26a1421c02c654d9cfeaef03a7ff88afac0b49b7c0e31c3ac03fda

SHA512
e3780d837ae5f6931f3304da8d13e552664a9989183429ca7d9efe57626b240ac68614577c6b9994b6f4021fb611e8cea9c16096458287a200d989be8d1fe830

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe

Filesize
184KB

MD5
1848d529f4de3e71cbd428c6f9d19018

SHA1
25c710029a6300b2e76b602be4cff002c26d674b

SHA256
36f4a354517feea17445405bfef15c3ade7d552db5375805f57424d240d5b4d5

SHA512
be835b2b2efbcff15c904fb1349a284b55556f4d08f1885cee1e9f608cf98517f86f4a54cf27494151de33e5d2a010c4928c8385f8acaccce8106c4e5bff2f52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52645.exe

Filesize
184KB

MD5
a919aee7061f4066625c515c31deeb7c

SHA1
4d17a7021c5f5bbfbfa8941fe93632b5dbac3c8e

SHA256
f406ff851840d8bd303acc5475a29cb2db7389530f0baafab5c172f62cdaea97

SHA512
49579dce5c4f6f4bd7764113e2076e37356d2d8b7c431966827f27ee671c6c9cb1a6fc088b26645c4963a0270cd483cc2d01c14c4a66eddb4dd8d70dd4f25615

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56293.exe

Filesize
184KB

MD5
de8ca0e9226ab45fbaefe2eb3baaea4c

SHA1
071e18a1fd544077f689814ea54362eb051c5938

SHA256
91a43060af1e595597c3147f115fa77ad12adbe4fb4f2e4885fd3d6d16059080

SHA512
a8d400121ac8febc080226fbac077ce18c661e9b08ff4cff56c1383ff75666edc7cd47973d67e2f019e3a37c20f9bd49cc1f21ad7f62e5e4b44d5f5a285f49f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58972.exe

Filesize
184KB

MD5
0495fd6b3c7d4df2f841f8de8216c85e

SHA1
f14a86a43058eec7a26dc6e80cb08776594f7a9d

SHA256
9a3083676a753c605741a8584cdc84ec354fb069fb8063814117c144f77a34f5

SHA512
6aa0eea4bb1e52029da3cd36ff2f391ff83a6e1abb4b6445b4ea59ca3a4546a64edad44fa429811ef36dfa31b5466fbad509b97cab77c1845a02d6421f53aefe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59217.exe

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60680.exe

Filesize
184KB

MD5
de20a26a64dae65ab1a12a69f27b4b15

SHA1
8efa895cfe6c819dbd69d4be624e7b42a003e629

SHA256
f8348c0e24c42712a9c89cf9b9b511bfa3a989525317c053ad62243ae2222775

SHA512
7339b91619dc14ba5be4f0e7bc6b0aaf7ded93bcf0cea959520de5a405112e726b1bd9ee605833a49ceb7b7f0e76e1cdd55a2e3be0a26e88f839c0ed34756886

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61644.exe

Filesize
184KB

MD5
fb1f5fe560533734bfba672713355f72

SHA1
7b76d625a3f63d401d7ad1e240f1e035aeaf0da5

SHA256
0420b5fd039be7ae5498a277cbc088747e516203e7756eb1b601456ee6179431

SHA512
2b5177064211ca53e9160954aae3a705a817d9ff99dab308be526b2d659afac1262cc79c969f2ed49a2dfdd2a705419cc676876a8f20a2d556e5940819a5b9ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61660.exe

Filesize
184KB

MD5
f6ac362251e0373966e42f48cb3bf5a0

SHA1
e35f20f0022b451e233b02f808d294a74ed963eb

SHA256
308622e592d71c05350427f2977365239fcf34596ae7e73b0cc47a21c89922b4

SHA512
e708c204f11cdde5ecf75a73ef56906a292196d15d2f1b66c1877e198b6a6d9ae02d3e146402a4a1460318f8fb3fb4ecada386ed15e885244702c674133ac2a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64686.exe

Filesize
184KB

MD5
38913d668a999b5cc0d6006f7c89747f

SHA1
dfc8adfbf94a9726873587ff9d8c94a2d655ccba

SHA256
ab68f8db1974579c61019708d1fccb5f9808f09aabd932eaa660ab14f2850abb

SHA512
41f7f7db1dad7e09055b987aa07fb7aca35d669c94e473d11d6d47deb30cdfc3d62158bf75fca22b57067c1c71a438d1a2bcc034613e1847d0096fd82dd3ddea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65486.exe

Filesize
184KB

MD5
2c79e393b1dd5cb60aa41d6313a28797

SHA1
10adfe8f8b29991e3a84e619f7231e6d9b4087fb

SHA256
ed55b1871fb8949f4b225b8943b95add275bc7a83b1cd2d897bf2b82b8da224b

SHA512
39a998e1da0de98de66187834f40ab947cd2d74fa36d2602f0899b4df6f260e9bd59bf000d8d522588a5824daaa48c5686e5d648395e65929c1d28193fda6dfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7549.exe

Filesize
184KB

MD5
f0260f7760684a4b8a359972d69749eb

SHA1
a2abdac361ef30af3bb28d6b0fd7408fb8b468e9

SHA256
d3f7401a45b96d87e5afbb242955387c804579dc76c17f30630cd389e553ee30

SHA512
1828a09cd26fd21643c30d42be47b0bf4c52be88e2576b5eda9c6485a5a6d54b979e886856dc81e79b7742b44245a7078397eda5e897f8e382d3f6f3ae575285

Download Submit
memory/3896-5788-0x0000000074ED0000-0x0000000074F6F000-memory.dmp

Filesize
636KB

Download
memory/7472-4276-0x00007FFD9C3B0000-0x00007FFD9C5A5000-memory.dmp

Filesize
2.0MB

Download
memory/11168-5493-0x0000000075980000-0x0000000075998000-memory.dmp

Filesize
96KB

Download
memory/14496-5494-0x0000000076E80000-0x0000000076EA4000-memory.dmp

Filesize
144KB

Download
memory/15372-5368-0x00007FFD9C3B0000-0x00007FFD9C5A5000-memory.dmp

Filesize
2.0MB

Download
memory/15392-5496-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/17240-5791-0x00007FFD9C3B0000-0x00007FFD9C5A5000-memory.dmp

Filesize
2.0MB

Download
memory/18736-5491-0x0000000076230000-0x00000000762A5000-memory.dmp

Filesize
468KB

Download
memory/19068-4690-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads