cb4d6c359e4c19ad58e8b71d5089a501030cec9a88d4560fc3bd1f2fe227d1c2

Analysis

max time kernel
111s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/09/2024, 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e520dc58f5ca5186b4633bbb0fbbe980N.exe
Size

184KB
MD5

e520dc58f5ca5186b4633bbb0fbbe980
SHA1

0c08b033e9330a052009c337297b5c0677f51193
SHA256

cb4d6c359e4c19ad58e8b71d5089a501030cec9a88d4560fc3bd1f2fe227d1c2
SHA512

b02ad1d1cbb03c30cbfaf17a10fd97fb28297ff0e43f66aaf312019c1062877b04eb2c77b1a43f01649f209e6fd174e92104aabe8347095f33a83b19b0b7acb3
SSDEEP

3072:Aq//+Do3p/d8DdrwTxwK5Y8TsNvnqnviu:AqeoI5rw95dTsNPqnviu

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4796	Unicorn-14597.exe
3752	Unicorn-45070.exe
2716	Unicorn-17036.exe
2240	Unicorn-31230.exe
3064	Unicorn-31230.exe
3548	Unicorn-15448.exe
4944	Unicorn-21015.exe
1984	Unicorn-1629.exe
1304	Unicorn-1629.exe
2460	Unicorn-1629.exe
1652	Unicorn-1629.exe
2216	Unicorn-58733.exe
2808	Unicorn-43216.exe
5096	Unicorn-52868.exe
3968	Unicorn-23436.exe
1008	Unicorn-45519.exe
4664	Unicorn-64277.exe
4888	Unicorn-4870.exe
1192	Unicorn-62239.exe
380	Unicorn-62239.exe
3976	Unicorn-62239.exe
1836	Unicorn-62239.exe
3392	Unicorn-21207.exe
1936	Unicorn-28612.exe
3520	Unicorn-17677.exe
4264	Unicorn-37278.exe
1784	Unicorn-17677.exe
4436	Unicorn-17677.exe
4472	Unicorn-17677.exe
2828	Unicorn-3474.exe
3604	Unicorn-23630.exe
2700	Unicorn-49167.exe
4920	Unicorn-49167.exe
2040	Unicorn-65119.exe
404	Unicorn-137.exe
2188	Unicorn-61590.exe
1408	Unicorn-137.exe
2872	Unicorn-32255.exe
3176	Unicorn-52675.exe
5108	Unicorn-7677.exe
2940	Unicorn-65311.exe
3132	Unicorn-45446.exe
4480	Unicorn-329.exe
4768	Unicorn-61035.exe
4372	Unicorn-52867.exe
4548	Unicorn-4056.exe
3224	Unicorn-54574.exe
1872	Unicorn-734.exe
3744	Unicorn-12986.exe
2324	Unicorn-15024.exe
3020	Unicorn-1289.exe
1476	Unicorn-8902.exe
1956	Unicorn-39529.exe
348	Unicorn-53827.exe
4960	Unicorn-24277.exe
2952	Unicorn-2964.exe
2596	Unicorn-37491.exe
1376	Unicorn-37491.exe
2384	Unicorn-43613.exe
1968	Unicorn-18549.exe
4088	Unicorn-46583.exe
64	Unicorn-62535.exe
4384	Unicorn-45437.exe
5000	Unicorn-3002.exe

Program crash 9 IoCs

pid	pid_target	Process	procid_target
5280	2940	WerFault.exe	137
7768	6908	WerFault.exe	263
8744	7868	WerFault.exe	354
8916	7724	WerFault.exe	355
8928	7844	WerFault.exe	356
3628	7868	WerFault.exe	354
4948	7844	WerFault.exe	356
8964	7724	WerFault.exe	355
17836	18140	WerFault.exe	904

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59271.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28659.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38565.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49754.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2996.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48010.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15720.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16473.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14709.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56125.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9074.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30783.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7470.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-209.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34480.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15448.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42790.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51223.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1949.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52675.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48113.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15965.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34243.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25336.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5832.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45675.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57181.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64346.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12508.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7677.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-117.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54737.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52930.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58010.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39878.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54279.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62094.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61590.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "2"	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,17110992,7202269,41484365,17110988,7153487,39965824,17962391,508368333,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,7202269,17110992,41484365,39965824,7153487,17110988,508368333,17962391,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\TrustCenter\Experimentation	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 50,1329 10,1329 15,1329 100,1329 6"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "2"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 10,1329 50,1329 15,1329 100,1329 6"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	OfficeClickToRun.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5888	svchost.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	12068	dwm.exe
Token: SeChangeNotifyPrivilege	12068	dwm.exe
Token: 33	12068	dwm.exe
Token: SeIncBasePriorityPrivilege	12068	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2656	e520dc58f5ca5186b4633bbb0fbbe980N.exe
4796	Unicorn-14597.exe
3752	Unicorn-45070.exe
2716	Unicorn-17036.exe
2240	Unicorn-31230.exe
3064	Unicorn-31230.exe
3548	Unicorn-15448.exe
4944	Unicorn-21015.exe
1304	Unicorn-1629.exe
2460	Unicorn-1629.exe
2808	Unicorn-43216.exe
1652	Unicorn-1629.exe
5096	Unicorn-52868.exe
2216	Unicorn-58733.exe
1984	Unicorn-1629.exe
3968	Unicorn-23436.exe
1008	Unicorn-45519.exe
4664	Unicorn-64277.exe
4888	Unicorn-4870.exe
1836	Unicorn-62239.exe
380	Unicorn-62239.exe
3976	Unicorn-62239.exe
1192	Unicorn-62239.exe
1936	Unicorn-28612.exe
3392	Unicorn-21207.exe
4264	Unicorn-37278.exe
4436	Unicorn-17677.exe
3520	Unicorn-17677.exe
1784	Unicorn-17677.exe
4472	Unicorn-17677.exe
2828	Unicorn-3474.exe
3604	Unicorn-23630.exe
4920	Unicorn-49167.exe
2700	Unicorn-49167.exe
2040	Unicorn-65119.exe
404	Unicorn-137.exe
1408	Unicorn-137.exe
2872	Unicorn-32255.exe
2188	Unicorn-61590.exe
3176	Unicorn-52675.exe
2940	Unicorn-65311.exe
5108	Unicorn-7677.exe
3132	Unicorn-45446.exe
4480	Unicorn-329.exe
4768	Unicorn-61035.exe
3224	Unicorn-54574.exe
1872	Unicorn-734.exe
4960	Unicorn-24277.exe
3744	Unicorn-12986.exe
348	Unicorn-53827.exe
3020	Unicorn-1289.exe
2324	Unicorn-15024.exe
1476	Unicorn-8902.exe
2596	Unicorn-37491.exe
1956	Unicorn-39529.exe
4372	Unicorn-52867.exe
2952	Unicorn-2964.exe
2384	Unicorn-43613.exe
1376	Unicorn-37491.exe
4548	Unicorn-4056.exe
4088	Unicorn-46583.exe
1968	Unicorn-18549.exe
64	Unicorn-62535.exe
4384	Unicorn-45437.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 4796	2656	e520dc58f5ca5186b4633bbb0fbbe980N.exe	92
PID 2656 wrote to memory of 4796	2656	e520dc58f5ca5186b4633bbb0fbbe980N.exe	92
PID 2656 wrote to memory of 4796	2656	e520dc58f5ca5186b4633bbb0fbbe980N.exe	92
PID 4796 wrote to memory of 3752	4796	Unicorn-14597.exe	95
PID 4796 wrote to memory of 3752	4796	Unicorn-14597.exe	95
PID 4796 wrote to memory of 3752	4796	Unicorn-14597.exe	95
PID 2656 wrote to memory of 2716	2656	e520dc58f5ca5186b4633bbb0fbbe980N.exe	96
PID 2656 wrote to memory of 2716	2656	e520dc58f5ca5186b4633bbb0fbbe980N.exe	96
PID 2656 wrote to memory of 2716	2656	e520dc58f5ca5186b4633bbb0fbbe980N.exe	96
PID 2716 wrote to memory of 3064	2716	Unicorn-17036.exe	99
PID 2716 wrote to memory of 3064	2716	Unicorn-17036.exe	99
PID 2716 wrote to memory of 3064	2716	Unicorn-17036.exe	99
PID 3752 wrote to memory of 2240	3752	Unicorn-45070.exe	98
PID 3752 wrote to memory of 2240	3752	Unicorn-45070.exe	98
PID 3752 wrote to memory of 2240	3752	Unicorn-45070.exe	98
PID 4796 wrote to memory of 3548	4796	Unicorn-14597.exe	100
PID 4796 wrote to memory of 3548	4796	Unicorn-14597.exe	100
PID 4796 wrote to memory of 3548	4796	Unicorn-14597.exe	100
PID 2656 wrote to memory of 4944	2656	e520dc58f5ca5186b4633bbb0fbbe980N.exe	101
PID 2656 wrote to memory of 4944	2656	e520dc58f5ca5186b4633bbb0fbbe980N.exe	101
PID 2656 wrote to memory of 4944	2656	e520dc58f5ca5186b4633bbb0fbbe980N.exe	101
PID 4944 wrote to memory of 1984	4944	Unicorn-21015.exe	105
PID 4944 wrote to memory of 1984	4944	Unicorn-21015.exe	105
PID 4944 wrote to memory of 1984	4944	Unicorn-21015.exe	105
PID 2240 wrote to memory of 1652	2240	Unicorn-31230.exe	107
PID 2240 wrote to memory of 1652	2240	Unicorn-31230.exe	107
PID 2240 wrote to memory of 1652	2240	Unicorn-31230.exe	107
PID 3548 wrote to memory of 1304	3548	Unicorn-15448.exe	104
PID 3548 wrote to memory of 1304	3548	Unicorn-15448.exe	104
PID 3548 wrote to memory of 1304	3548	Unicorn-15448.exe	104
PID 3064 wrote to memory of 2460	3064	Unicorn-31230.exe	106
PID 3064 wrote to memory of 2460	3064	Unicorn-31230.exe	106
PID 3064 wrote to memory of 2460	3064	Unicorn-31230.exe	106
PID 4796 wrote to memory of 5096	4796	Unicorn-14597.exe	108
PID 4796 wrote to memory of 5096	4796	Unicorn-14597.exe	108
PID 4796 wrote to memory of 5096	4796	Unicorn-14597.exe	108
PID 2656 wrote to memory of 2216	2656	e520dc58f5ca5186b4633bbb0fbbe980N.exe	109
PID 2656 wrote to memory of 2216	2656	e520dc58f5ca5186b4633bbb0fbbe980N.exe	109
PID 2656 wrote to memory of 2216	2656	e520dc58f5ca5186b4633bbb0fbbe980N.exe	109
PID 2716 wrote to memory of 2808	2716	Unicorn-17036.exe	110
PID 2716 wrote to memory of 2808	2716	Unicorn-17036.exe	110
PID 2716 wrote to memory of 2808	2716	Unicorn-17036.exe	110
PID 3752 wrote to memory of 3968	3752	Unicorn-45070.exe	111
PID 3752 wrote to memory of 3968	3752	Unicorn-45070.exe	111
PID 3752 wrote to memory of 3968	3752	Unicorn-45070.exe	111
PID 2808 wrote to memory of 1008	2808	Unicorn-43216.exe	112
PID 2808 wrote to memory of 1008	2808	Unicorn-43216.exe	112
PID 2808 wrote to memory of 1008	2808	Unicorn-43216.exe	112
PID 2716 wrote to memory of 4664	2716	Unicorn-17036.exe	114
PID 2716 wrote to memory of 4664	2716	Unicorn-17036.exe	114
PID 2716 wrote to memory of 4664	2716	Unicorn-17036.exe	114
PID 1304 wrote to memory of 4888	1304	Unicorn-1629.exe	113
PID 1304 wrote to memory of 4888	1304	Unicorn-1629.exe	113
PID 1304 wrote to memory of 4888	1304	Unicorn-1629.exe	113
PID 5096 wrote to memory of 380	5096	Unicorn-52868.exe	117
PID 5096 wrote to memory of 380	5096	Unicorn-52868.exe	117
PID 5096 wrote to memory of 380	5096	Unicorn-52868.exe	117
PID 1984 wrote to memory of 1192	1984	Unicorn-1629.exe	115
PID 1984 wrote to memory of 1192	1984	Unicorn-1629.exe	115
PID 1984 wrote to memory of 1192	1984	Unicorn-1629.exe	115
PID 2460 wrote to memory of 3976	2460	Unicorn-1629.exe	116
PID 2460 wrote to memory of 3976	2460	Unicorn-1629.exe	116
PID 2460 wrote to memory of 3976	2460	Unicorn-1629.exe	116
PID 1652 wrote to memory of 1836	1652	Unicorn-1629.exe	118

C:\Users\Admin\AppData\Local\Temp\e520dc58f5ca5186b4633bbb0fbbe980N.exe
"C:\Users\Admin\AppData\Local\Temp\e520dc58f5ca5186b4633bbb0fbbe980N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45070.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45070.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31230.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1629.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62239.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
        8⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18327.exe
        9⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50911.exe
        10⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4393.exe
        11⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12508.exe
        11⤵
        
        PID:14928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18895.exe
        11⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
        10⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
        10⤵
        
        PID:13528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61938.exe
        9⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59391.exe
        10⤵
        
        PID:15888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10292.exe
        9⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63402.exe
        9⤵
        
        PID:16180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27049.exe
        8⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31725.exe
        9⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:16684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5035.exe
        10⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
        9⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55530.exe
        9⤵
        
        PID:17952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52919.exe
        9⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19612.exe
        8⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57678.exe
        8⤵
        
        PID:12408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56185.exe
        8⤵
        
        PID:17960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32107.exe
        8⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        7⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51767.exe
        8⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe
        9⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19511.exe
        10⤵
        
        PID:16372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        9⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
        9⤵
        
        PID:15912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4215.exe
        9⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13940.exe
        8⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2214.exe
        9⤵
        
        PID:15672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33623.exe
        9⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55950.exe
        8⤵
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        8⤵
        
        PID:16952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
        7⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        8⤵
        
        PID:16676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45492.exe
        8⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57129.exe
        7⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61362.exe
        7⤵
        
        PID:14764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48981.exe
        7⤵
        
        PID:8796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45446.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
        7⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54891.exe
        8⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        9⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        10⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        10⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
        10⤵
        
        PID:18328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35736.exe
        10⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48010.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48113.exe
        9⤵
        
        PID:13756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        9⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19862.exe
        9⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26681.exe
        8⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        9⤵
        
        PID:16764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35285.exe
        8⤵
        
        PID:12944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51446.exe
        8⤵
        
        PID:18000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57330.exe
        7⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34465.exe
        8⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49059.exe
        9⤵
        
        PID:16796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59213.exe
        8⤵
        
        PID:12716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19349.exe
        8⤵
        
        PID:17924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11636.exe
        7⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12561.exe
        7⤵
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39849.exe
        7⤵
        
        PID:18300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
        6⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26001.exe
        7⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        8⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        8⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34480.exe
        8⤵
        
        PID:17856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62129.exe
        7⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53786.exe
        7⤵
        
        PID:13936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29132.exe
        7⤵
        
        PID:17536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15285.exe
        6⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59199.exe
        7⤵
        
        PID:14744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22139.exe
        7⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51353.exe
        6⤵
        
        PID:10048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5809.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14046.exe
        6⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17677.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37491.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36059.exe
        7⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19635.exe
        8⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10958.exe
        9⤵
        
        PID:15840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7361.exe
        8⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
        8⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11310.exe
        8⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
        7⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        8⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        8⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        8⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25180.exe
        7⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
        7⤵
        
        PID:13620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18511.exe
        7⤵
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49.exe
        6⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28187.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
        8⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6696.exe
        8⤵
        
        PID:12364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        8⤵
        
        PID:18028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
        7⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16453.exe
        7⤵
        
        PID:13196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19428.exe
        7⤵
        
        PID:17452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6259.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
        6⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        7⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        7⤵
        
        PID:13304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38565.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:18376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41548.exe
        7⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60018.exe
        6⤵
        
        PID:10004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
        6⤵
        
        PID:13408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29521.exe
        6⤵
        
        PID:8524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60755.exe
        6⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7190.exe
        7⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35727.exe
        8⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43055.exe
        9⤵
        
        PID:15468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        8⤵
        
        PID:17488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8312.exe
        7⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22877.exe
        7⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
        7⤵
        
        PID:7788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53630.exe
        6⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64819.exe
        7⤵
        
        PID:15732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4376.exe
        6⤵
        
        PID:9356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31010.exe
        6⤵
        
        PID:13576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60682.exe
        5⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64559.exe
        6⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 464
        7⤵
        Program crash
        
        PID:7768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
        6⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        7⤵
        
        PID:16724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4200.exe
        6⤵
        
        PID:11656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
        6⤵
        
        PID:16648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3688.exe
        5⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
        6⤵
        
        PID:16612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        5⤵
        
        PID:10104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49927.exe
        5⤵
        
        PID:13908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18031.exe
        5⤵
        
        PID:8044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23436.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3474.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46583.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
        7⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12042.exe
        8⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30403.exe
        9⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39931.exe
        10⤵
        
        PID:16412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21741.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:13168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22228.exe
        9⤵
        
        PID:18248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15965.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49125.exe
        8⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34150.exe
        8⤵
        
        PID:16880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42041.exe
        7⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        8⤵
        
        PID:15708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
        7⤵
        
        PID:11448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58821.exe
        7⤵
        
        PID:15736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-625.exe
        6⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60018.exe
        7⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9806.exe
        8⤵
        
        PID:14412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12456.exe
        7⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42790.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2788.exe
        6⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14549.exe
        7⤵
        
        PID:16900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15825.exe
        6⤵
        
        PID:11156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9708.exe
        6⤵
        
        PID:14904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18549.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19177.exe
        7⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49059.exe
        8⤵
        
        PID:16788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-780.exe
        7⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22177.exe
        7⤵
        
        PID:15460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31237.exe
        6⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        7⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        7⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34480.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37625.exe
        6⤵
        
        PID:10188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53978.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61656.exe
        6⤵
        
        PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55393.exe
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23261.exe
        6⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        7⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46054.exe
        7⤵
        
        PID:13084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-464.exe
        7⤵
        
        PID:18032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61745.exe
        6⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31010.exe
        6⤵
        
        PID:13672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29900.exe
        6⤵
        
        PID:18100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62898.exe
        5⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18935.exe
        6⤵
        
        PID:14952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15328.exe
        5⤵
        
        PID:9532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58710.exe
        5⤵
        
        PID:14812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6070.exe
        5⤵
        
        PID:8344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23630.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62535.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:64
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24575.exe
        6⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8918.exe
        7⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10766.exe
        8⤵
        
        PID:15040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57678.exe
        7⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53541.exe
        7⤵
        
        PID:14424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18793.exe
        6⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56158.exe
        7⤵
        
        PID:17480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59929.exe
        6⤵
        
        PID:9576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59397.exe
        6⤵
        
        PID:14528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21045.exe
        5⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36739.exe
        6⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2214.exe
        7⤵
        
        PID:15688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40033.exe
        6⤵
        
        PID:10292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2996.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        6⤵
        
        PID:17840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52565.exe
        5⤵
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30803.exe
        6⤵
        
        PID:14660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
        5⤵
        
        PID:10520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19952.exe
        5⤵
        
        PID:13668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28659.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23261.exe
        6⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30803.exe
        7⤵
        
        PID:14440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-780.exe
        6⤵
        
        PID:10084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26646.exe
        6⤵
        
        PID:15560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9473.exe
        5⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10766.exe
        6⤵
        
        PID:15208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25647.exe
        6⤵
        
        PID:18484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46909.exe
        5⤵
        
        PID:11040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59406.exe
        5⤵
        
        PID:14416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27697.exe
      4⤵
      PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19177.exe
        5⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10958.exe
        6⤵
        
        PID:15876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-780.exe
        5⤵
        
        PID:10016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        5⤵
        
        PID:17348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30067.exe
      4⤵
      PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47612.exe
      4⤵
      PID:9696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48909.exe
      4⤵
      PID:14892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15448.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15448.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1629.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4870.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65119.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12685.exe
        6⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21812.exe
        7⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7258.exe
        8⤵
        
        PID:16248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
        7⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54737.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59582.exe
        6⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
        6⤵
        
        PID:10652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62514.exe
        6⤵
        
        PID:15496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61590.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
        6⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30195.exe
        7⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43895.exe
        8⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        9⤵
        
        PID:16692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        8⤵
        
        PID:11328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        8⤵
        
        PID:17472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24138.exe
        8⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59826.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45121.exe
        7⤵
        
        PID:13616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19369.exe
        7⤵
        
        PID:14676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2904.exe
        7⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32093.exe
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64315.exe
        7⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 464
        8⤵
        Program crash
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 420
        8⤵
        Program crash
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        7⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        7⤵
        
        PID:17512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48585.exe
        6⤵
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28706.exe
        6⤵
        
        PID:13188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34804.exe
        6⤵
        
        PID:18220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49965.exe
        5⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51767.exe
        6⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57299.exe
        7⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        8⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        8⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22228.exe
        8⤵
        
        PID:18396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52094.exe
        7⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
        7⤵
        
        PID:13656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51657.exe
        6⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64118.exe
        6⤵
        
        PID:12328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        6⤵
        
        PID:16960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52042.exe
        5⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36999.exe
        6⤵
        
        PID:16996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29588.exe
        5⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-381.exe
        5⤵
        
        PID:13604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        5⤵
        
        PID:17832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64591.exe
        5⤵
        
        PID:8832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17677.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8902.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28467.exe
        6⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9857.exe
        7⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28477.exe
        8⤵
        
        PID:15220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        7⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18373.exe
        7⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        7⤵
        
        PID:18164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44694.exe
        6⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        7⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        7⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-464.exe
        7⤵
        
        PID:18048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11968.exe
        6⤵
        
        PID:9684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53978.exe
        6⤵
        
        PID:13744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10535.exe
        6⤵
        
        PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12109.exe
        5⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15550.exe
        6⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36999.exe
        7⤵
        
        PID:17004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11445.exe
        6⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12892.exe
        6⤵
        
        PID:13972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34884.exe
        5⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21607.exe
        6⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
        6⤵
        
        PID:11240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12508.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18895.exe
        6⤵
        
        PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31046.exe
        5⤵
        
        PID:9968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28976.exe
        5⤵
        
        PID:13660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40225.exe
        5⤵
        
        PID:888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39529.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11554.exe
        5⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52307.exe
        6⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28831.exe
        7⤵
        
        PID:17196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63770.exe
        6⤵
        
        PID:9680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19716.exe
        6⤵
        
        PID:13560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        6⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53495.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16873.exe
        5⤵
        
        PID:7280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34243.exe
        6⤵
        
        PID:9624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34377.exe
        6⤵
        
        PID:13732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59561.exe
        6⤵
        
        PID:18160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16628.exe
        5⤵
        
        PID:10244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31010.exe
        5⤵
        
        PID:13724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29900.exe
        5⤵
        
        PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39878.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15550.exe
        5⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
        6⤵
        
        PID:9348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9105.exe
        6⤵
        
        PID:13252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42649.exe
        6⤵
        
        PID:18408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44361.exe
        5⤵
        
        PID:9608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51342.exe
        5⤵
        
        PID:14392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
      4⤵
      PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
        5⤵
        
        PID:15444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34817.exe
      4⤵
      PID:10056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23066.exe
      4⤵
      PID:7824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37488.exe
      4⤵
      PID:7848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52868.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62239.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49167.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3002.exe
        6⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25727.exe
        7⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30299.exe
        8⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39931.exe
        9⤵
        
        PID:16420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        8⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15160.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62160.exe
        8⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        7⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2214.exe
        8⤵
        
        PID:16100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10292.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1556.exe
        7⤵
        
        PID:17444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
        6⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45675.exe
        7⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34243.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50906.exe
        8⤵
        
        PID:13512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26888.exe
        8⤵
        
        PID:18308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4393.exe
        7⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12508.exe
        7⤵
        
        PID:14828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30962.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14185.exe
        6⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14549.exe
        7⤵
        
        PID:16892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14878.exe
        7⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28592.exe
        6⤵
        
        PID:13228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64346.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:18264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65125.exe
        6⤵
        
        PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56650.exe
        5⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51767.exe
        6⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64315.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 436
        8⤵
        Program crash
        
        PID:8928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 420
        8⤵
        Program crash
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        7⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
        7⤵
        
        PID:15820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22109.exe
        6⤵
        
        PID:9372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28592.exe
        6⤵
        
        PID:13112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1933.exe
        6⤵
        
        PID:18128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9420.exe
        5⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58363.exe
        6⤵
        
        PID:9300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        6⤵
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
        6⤵
        
        PID:18228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31046.exe
        5⤵
        
        PID:9936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10092.exe
        5⤵
        
        PID:4440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-137.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
        5⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        6⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1518.exe
        7⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60174.exe
        7⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36925.exe
        7⤵
        
        PID:15404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38201.exe
        6⤵
        
        PID:8728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50801.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31010.exe
        6⤵
        
        PID:13708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42617.exe
        5⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45675.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        7⤵
        
        PID:15632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8477.exe
        6⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12508.exe
        6⤵
        
        PID:14800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6052.exe
        5⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22443.exe
        6⤵
        
        PID:15260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12073.exe
        5⤵
        
        PID:11396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58821.exe
        5⤵
        
        PID:15752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4848.exe
      4⤵
      PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55851.exe
        5⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43681.exe
        6⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        7⤵
        
        PID:16272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55758.exe
        6⤵
        
        PID:12584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9532.exe
        6⤵
        
        PID:17768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        5⤵
        
        PID:10708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11393.exe
      4⤵
      PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64315.exe
        5⤵
        
        PID:7724
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 444
        6⤵
        Program crash
        
        PID:8916
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 444
        6⤵
        Program crash
        
        PID:8964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        5⤵
        
        PID:11428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        5⤵
        
        PID:17432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4752.exe
      4⤵
      PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56158.exe
        5⤵
        
        PID:17456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51938.exe
      4⤵
      PID:12632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
      4⤵
      PID:17860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37278.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52867.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        5⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7958.exe
        6⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        7⤵
        
        PID:16304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23505.exe
        6⤵
        
        PID:10600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25336.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54590.exe
        5⤵
        
        PID:7912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38327.exe
        6⤵
        
        PID:9596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50906.exe
        6⤵
        
        PID:13520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26888.exe
        6⤵
        
        PID:18348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28880.exe
        5⤵
        
        PID:10272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8861.exe
        5⤵
        
        PID:13952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29132.exe
        5⤵
        
        PID:544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exe
      4⤵
      PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        5⤵
        
        PID:16288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50969.exe
      4⤵
      PID:10300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53539.exe
      4⤵
      PID:13392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6070.exe
      4⤵
      PID:8268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4056.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4056.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55446.exe
      4⤵
      PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        5⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        6⤵
        
        PID:9224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        6⤵
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30396.exe
        6⤵
        
        PID:17832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10343.exe
        6⤵
        
        PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35949.exe
        5⤵
        
        PID:10316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2996.exe
        5⤵
        
        PID:13916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8186.exe
        5⤵
        
        PID:18692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3468.exe
      4⤵
      PID:9208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16645.exe
      4⤵
      PID:12872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60269.exe
      4⤵
      PID:18172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35481.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35481.exe
    3⤵
    PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40823.exe
      4⤵
      PID:7248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30803.exe
        5⤵
        
        PID:14372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
      4⤵
      PID:9308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2996.exe
      4⤵
      PID:13844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
      4⤵
      PID:18112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5562.exe
    3⤵
    PID:8048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
      4⤵
      PID:16804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16284.exe
    3⤵
    PID:10532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4909.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4909.exe
    3⤵
    PID:15316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38951.exe
    3⤵
    PID:18292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17036.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17036.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31230.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31230.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1629.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62239.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65311.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 720
        7⤵
        Program crash
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64626.exe
        6⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42041.exe
        7⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        8⤵
        
        PID:16832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
        7⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58821.exe
        7⤵
        
        PID:15772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36383.exe
        7⤵
        
        PID:8628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
        6⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        7⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49754.exe
        7⤵
        
        PID:13344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34440.exe
        6⤵
        
        PID:10608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6001.exe
        6⤵
        
        PID:14380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59019.exe
        6⤵
        
        PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11938.exe
        6⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51767.exe
        7⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61383.exe
        8⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26911.exe
        9⤵
        
        PID:15896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        8⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        8⤵
        
        PID:17412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21916.exe
        7⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64118.exe
        7⤵
        
        PID:12340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53717.exe
        6⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
        7⤵
        
        PID:16592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14237.exe
        6⤵
        
        PID:11036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13512.exe
        6⤵
        
        PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22144.exe
        5⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51767.exe
        6⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43895.exe
        7⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
        8⤵
        
        PID:17016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        7⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        7⤵
        
        PID:17464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8312.exe
        6⤵
        
        PID:10344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
        6⤵
        
        PID:15264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52042.exe
        5⤵
        
        PID:6816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        6⤵
        
        PID:16772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16473.exe
        5⤵
        
        PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39943.exe
        5⤵
        
        PID:15196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27642.exe
        5⤵
        
        PID:18552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17677.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        6⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
        7⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36999.exe
        8⤵
        
        PID:16980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59929.exe
        7⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21025.exe
        7⤵
        
        PID:15032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12078.exe
        7⤵
        
        PID:9156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48.exe
        6⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23403.exe
        7⤵
        
        PID:16580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18321.exe
        6⤵
        
        PID:10692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13512.exe
        6⤵
        
        PID:15488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8025.exe
        5⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16703.exe
        6⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29391.exe
        7⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        7⤵
        
        PID:13288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-464.exe
        7⤵
        
        PID:18088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40240.exe
        7⤵
        
        PID:18088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52670.exe
        6⤵
        
        PID:10096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25336.exe
        6⤵
        
        PID:14352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
        6⤵
        
        PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26524.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        6⤵
        
        PID:16636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14325.exe
        5⤵
        
        PID:10256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-196.exe
        5⤵
        
        PID:13960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        5⤵
        
        PID:18240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5016.exe
        5⤵
        
        PID:8880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2964.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55446.exe
        5⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17139.exe
        7⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        7⤵
        
        PID:13148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21268.exe
        7⤵
        
        PID:18156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48394.exe
        6⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2996.exe
        6⤵
        
        PID:13820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61471.exe
        6⤵
        
        PID:18504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1968.exe
        5⤵
        
        PID:8224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46947.exe
        6⤵
        
        PID:14652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
        5⤵
        
        PID:11464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58821.exe
        5⤵
        
        PID:15744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64766.exe
      4⤵
      PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11274.exe
        5⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28343.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
        6⤵
        
        PID:14920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
        5⤵
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47921.exe
        5⤵
        
        PID:13896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
        5⤵
        
        PID:7456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
      4⤵
      PID:6156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        5⤵
        
        PID:8932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        5⤵
        
        PID:13268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45581.exe
        5⤵
        
        PID:17968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33731.exe
      4⤵
      PID:10664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64489.exe
      4⤵
      PID:15348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30783.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45519.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49167.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3002.exe
        6⤵
        Executes dropped EXE
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25727.exe
        7⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12810.exe
        8⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        9⤵
        
        PID:17184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57294.exe
        8⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25336.exe
        8⤵
        
        PID:12964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20054.exe
        8⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
        7⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10292.exe
        7⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        7⤵
        
        PID:16928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48059.exe
        7⤵
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
        6⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
        7⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        8⤵
        
        PID:16296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        7⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34150.exe
        7⤵
        
        PID:17124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
        7⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15180.exe
        6⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        7⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        7⤵
        
        PID:12148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18144.exe
        7⤵
        
        PID:18272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47190.exe
        6⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45313.exe
        6⤵
        
        PID:13716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40225.exe
        6⤵
        
        PID:18080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12608.exe
        6⤵
        
        PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31464.exe
        5⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
        6⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63667.exe
        7⤵
        
        PID:15860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60174.exe
        6⤵
        
        PID:10680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16312.exe
        6⤵
        
        PID:15480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37190.exe
        5⤵
        
        PID:8852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe
        5⤵
        
        PID:12112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38777.exe
        5⤵
        
        PID:14484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-137.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60563.exe
        5⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        6⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5986.exe
        7⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
        7⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12508.exe
        7⤵
        
        PID:14836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57854.exe
        6⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        7⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        7⤵
        
        PID:17496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exe
        6⤵
        
        PID:11388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1949.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25897.exe
        5⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30299.exe
        6⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14549.exe
        7⤵
        
        PID:17264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
        6⤵
        
        PID:8604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15160.exe
        6⤵
        
        PID:14996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4599.exe
        6⤵
        
        PID:18524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3740.exe
        5⤵
        
        PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59338.exe
        5⤵
        
        PID:12368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18038.exe
        5⤵
        
        PID:17544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
      4⤵
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50999.exe
        5⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
        6⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14549.exe
        7⤵
        
        PID:17176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43275.exe
        7⤵
        
        PID:7316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52582.exe
        6⤵
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4060.exe
        6⤵
        
        PID:15868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63438.exe
        5⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27487.exe
        6⤵
        
        PID:15780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6504.exe
        5⤵
        
        PID:12956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19819.exe
        5⤵
        
        PID:18420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52042.exe
      4⤵
      PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        5⤵
        
        PID:8700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        5⤵
        
        PID:11352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38565.exe
        5⤵
        
        PID:18428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16473.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39943.exe
      4⤵
      PID:15188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
      4⤵
      PID:8096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64277.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32255.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60563.exe
        5⤵
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        6⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30299.exe
        7⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6573.exe
        8⤵
        
        PID:17556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        7⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2525.exe
        7⤵
        
        PID:15572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8320.exe
        6⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        7⤵
        
        PID:15608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4393.exe
        6⤵
        
        PID:12648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56185.exe
        6⤵
        
        PID:17788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38235.exe
        6⤵
        
        PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25897.exe
        5⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8918.exe
        6⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10766.exe
        7⤵
        
        PID:15116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8477.exe
        6⤵
        
        PID:11172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12508.exe
        6⤵
        
        PID:14880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
        6⤵
        
        PID:512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
        5⤵
        
        PID:7732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30803.exe
        6⤵
        
        PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
        5⤵
        
        PID:11488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54737.exe
        5⤵
        
        PID:15712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64818.exe
      4⤵
      PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51767.exe
        5⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
        6⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30803.exe
        7⤵
        
        PID:13424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        6⤵
        
        PID:11472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34150.exe
        6⤵
        
        PID:16944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52919.exe
        6⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16437.exe
        5⤵
        
        PID:8540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        6⤵
        
        PID:16708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
        5⤵
        
        PID:11724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6993.exe
        5⤵
        
        PID:16080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51413.exe
      4⤵
      PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13822.exe
        5⤵
        
        PID:9564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49754.exe
        5⤵
        
        PID:13352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
        5⤵
        
        PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31046.exe
      4⤵
      PID:9976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28976.exe
      4⤵
      PID:13684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40225.exe
      4⤵
      PID:17884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7677.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48119.exe
      4⤵
      PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51767.exe
        5⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43895.exe
        6⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        6⤵
        
        PID:11412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34150.exe
        6⤵
        
        PID:16936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9961.exe
        5⤵
        
        PID:8492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26719.exe
        6⤵
        
        PID:15436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35477.exe
        5⤵
        
        PID:13240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32178.exe
        5⤵
        
        PID:18236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30962.exe
        5⤵
        
        PID:6848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
      4⤵
      PID:7084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54279.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9105.exe
        5⤵
        
        PID:13040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45581.exe
        5⤵
        
        PID:17988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25180.exe
      4⤵
      PID:9992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31010.exe
      4⤵
      PID:13624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28023.exe
      4⤵
      PID:7572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10024.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10024.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17943.exe
      4⤵
      PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64699.exe
        5⤵
        
        PID:8000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        6⤵
        
        PID:16280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1143.exe
        6⤵
        
        PID:392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52582.exe
        5⤵
        
        PID:8256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        5⤵
        
        PID:17504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34849.exe
      4⤵
      PID:9080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54539.exe
        5⤵
        
        PID:14852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59789.exe
      4⤵
      PID:13016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
      4⤵
      PID:18012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35201.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35201.exe
    3⤵
    PID:6936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30403.exe
      4⤵
      PID:8716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1254.exe
        5⤵
        
        PID:15108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7517.exe
      4⤵
      PID:14572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28616.exe
      4⤵
      PID:18352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22962.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22962.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
    3⤵
    PID:12280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64686.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64686.exe
    3⤵
    PID:16992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21015.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21015.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1629.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62239.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61035.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        6⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36163.exe
        7⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49323.exe
        8⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14549.exe
        9⤵
        
        PID:17052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13573.exe
        8⤵
        
        PID:12484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6276.exe
        8⤵
        
        PID:18416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
        8⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
        7⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30803.exe
        8⤵
        
        PID:14492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4200.exe
        7⤵
        
        PID:11652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
        7⤵
        
        PID:16520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57714.exe
        6⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        7⤵
        
        PID:15600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25647.exe
        7⤵
        
        PID:18512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53577.exe
        6⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53978.exe
        6⤵
        
        PID:13768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29132.exe
        6⤵
        
        PID:17992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53718.exe
        5⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56391.exe
        6⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35727.exe
        7⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2022.exe
        8⤵
        
        PID:15372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        7⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        7⤵
        
        PID:16840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5877.exe
        6⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51223.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9628.exe
        6⤵
        
        PID:12968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10413.exe
        6⤵
        
        PID:18096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2212.exe
        5⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25743.exe
        6⤵
        
        PID:8452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17657.exe
        6⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-464.exe
        6⤵
        
        PID:18076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31098.exe
        5⤵
        
        PID:8608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
        5⤵
        
        PID:11964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
        5⤵
        
        PID:17268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54574.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28467.exe
        5⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21812.exe
        6⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6645.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30232.exe
        6⤵
        
        PID:15392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37677.exe
        5⤵
        
        PID:7160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        6⤵
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        6⤵
        
        PID:12232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58985.exe
        6⤵
        
        PID:17760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54153.exe
        5⤵
        
        PID:10028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
        5⤵
        
        PID:13832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15771.exe
        5⤵
        
        PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13784.exe
      4⤵
      PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59145.exe
        5⤵
        
        PID:8564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59775.exe
        6⤵
        
        PID:14444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12073.exe
        5⤵
        
        PID:11376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58821.exe
        5⤵
        
        PID:15764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12353.exe
      4⤵
      PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        5⤵
        
        PID:9240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        5⤵
        
        PID:13296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38565.exe
        5⤵
        
        PID:18416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57308.exe
        5⤵
        
        PID:10936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63605.exe
      4⤵
      PID:10088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5809.exe
      4⤵
      PID:13892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30431.exe
      4⤵
      PID:18300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17677.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-734.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39707.exe
        6⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60231.exe
        7⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        7⤵
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
        7⤵
        
        PID:16132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22109.exe
        6⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28592.exe
        6⤵
        
        PID:13104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46665.exe
        6⤵
        
        PID:18060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        5⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
        6⤵
        
        PID:16572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25180.exe
        5⤵
        
        PID:9984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58062.exe
        5⤵
        
        PID:13640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56761.exe
        5⤵
        
        PID:18072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6451.exe
        5⤵
        
        PID:8396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8025.exe
      4⤵
      PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37123.exe
        5⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
        6⤵
        
        PID:10636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11409.exe
        6⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        5⤵
        
        PID:10168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
        5⤵
        
        PID:14072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64019.exe
        5⤵
        
        PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39737.exe
      4⤵
      PID:7484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20123.exe
        5⤵
        
        PID:11968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47382.exe
      4⤵
      PID:10336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-196.exe
      4⤵
      PID:13856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47829.exe
      4⤵
      PID:5236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15024.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15024.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18497.exe
      4⤵
      PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18513.exe
        5⤵
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35079.exe
        6⤵
        
        PID:15848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59789.exe
        5⤵
        
        PID:13072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27134.exe
        5⤵
        
        PID:18116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19805.exe
      4⤵
      PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        5⤵
        
        PID:16748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
        5⤵
        
        PID:6224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
      4⤵
      PID:11868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
      4⤵
      PID:17032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
      4⤵
      PID:8528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3313.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3313.exe
    3⤵
    PID:5912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15550.exe
      4⤵
      PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62255.exe
        5⤵
        
        PID:9000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        5⤵
        
        PID:13140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21268.exe
        5⤵
        
        PID:18140
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 18140 -s 236
        6⤵
        Program crash
        
        PID:17836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41740.exe
        5⤵
        
        PID:8804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe
      4⤵
      PID:10036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31776.exe
      4⤵
      PID:13648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
      4⤵
      PID:17612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64595.exe
      4⤵
      PID:8284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3112.exe
    3⤵
    PID:6832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
      4⤵
      PID:9708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5981.exe
      4⤵
      PID:13596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59561.exe
      4⤵
      PID:17740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50578.exe
    3⤵
    PID:9324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45843.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45843.exe
    3⤵
    PID:13676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
    3⤵
    PID:17988
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58733.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58733.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12986.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31975.exe
        5⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52307.exe
        6⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13210.exe
        7⤵
        
        PID:14108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
        7⤵
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63578.exe
        6⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31776.exe
        6⤵
        
        PID:13580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        6⤵
        
        PID:17788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32882.exe
        6⤵
        
        PID:7576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        5⤵
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51399.exe
        6⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57922.exe
        6⤵
        
        PID:13364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42265.exe
        6⤵
        
        PID:17976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17448.exe
        5⤵
        
        PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54990.exe
        5⤵
        
        PID:11296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        5⤵
        
        PID:17076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3836.exe
      4⤵
      PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22876.exe
        5⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        6⤵
        
        PID:16312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5035.exe
        6⤵
        
        PID:9056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31638.exe
        5⤵
        
        PID:12520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-980.exe
        5⤵
        
        PID:17744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42966.exe
      4⤵
      PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56459.exe
        5⤵
        
        PID:16092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60454.exe
      4⤵
      PID:18168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60506.exe
      4⤵
      PID:8664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1289.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1289.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18497.exe
      4⤵
      PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe
        5⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36039.exe
        6⤵
        
        PID:16380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
        5⤵
        
        PID:15812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24636.exe
        5⤵
        
        PID:9024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19805.exe
      4⤵
      PID:8240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        5⤵
        
        PID:16256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
      4⤵
      PID:12144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
      4⤵
      PID:17044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30120.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30120.exe
    3⤵
    PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60667.exe
      4⤵
      PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        5⤵
        
        PID:16716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18653.exe
      4⤵
      PID:9744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48113.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
      4⤵
      PID:18120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36858.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36858.exe
    3⤵
    PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28343.exe
      4⤵
      PID:11212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
      4⤵
      PID:14872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22380.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22380.exe
    3⤵
    PID:9928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5809.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5809.exe
    3⤵
    PID:13532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28612.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28612.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37491.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37491.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
      4⤵
      PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        5⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        6⤵
        
        PID:16264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        5⤵
        
        PID:11496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
        5⤵
        
        PID:15904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15720.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2214.exe
        5⤵
        
        PID:15696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-117.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5832.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:17980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exe
    3⤵
    PID:7176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14549.exe
      4⤵
      PID:17128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55719.exe
      4⤵
      PID:8624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38525.exe
    3⤵
    PID:4780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5809.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5809.exe
    3⤵
    PID:13504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30431.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30431.exe
    3⤵
    PID:18288
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24277.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24277.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7470.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7470.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60475.exe
      4⤵
      PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19775.exe
        5⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65395.exe
        6⤵
        
        PID:17256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        5⤵
        
        PID:11456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61621.exe
        5⤵
        
        PID:15956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1445.exe
      4⤵
      PID:8952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
      4⤵
      PID:11952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6993.exe
      4⤵
      PID:16108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17065.exe
    3⤵
    PID:6460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42411.exe
      4⤵
      PID:9580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49754.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51009.exe
      4⤵
      PID:17676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48643.exe
      4⤵
      PID:7896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25180.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25180.exe
    3⤵
    PID:9908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37642.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37642.exe
    3⤵
    PID:13628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56761.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56761.exe
    3⤵
    PID:17676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36383.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36383.exe
    3⤵
    PID:18072
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27851.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27851.exe
  2⤵
  PID:6052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50942.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50942.exe
    3⤵
    PID:8688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1400.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:11756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20085.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20085.exe
    3⤵
    PID:16644
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47648.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47648.exe
  2⤵
  PID:6896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47139.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47139.exe
    3⤵
    PID:13552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61582.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61582.exe
  2⤵
  PID:9952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-209.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-209.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:13548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26455.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26455.exe
  2⤵
  PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2940 -ip 2940
1⤵
PID:2108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 6908 -ip 6908
1⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 7868 -ip 7868
1⤵
PID:8672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 7844 -ip 7844
1⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 7724 -ip 7724
1⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 7868 -ip 7868
1⤵
PID:1344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 7724 -ip 7724
1⤵
PID:3880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 7844 -ip 7844
1⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 18140 -ip 18140
1⤵
PID:17564

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
- Modifies data under HKEY_USERS
PID:18112

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
- Modifies data under HKEY_USERS
PID:18116

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
- Suspicious behavior: AddClipboardFormatListener
PID:5888

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:12068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-137.exe

Filesize
184KB

MD5
768c651927e8b1fc0ab436f0f46cc5a9

SHA1
7ee36db4892c47a457f702fe04feb87b31a3e4f5

SHA256
12b3554e6040998d59644d3064b47e3b9d96ff1e79a2cb0aa9b5590d623e0200

SHA512
182dfe142ab6d694dc9f8f4bb7c2154289999635264f8b5a2e12308e0e3f7bf73ade9882aa4742097ccb5e70942dae5d2e6c0c5321bfa8224047d819c10706c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe

Filesize
184KB

MD5
7e4a4982eb0ac7d5917f51858a45fd7a

SHA1
55234dfef305da4502f7795e5d11ae77d88e16bb

SHA256
2282b30e887ec6f99064d64b9c389adad68727eec51fa1fe0dfed439871d1ad8

SHA512
a34dce86a1141fa2c8c85e108a1e7f7e08b1b2ce865f9c3df5db21316f47f9ea24623bd9858e80c552a79a787d503a4aff809f6a0205a5b53a7821e41b197abf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15448.exe

Filesize
184KB

MD5
71848d00d2eb9af61daf18edac4c7792

SHA1
9acd290919c1c7dbf4770d6963cdeb70b69abacc

SHA256
e36e288cc791248549720d9de9082b6856e3f394514801e8064773f05a4fc9d7

SHA512
d2840194df9465a4bd8a8b4010ab5bf40a7e8880196dd22789b5f1936be1954193901cbc6f63187c0d97bd268da2d2b07cc3a0c72812acc04aae61d45da4e351

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1629.exe

Filesize
184KB

MD5
231e310fd85c03a04f860538a783fb24

SHA1
08e11c5681c71121bd96dd53a45dcf79af16c84d

SHA256
f198a8754876763f525f9f1373ef84945893b5872a25cab7ed586c56ee0f2869

SHA512
6188e28b3724c1eb8d4d17fd42e0bccfd68a4177c5780bd63b0607cd75ec4e5ad0b40307ec5cf178a5637f83fcc9fd63c2e97a497258e9d4da23cd902d611106

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17036.exe

Filesize
184KB

MD5
75b44a66705c034df35484d83962db56

SHA1
9d5a09602a210fe0ed0c2fb826c7480947f35ffe

SHA256
3888b3caa11bbbaddec58ba6802c0a6ab708b6e3e8d590056b8bacfb0db56c08

SHA512
47e4ca7283ded9ede10b65614edcc335f04090bd284f7d1f58fe19258ff0334a66d6738d69bfa37ed5530aec2a01b65048d18da592ee3934c1f5e2affe72477d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17677.exe

Filesize
184KB

MD5
8b54aaf3db7bb119d3d96acd70271abc

SHA1
6195747523e528488ace2922721950687001ec34

SHA256
d6c7dbb356a1deed800919c791edefdae07779f03b0a106659bd9a27a5ba83b7

SHA512
b273d6402160800aaa63348eec19bfe6c0f541aba5006e9c79ce63a0c0268a76b4522fabb648b6d2b44c0e3949daaf2cd67187e781818b2b7d624bd0220610e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21015.exe

Filesize
184KB

MD5
6ccf776a1f8ba5d620005d1cfa830798

SHA1
901212e557c4ca8e32e73f8e4190fc76d887eeb7

SHA256
ba2fb16c7e724696c48dd6dc86ae6e4176da98c2c8e6471f8cbd9dc059c06636

SHA512
ff69e7ff8d6917c0d1aff1ab3857ea93176ec90df9ba2c8a0b9342eb94b0370496eabfb4456738f76337ba26c6be42c6dd05eb740445784aaaf5a7398690c4c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe

Filesize
184KB

MD5
de0c0f668a521abf7171ceb3ac3b70c9

SHA1
0e9ea47cbe0b1cad98e27d33c006325baa5231a2

SHA256
755b09630babd65570eb07064c73bb2f3f9938152318a2e1a830cab260e3d355

SHA512
93efe309dab99bc0a248c9c5485a178da3bd53ed73bb14d0f285b8dbcf1d191ed4f02f8fa1ef652e6d8623f3321e410efe9a005f27a94ba2c449808b23320d3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23436.exe

Filesize
184KB

MD5
39d6eeebfa2c0416edb09afdcd9b9a18

SHA1
ddb84c3447c1933bd00b6b3fd339a899e91f0dc2

SHA256
1f28ade34d8980cb08b00f7ca77601d6b9d10e12dfcd74126b11e58a76a0f64d

SHA512
02d98b69029ee675caeea24ec9e5fa79a9b1c5a0bd2401a18547893a3f6a9f42d6577519d19bd6c40f887efeb2c97578c3c387b62bb7aa16d6e324e2c3479f2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23630.exe

Filesize
184KB

MD5
f5c9745a6c9c558b8dd74c55184a2d3a

SHA1
de89ea52895a3fa34277704a6d1aa451cdcbbd98

SHA256
0858edaa4c7137fa94c48eb18458d53061f9efd1861d3d3afac6d6056b11622a

SHA512
0a093eaa011e0a2a816745953354af5537ab0b48233de2e4e0af26c99a3a95e53fd912bdbaa18d9a4c93036f4097dad17ceeca5f7b936ff688dca9fa3323fde6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26001.exe

Filesize
184KB

MD5
9a974a3ec00afd07921fe54ba3766de2

SHA1
ad42b91f0bdea7daa1362960f84871232862b142

SHA256
76dce8eae7076727818efb209d537378dd53fb459153ef99eb94cfa39c0f4bd9

SHA512
18eb47da869f6972168db55ea468fb91eeef55094bf0f73966de6b17cf8858dd32e06cbbef230e7d0d637120d6af8aec5a8c06ec0e531172e86f47834f427bba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28612.exe

Filesize
184KB

MD5
2f0cc2257578fc4d93e88a0b66179e1b

SHA1
f0d76992006bdb6d942332cb7cb258ead82c2eb7

SHA256
6702a8b448a494d558636df1c23337278e9290c2f533969441986d3ee6a39ce4

SHA512
a8f2375d6c957235cbade6f6232bc42c6cc54c4615b0a6505f8adff5e2af1b2e34d61f859b62c666a73a973ec137600c0d385a350c7cfa7d5d9642fbd9a91227

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31230.exe

Filesize
184KB

MD5
4a714995b496b83f77623e322b24e41f

SHA1
64031a083adff8e3a7b4922dd145d2482adc94ed

SHA256
0df4b1958512481b983c11c0461dcb5e5c1eef61cb5bcd53bcf4af6ce0e4ae5b

SHA512
1017b2f308dfa1a6da7d7385804b2417f9f1cb8169d297249f5cfa37d692a290af8aae138a1405a6daa1614ba5f1bf100930f0e1437d2ed2a3af1df96cdcb55b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3474.exe

Filesize
184KB

MD5
74f69d60cbfe2ab8f4aa9ab5ccef7877

SHA1
8941b02a368a4875d9721648306096cd58312366

SHA256
92bae88e5d19bae832263abaf5972bcb92ed02c35a9d68a935ef557024f39241

SHA512
a7e6f325992ed8b202cd67a07d402c0ae5f974f6df5511be23ef0e66af8bba1934b16f66fda67f4230c4b5ac0422fe93cfad3b29d558637da08f4e7837aab1e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37278.exe

Filesize
184KB

MD5
422193c7de82e6f4eb1a356c474ed133

SHA1
3dff1934cb5f0b64ba5a4621d75a4450a580ad79

SHA256
8727195a8917d2ff9cccb44210489b96ac8dac24414403dbd2445bb140c84ec0

SHA512
a335125ee9c6d8bb44208c52fb5091b645640176d57e9d8a468b5e6d37911ce3fe036edc2d08c2f423970df77470602539799a6c97481afdc46ae171a32173f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe

Filesize
184KB

MD5
9ddc458a3cc33a410d2d7c139414fa59

SHA1
0dcdea136c1049f59956fc331c3bc21d5978ae01

SHA256
83881b0abb19cb4f6a83a592f5c0d91c25a863a847372bdc93820c331e81837f

SHA512
8195403e7b21b022dbd468339cf32cee2c17beed9dbee7da1b682e300b7aeed696fb9acb26641f126cc9c7939d6f10700f12dfda02a7eee2c1d1c73285fd15f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45070.exe

Filesize
184KB

MD5
c07e1404c05f6b4a6d89a906974e5207

SHA1
e0f5548db4b98481c0a539d71a7234189c96cbe1

SHA256
1b3485c48fc522adb773718dd8e51ced290b5c8be261ea176af1fa603bc95582

SHA512
456317b806a6acc0159667c2eedf3d5444081366270aa0014a3f018ec7378f69d61ba47daf5fa41747cab7d833754bbf22eec41afeb957cfa639a9622cce58f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45519.exe

Filesize
184KB

MD5
4385f409675da632f5d1bbfb1fb9d45c

SHA1
3b04d8c4c0516419466a6c128659c4fae2a7144e

SHA256
b807be2d3aeec68fa4894991d2c2e06c339e813e873c6420f759a19acceee2a8

SHA512
6d66e38fab099b827920262e0d6d124b53a0603cfa567b0ecdb191ccf1de3ffecbe9d45909a010b0f402e91ed0fb4081c132b25ad98255f37ddfdd905f4e2098

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4870.exe

Filesize
184KB

MD5
6f5a84420850312db5a7e36bc721a8d0

SHA1
91e16aede2f55467e0358d96295b160c5ec12d04

SHA256
a2461d02b4cbe74b05d4d6b9360d8c3ff7af34d6d82b8ce161b05c9a08611f47

SHA512
1f411256c4b15323a554ba65c13c7014a1e6d9451283b6202f55670b93f987a2ec3ad6a26e77d0ce8cf6b7bcac708247d56ffc2bd6f569ad224f77e6054de9ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49167.exe

Filesize
184KB

MD5
c5b130e17ce0964f54f91f145973d0f9

SHA1
4963fd39daa35702eb929965e89b414ef4cb38aa

SHA256
3614178d0fb441995c0e80e9980c0e93b73ca0337684d8ea353f2f87a892ff3b

SHA512
723bfec5c42b3ad371fd34768ed3a7b175e4a554647e66b510d8d3192aa686a8514099eb62c8270c8e2590e4f0b1afe1ff846cde336c840c045d464b23f37dab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52868.exe

Filesize
184KB

MD5
78f385505f1da0f5f320465a9426fec9

SHA1
376714b48e4f6daa6e168dcaeda3c8bbd70bef86

SHA256
806bf79e382fc52e02c5012eb0359cda5031c5b78066e9d7270f0e292d4bcea7

SHA512
e1ed2fb230a9ed95f1dc6a74d4de05139b13a1b95534929449c344aa2c9b204db23d08f5a708962fab53198abb0b642da53fd5b8526e6648f995fb87574be2a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54746.exe

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58733.exe

Filesize
184KB

MD5
5d69c1fa8e6656508461b6d682eb19d1

SHA1
6292cfb237f11b66031f1432ef59795652d96b33

SHA256
39a8585b450f2812797afe9be46da2ed29d0721bc41f49599eb826088db3b3cc

SHA512
44baa240f60acbd69ec7a9832ac187b4870f69a3bb0ba7905c645cdc657a39ccc3dc3d28ce0411324073923812f12654b02e05c4029b77224e496b6ede633adb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61590.exe

Filesize
184KB

MD5
e56aae242f826c8bd99c9729a2a06287

SHA1
a3da906c21f82d41ec5a4c6bd3ab0be340f8cdc7

SHA256
fb9080d1e606c4e8472883d9be4eb1674cf8d29535fd20d86c6851c0b38c156f

SHA512
84a1d845e82ad862b035c0de603c746c8c478c9532bd1a0c433e46578fb25bdb6e094605af772b3e0bf025a05b87f07c208106b33678f532005826b5c939ba82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62239.exe

Filesize
184KB

MD5
d646e8c9ab9a3d2ec7301f2522c36389

SHA1
545688567f98b783850c182160eb38a185d4ef07

SHA256
2193b866838731f7fcfeed2f4cc73666019b1a05bcabeba023174cfe27a99f02

SHA512
ab6f17f019d1fb7c8cc1d4e85361f26c5ac5e6c1724ce478db4e5fdf17c1acb1f4fe187fec43a7eb87e39fafa798dad9e4d00fdb6186326d9a038d6919cfc2a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64277.exe

Filesize
184KB

MD5
4f6390617331710f742ddc8092d5a680

SHA1
657ae028c5864a98a11ffa96d661bed8c91e801e

SHA256
bc0f72893bc6d65f3eb9b0b5f39f51a656c68f8c4d0ef671f17294e7eba07525

SHA512
a5aa7e03a47260843aa24262b59a0c38f679b3f07ed6f5e36a9cc1c77607f793648d66ea33e92ce0cb70c990f3f3c4d41067e285e36d213b26fc27f696cf7d06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65119.exe

Filesize
184KB

MD5
91450af6c55e300c1958ac77aa17b27e

SHA1
5a8cf2380f58f3864d54de6c6b5aca683a6540e6

SHA256
8f110fc060e2dbfa883c9073a07443b455893b172eea249ab4101d107c1b6cec

SHA512
029d79e36727d813c8e4609dbe8be761bff84e2b3a380d8e41214fd75a4b73de10c5b305af134578456dbcea588b4c06f1bfb9312ec445d90a3b7fbf53d6fe2e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads