cbf2f40687004fe553d644a8bbcc6943637622c5bcb24afe938a22bf1c1d7f57

Analysis

max time kernel
116s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 19:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b74ab199ca881abb1ea92f564522c50N.exe
Size

468KB
MD5

0b74ab199ca881abb1ea92f564522c50
SHA1

56bf327b541a1218746b7f05b26cde7e79789504
SHA256

cbf2f40687004fe553d644a8bbcc6943637622c5bcb24afe938a22bf1c1d7f57
SHA512

6203ac70880dd51be857dd81fa929b002fe2e5f31933de1bf3818358805d6a3c6abd86f6cdd4e48b00dc95e3983b4f4c87cd8368d678f16d404f7eb22073e99f
SSDEEP

3072:FbedovI76q5yubYUPYmh6f8g/EbCP3pAqmHexVokinl7x9jcrSlS:Fb0oVuyuPPrh6fFZDdinBrjcr

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4332	Unicorn-5726.exe
1736	Unicorn-58025.exe
1444	Unicorn-42243.exe
3304	Unicorn-37255.exe
4852	Unicorn-21473.exe
4944	Unicorn-41339.exe
2640	Unicorn-22956.exe
3952	Unicorn-28655.exe
4676	Unicorn-11572.exe
3772	Unicorn-30047.exe
4980	Unicorn-3404.exe
396	Unicorn-49076.exe
456	Unicorn-23560.exe
4492	Unicorn-62811.exe
3324	Unicorn-29061.exe
972	Unicorn-12624.exe
3708	Unicorn-48111.exe
2812	Unicorn-26107.exe
224	Unicorn-23415.exe
1540	Unicorn-19331.exe
4388	Unicorn-23969.exe
1156	Unicorn-46528.exe
1504	Unicorn-35667.exe
2244	Unicorn-29180.exe
884	Unicorn-856.exe
516	Unicorn-15146.exe
4020	Unicorn-29445.exe
3712	Unicorn-20514.exe
4164	Unicorn-4125.exe
1604	Unicorn-57431.exe
2320	Unicorn-30524.exe
216	Unicorn-62.exe
4528	Unicorn-62070.exe
552	Unicorn-36819.exe
3552	Unicorn-12122.exe
3604	Unicorn-5992.exe
3996	Unicorn-46118.exe
3240	Unicorn-8422.exe
2052	Unicorn-47317.exe
2036	Unicorn-47317.exe
1688	Unicorn-24494.exe
3144	Unicorn-8977.exe
2836	Unicorn-45271.exe
4328	Unicorn-11136.exe
5116	Unicorn-11136.exe
776	Unicorn-33695.exe
948	Unicorn-2968.exe
3520	Unicorn-58199.exe
2308	Unicorn-42417.exe
2360	Unicorn-31557.exe
1004	Unicorn-13174.exe
2504	Unicorn-36817.exe
724	Unicorn-14458.exe
2424	Unicorn-11691.exe
2196	Unicorn-3523.exe
1188	Unicorn-27912.exe
3696	Unicorn-34043.exe
1684	Unicorn-21599.exe
3688	Unicorn-62439.exe
1388	Unicorn-53509.exe
3164	Unicorn-50187.exe
4364	Unicorn-42573.exe
5044	Unicorn-27629.exe
3648	Unicorn-37835.exe

Program crash 9 IoCs

pid	pid_target	Process	procid_target
888	4944	WerFault.exe	94
10596	9664	WerFault.exe	434
10620	9776	WerFault.exe	443
10608	9656	WerFault.exe	433
10756	9640	WerFault.exe	431
13220	9776	WerFault.exe	443
13248	9664	WerFault.exe	434
13240	9656	WerFault.exe	433
10556	9640	WerFault.exe	431

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20334.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39091.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57883.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11078.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21094.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6419.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28567.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26093.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63617.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36949.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13243.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51821.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42023.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47670.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62387.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3678.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53866.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44711.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35251.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6419.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10270.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49143.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21359.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33991.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37451.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51987.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19010.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64618.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49143.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53534.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12807.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63020.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	2476	dwm.exe
Token: SeChangeNotifyPrivilege	2476	dwm.exe
Token: 33	2476	dwm.exe
Token: SeIncBasePriorityPrivilege	2476	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4912	0b74ab199ca881abb1ea92f564522c50N.exe
4332	Unicorn-5726.exe
1736	Unicorn-58025.exe
1444	Unicorn-42243.exe
4944	Unicorn-41339.exe
3304	Unicorn-37255.exe
4852	Unicorn-21473.exe
2640	Unicorn-22956.exe
3952	Unicorn-28655.exe
3772	Unicorn-30047.exe
4676	Unicorn-11572.exe
456	Unicorn-23560.exe
4492	Unicorn-62811.exe
396	Unicorn-49076.exe
4980	Unicorn-3404.exe
3324	Unicorn-29061.exe
972	Unicorn-12624.exe
3708	Unicorn-48111.exe
2812	Unicorn-26107.exe
224	Unicorn-23415.exe
1540	Unicorn-19331.exe
1156	Unicorn-46528.exe
516	Unicorn-15146.exe
3712	Unicorn-20514.exe
4020	Unicorn-29445.exe
884	Unicorn-856.exe
4388	Unicorn-23969.exe
1504	Unicorn-35667.exe
2244	Unicorn-29180.exe
4164	Unicorn-4125.exe
1604	Unicorn-57431.exe
2320	Unicorn-30524.exe
216	Unicorn-62.exe
4528	Unicorn-62070.exe
552	Unicorn-36819.exe
3552	Unicorn-12122.exe
3604	Unicorn-5992.exe
3996	Unicorn-46118.exe
3240	Unicorn-8422.exe
2052	Unicorn-47317.exe
2036	Unicorn-47317.exe
1688	Unicorn-24494.exe
3144	Unicorn-8977.exe
2836	Unicorn-45271.exe
5116	Unicorn-11136.exe
776	Unicorn-33695.exe
4328	Unicorn-11136.exe
2360	Unicorn-31557.exe
1004	Unicorn-13174.exe
3520	Unicorn-58199.exe
2504	Unicorn-36817.exe
948	Unicorn-2968.exe
2424	Unicorn-11691.exe
724	Unicorn-14458.exe
2308	Unicorn-42417.exe
2196	Unicorn-3523.exe
3696	Unicorn-34043.exe
1188	Unicorn-27912.exe
1684	Unicorn-21599.exe
1388	Unicorn-53509.exe
3164	Unicorn-50187.exe
3688	Unicorn-62439.exe
4364	Unicorn-42573.exe
3812	Unicorn-52133.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4912 wrote to memory of 4332	4912	0b74ab199ca881abb1ea92f564522c50N.exe	87
PID 4912 wrote to memory of 4332	4912	0b74ab199ca881abb1ea92f564522c50N.exe	87
PID 4912 wrote to memory of 4332	4912	0b74ab199ca881abb1ea92f564522c50N.exe	87
PID 4332 wrote to memory of 1736	4332	Unicorn-5726.exe	88
PID 4332 wrote to memory of 1736	4332	Unicorn-5726.exe	88
PID 4332 wrote to memory of 1736	4332	Unicorn-5726.exe	88
PID 4912 wrote to memory of 1444	4912	0b74ab199ca881abb1ea92f564522c50N.exe	89
PID 4912 wrote to memory of 1444	4912	0b74ab199ca881abb1ea92f564522c50N.exe	89
PID 4912 wrote to memory of 1444	4912	0b74ab199ca881abb1ea92f564522c50N.exe	89
PID 1736 wrote to memory of 3304	1736	Unicorn-58025.exe	92
PID 1736 wrote to memory of 3304	1736	Unicorn-58025.exe	92
PID 1736 wrote to memory of 3304	1736	Unicorn-58025.exe	92
PID 4332 wrote to memory of 4852	4332	Unicorn-5726.exe	93
PID 4332 wrote to memory of 4852	4332	Unicorn-5726.exe	93
PID 4332 wrote to memory of 4852	4332	Unicorn-5726.exe	93
PID 1444 wrote to memory of 4944	1444	Unicorn-42243.exe	94
PID 1444 wrote to memory of 4944	1444	Unicorn-42243.exe	94
PID 1444 wrote to memory of 4944	1444	Unicorn-42243.exe	94
PID 4912 wrote to memory of 2640	4912	0b74ab199ca881abb1ea92f564522c50N.exe	95
PID 4912 wrote to memory of 2640	4912	0b74ab199ca881abb1ea92f564522c50N.exe	95
PID 4912 wrote to memory of 2640	4912	0b74ab199ca881abb1ea92f564522c50N.exe	95
PID 1444 wrote to memory of 3952	1444	Unicorn-42243.exe	100
PID 1444 wrote to memory of 3952	1444	Unicorn-42243.exe	100
PID 1444 wrote to memory of 3952	1444	Unicorn-42243.exe	100
PID 3304 wrote to memory of 4676	3304	Unicorn-37255.exe	101
PID 3304 wrote to memory of 4676	3304	Unicorn-37255.exe	101
PID 3304 wrote to memory of 4676	3304	Unicorn-37255.exe	101
PID 4852 wrote to memory of 3772	4852	Unicorn-21473.exe	102
PID 4852 wrote to memory of 3772	4852	Unicorn-21473.exe	102
PID 4852 wrote to memory of 3772	4852	Unicorn-21473.exe	102
PID 2640 wrote to memory of 4980	2640	Unicorn-22956.exe	104
PID 2640 wrote to memory of 4980	2640	Unicorn-22956.exe	104
PID 2640 wrote to memory of 4980	2640	Unicorn-22956.exe	104
PID 1736 wrote to memory of 396	1736	Unicorn-58025.exe	103
PID 1736 wrote to memory of 396	1736	Unicorn-58025.exe	103
PID 1736 wrote to memory of 396	1736	Unicorn-58025.exe	103
PID 4912 wrote to memory of 456	4912	0b74ab199ca881abb1ea92f564522c50N.exe	106
PID 4912 wrote to memory of 456	4912	0b74ab199ca881abb1ea92f564522c50N.exe	106
PID 4912 wrote to memory of 456	4912	0b74ab199ca881abb1ea92f564522c50N.exe	106
PID 4332 wrote to memory of 4492	4332	Unicorn-5726.exe	105
PID 4332 wrote to memory of 4492	4332	Unicorn-5726.exe	105
PID 4332 wrote to memory of 4492	4332	Unicorn-5726.exe	105
PID 3952 wrote to memory of 3324	3952	Unicorn-28655.exe	109
PID 3952 wrote to memory of 3324	3952	Unicorn-28655.exe	109
PID 3952 wrote to memory of 3324	3952	Unicorn-28655.exe	109
PID 1444 wrote to memory of 972	1444	Unicorn-42243.exe	112
PID 1444 wrote to memory of 972	1444	Unicorn-42243.exe	112
PID 1444 wrote to memory of 972	1444	Unicorn-42243.exe	112
PID 3772 wrote to memory of 3708	3772	Unicorn-30047.exe	113
PID 3772 wrote to memory of 3708	3772	Unicorn-30047.exe	113
PID 3772 wrote to memory of 3708	3772	Unicorn-30047.exe	113
PID 4852 wrote to memory of 2812	4852	Unicorn-21473.exe	114
PID 4852 wrote to memory of 2812	4852	Unicorn-21473.exe	114
PID 4852 wrote to memory of 2812	4852	Unicorn-21473.exe	114
PID 4676 wrote to memory of 224	4676	Unicorn-11572.exe	115
PID 4676 wrote to memory of 224	4676	Unicorn-11572.exe	115
PID 4676 wrote to memory of 224	4676	Unicorn-11572.exe	115
PID 4980 wrote to memory of 1540	4980	Unicorn-3404.exe	116
PID 4980 wrote to memory of 1540	4980	Unicorn-3404.exe	116
PID 4980 wrote to memory of 1540	4980	Unicorn-3404.exe	116
PID 2640 wrote to memory of 4388	2640	Unicorn-22956.exe	117
PID 2640 wrote to memory of 4388	2640	Unicorn-22956.exe	117
PID 2640 wrote to memory of 4388	2640	Unicorn-22956.exe	117
PID 3304 wrote to memory of 1156	3304	Unicorn-37255.exe	118

C:\Users\Admin\AppData\Local\Temp\0b74ab199ca881abb1ea92f564522c50N.exe
"C:\Users\Admin\AppData\Local\Temp\0b74ab199ca881abb1ea92f564522c50N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4912
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5726.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5726.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58025.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37255.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11572.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23415.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12122.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1562.exe
        8⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
        9⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:9664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 436
        11⤵
        Program crash
        
        PID:10596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 456
        11⤵
        Program crash
        
        PID:13248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
        10⤵
        
        PID:14256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49187.exe
        10⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18426.exe
        9⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61318.exe
        9⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
        9⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
        9⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34187.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45387.exe
        9⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58117.exe
        10⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        9⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        9⤵
        
        PID:15836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe
        8⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19223.exe
        9⤵
        
        PID:17504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49092.exe
        8⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15616.exe
        8⤵
        
        PID:15712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47617.exe
        8⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39065.exe
        7⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48023.exe
        8⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26311.exe
        9⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59040.exe
        9⤵
        
        PID:13120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        9⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36709.exe
        8⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16611.exe
        8⤵
        
        PID:11492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24360.exe
        8⤵
        
        PID:17272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20399.exe
        8⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47923.exe
        7⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37219.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        8⤵
        
        PID:11112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        8⤵
        
        PID:15788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7281.exe
        8⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4281.exe
        7⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36342.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64618.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33957.exe
        7⤵
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46118.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        7⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15158.exe
        8⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34121.exe
        9⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        9⤵
        
        PID:11896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        9⤵
        
        PID:16272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14873.exe
        9⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
        8⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28148.exe
        8⤵
        
        PID:13372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63544.exe
        7⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24365.exe
        8⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58117.exe
        9⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
        8⤵
        
        PID:13480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11811.exe
        8⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe
        7⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        7⤵
        
        PID:12612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15616.exe
        7⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32651.exe
        7⤵
        
        PID:13324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24020.exe
        6⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60275.exe
        7⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9808.exe
        8⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13648.exe
        9⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29849.exe
        9⤵
        
        PID:14088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12552.exe
        9⤵
        
        PID:17864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exe
        8⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19246.exe
        8⤵
        
        PID:15876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45600.exe
        8⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35251.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
        7⤵
        
        PID:12068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13068.exe
        7⤵
        
        PID:16048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16891.exe
        7⤵
        
        PID:9024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52418.exe
        6⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55091.exe
        7⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
        7⤵
        
        PID:13472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11811.exe
        7⤵
        
        PID:17452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1766.exe
        7⤵
        
        PID:17656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61153.exe
        6⤵
        
        PID:8460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19807.exe
        6⤵
        
        PID:12596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        6⤵
        
        PID:9816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15934.exe
        6⤵
        
        PID:9208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47317.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34187.exe
        7⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56295.exe
        8⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
        9⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57260.exe
        9⤵
        
        PID:14836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55905.exe
        9⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        8⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11078.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45600.exe
        8⤵
        
        PID:17692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49563.exe
        7⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4167.exe
        7⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58595.exe
        7⤵
        
        PID:15524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33611.exe
        6⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21355.exe
        7⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56819.exe
        8⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17300.exe
        8⤵
        
        PID:15852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27126.exe
        8⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        7⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
        7⤵
        
        PID:13836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
        7⤵
        
        PID:17692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51187.exe
        6⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9372.exe
        7⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54162.exe
        7⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2647.exe
        7⤵
        
        PID:5592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
        6⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38647.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5469.exe
        6⤵
        
        PID:18012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19400.exe
        6⤵
        
        PID:17820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45271.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5838.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60659.exe
        7⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8054.exe
        8⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24355.exe
        9⤵
        
        PID:17084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12579.exe
        8⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        8⤵
        
        PID:15556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52040.exe
        8⤵
        
        PID:17636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1785.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        7⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13068.exe
        7⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
        7⤵
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34955.exe
        6⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        7⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9640 -s 436
        8⤵
        Program crash
        
        PID:10756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9640 -s 392
        8⤵
        Program crash
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
        7⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10292.exe
        7⤵
        
        PID:18036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18234.exe
        6⤵
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13103.exe
        6⤵
        
        PID:13088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4132.exe
        6⤵
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1925.exe
        6⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53212.exe
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25439.exe
        6⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
        7⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30939.exe
        7⤵
        
        PID:15444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23042.exe
        7⤵
        
        PID:17312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
        6⤵
        
        PID:13804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
        6⤵
        
        PID:17672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29912.exe
        5⤵
        
        PID:7172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42357.exe
        6⤵
        
        PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-819.exe
        5⤵
        
        PID:10156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57459.exe
        5⤵
        
        PID:14380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22851.exe
        5⤵
        
        PID:9204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49076.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29445.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31557.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57561.exe
        7⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56165.exe
        8⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
        9⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12579.exe
        9⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        9⤵
        
        PID:15740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
        9⤵
        
        PID:18068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
        8⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7238.exe
        8⤵
        
        PID:13080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12797.exe
        8⤵
        
        PID:15984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36934.exe
        8⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37451.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3534.exe
        8⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        8⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
        8⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33968.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47312.exe
        7⤵
        
        PID:14236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36394.exe
        7⤵
        
        PID:17952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        6⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
        7⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57374.exe
        7⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19272.exe
        7⤵
        
        PID:14548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55548.exe
        7⤵
        
        PID:17600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27261.exe
        7⤵
        
        PID:17124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7525.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:18064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59844.exe
        6⤵
        
        PID:11444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
        6⤵
        
        PID:16240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3523.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57561.exe
        6⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63949.exe
        7⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32891.exe
        8⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57260.exe
        8⤵
        
        PID:14852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
        8⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4691.exe
        7⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55453.exe
        7⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11811.exe
        7⤵
        
        PID:17304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61572.exe
        6⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33613.exe
        7⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64311.exe
        6⤵
        
        PID:9724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51588.exe
        6⤵
        
        PID:13648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56815.exe
        6⤵
        
        PID:17904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        5⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45065.exe
        6⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        7⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54816.exe
        7⤵
        
        PID:16560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9927.exe
        6⤵
        
        PID:9464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
        6⤵
        
        PID:14208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2124.exe
        6⤵
        
        PID:17604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
        5⤵
        
        PID:8068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24723.exe
        6⤵
        
        PID:10932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        6⤵
        
        PID:14752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25178.exe
        6⤵
        
        PID:18168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34266.exe
        5⤵
        
        PID:11220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22469.exe
        5⤵
        
        PID:15864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6738.exe
        5⤵
        
        PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8422.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42979.exe
        6⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49969.exe
        7⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        8⤵
        
        PID:9656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9656 -s 436
        9⤵
        Program crash
        
        PID:10608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9656 -s 392
        9⤵
        Program crash
        
        PID:13240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
        8⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
        8⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59651.exe
        7⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33332.exe
        7⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51387.exe
        7⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
        7⤵
        
        PID:9940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12894.exe
        6⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
        7⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49143.exe
        7⤵
        
        PID:16084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36342.exe
        6⤵
        
        PID:12628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64618.exe
        6⤵
        
        PID:15692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63762.exe
        5⤵
        
        PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3574.exe
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13700.exe
        6⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16467.exe
        7⤵
        
        PID:13692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
        7⤵
        
        PID:17460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1697.exe
        6⤵
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        6⤵
        
        PID:16256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
        6⤵
        
        PID:8000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        5⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57717.exe
        6⤵
        
        PID:11488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35407.exe
        6⤵
        
        PID:15648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50259.exe
        6⤵
        
        PID:17680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61039.exe
        5⤵
        
        PID:11608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42059.exe
        5⤵
        
        PID:16428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29873.exe
        5⤵
        
        PID:17560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24494.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55039.exe
        5⤵
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36923.exe
        6⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1230.exe
        7⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17431.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61971.exe
        7⤵
        
        PID:17296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
        7⤵
        
        PID:8200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62557.exe
        6⤵
        
        PID:9588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45174.exe
        6⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51126.exe
        6⤵
        
        PID:7848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48936.exe
        5⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
        6⤵
        
        PID:11128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57260.exe
        6⤵
        
        PID:14868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25608.exe
        5⤵
        
        PID:9308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42652.exe
        5⤵
        
        PID:13848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54101.exe
        5⤵
        
        PID:17576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22755.exe
        5⤵
        
        PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31718.exe
      4⤵
      PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
        5⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37219.exe
        6⤵
        
        PID:7724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        6⤵
        
        PID:12188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        6⤵
        
        PID:16540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
        6⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59267.exe
        5⤵
        
        PID:9188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43254.exe
        5⤵
        
        PID:12912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24360.exe
        5⤵
        
        PID:17300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30923.exe
        5⤵
        
        PID:17864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8935.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
        5⤵
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57883.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27482.exe
        6⤵
        
        PID:7568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        5⤵
        
        PID:12160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49143.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62451.exe
      4⤵
      PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49331.exe
        5⤵
        
        PID:13516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
        5⤵
        
        PID:17412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34008.exe
      4⤵
      PID:13000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47417.exe
      4⤵
      PID:1868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
      4⤵
      PID:8488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21473.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21473.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30047.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48111.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27629.exe
        7⤵
        Executes dropped EXE
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41993.exe
        8⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58936.exe
        9⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
        9⤵
        
        PID:13828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
        9⤵
        
        PID:17648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33426.exe
        9⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35827.exe
        8⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63839.exe
        8⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13068.exe
        8⤵
        
        PID:16112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34187.exe
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37219.exe
        8⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        8⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26584.exe
        8⤵
        
        PID:15500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe
        7⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        7⤵
        
        PID:12660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15616.exe
        7⤵
        
        PID:15680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36735.exe
        7⤵
        
        PID:8580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
        6⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62413.exe
        7⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8054.exe
        8⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        8⤵
        
        PID:12168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49143.exe
        8⤵
        
        PID:15940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33374.exe
        8⤵
        
        PID:17464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36709.exe
        7⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28148.exe
        7⤵
        
        PID:13360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32485.exe
        7⤵
        
        PID:17580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43839.exe
        6⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42865.exe
        7⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        7⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        7⤵
        
        PID:16532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47956.exe
        7⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4281.exe
        6⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36342.exe
        6⤵
        
        PID:12620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64618.exe
        6⤵
        
        PID:13240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62070.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62439.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57945.exe
        7⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45065.exe
        8⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        9⤵
        
        PID:11936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        9⤵
        
        PID:16280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1759.exe
        8⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42357.exe
        9⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-414.exe
        8⤵
        
        PID:14292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6234.exe
        8⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
        7⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28719.exe
        8⤵
        
        PID:13724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
        8⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51987.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45235.exe
        7⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47670.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37510.exe
        7⤵
        
        PID:10500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46824.exe
        6⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
        7⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
        8⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57260.exe
        8⤵
        
        PID:14860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60882.exe
        7⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
        7⤵
        
        PID:14000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        7⤵
        
        PID:17808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62233.exe
        7⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51187.exe
        6⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19223.exe
        7⤵
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35942.exe
        6⤵
        
        PID:10008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50482.exe
        6⤵
        
        PID:15792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29873.exe
        6⤵
        
        PID:9560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
        5⤵
        Executes dropped EXE
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40047.exe
        6⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32533.exe
        7⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
        7⤵
        
        PID:13448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11811.exe
        7⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65523.exe
        7⤵
        
        PID:336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35827.exe
        6⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63839.exe
        6⤵
        
        PID:12364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1723.exe
        6⤵
        
        PID:16404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49187.exe
        6⤵
        
        PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2641.exe
        5⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        6⤵
        
        PID:9672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20860.exe
        6⤵
        
        PID:10732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        6⤵
        
        PID:9980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36934.exe
        6⤵
        
        PID:9616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54739.exe
        5⤵
        
        PID:8092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42357.exe
        6⤵
        
        PID:10264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44503.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63401.exe
        5⤵
        
        PID:17320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26107.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36819.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1152.exe
        7⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45387.exe
        8⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        8⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26584.exe
        8⤵
        
        PID:15888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27126.exe
        8⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14639.exe
        7⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63839.exe
        7⤵
        
        PID:12796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12797.exe
        7⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65523.exe
        7⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20181.exe
        6⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46757.exe
        7⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33613.exe
        8⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        7⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49143.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38008.exe
        7⤵
        
        PID:10140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1732.exe
        6⤵
        
        PID:436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48708.exe
        6⤵
        
        PID:12092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46343.exe
        6⤵
        
        PID:16028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
        6⤵
        
        PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14561.exe
        5⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2906.exe
        6⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8028.exe
        7⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13923.exe
        7⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63716.exe
        7⤵
        
        PID:17708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43804.exe
        6⤵
        
        PID:7820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
        6⤵
        
        PID:11148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51963.exe
        6⤵
        
        PID:16668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20399.exe
        6⤵
        
        PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11742.exe
        5⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58983.exe
        6⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24355.exe
        7⤵
        
        PID:16584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17473.exe
        7⤵
        
        PID:17456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7701.exe
        6⤵
        
        PID:11072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15484.exe
        6⤵
        
        PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        5⤵
        
        PID:8308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61039.exe
        5⤵
        
        PID:12356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        5⤵
        
        PID:15488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29873.exe
        5⤵
        
        PID:9972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5992.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50763.exe
        5⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11266.exe
        6⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18335.exe
        7⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
        8⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60810.exe
        8⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23653.exe
        7⤵
        
        PID:12880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35521.exe
        7⤵
        
        PID:16456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8651.exe
        7⤵
        
        PID:8912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36709.exe
        6⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63363.exe
        7⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47660.exe
        7⤵
        
        PID:15512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62767.exe
        6⤵
        
        PID:13708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52148.exe
        6⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33957.exe
        6⤵
        
        PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34187.exe
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        6⤵
        
        PID:9680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        6⤵
        
        PID:12836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17867.exe
        6⤵
        
        PID:16616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe
        5⤵
        
        PID:8468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        5⤵
        
        PID:12668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15616.exe
        5⤵
        
        PID:15704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28209.exe
        5⤵
        
        PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1297.exe
      4⤵
      PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52299.exe
        5⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48869.exe
        6⤵
        
        PID:8756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
        6⤵
        
        PID:13456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11811.exe
        6⤵
        
        PID:16576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24708.exe
        6⤵
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53534.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
        5⤵
        
        PID:12232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
        5⤵
        
        PID:16548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59513.exe
      4⤵
      PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        5⤵
        
        PID:9776
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 444
        6⤵
        Program crash
        
        PID:10620
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 480
        6⤵
        Program crash
        
        PID:13220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
        5⤵
        
        PID:14012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        5⤵
        
        PID:17800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38203.exe
      4⤵
      PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61569.exe
      4⤵
      PID:12384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25342.exe
      4⤵
      PID:16332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54153.exe
      4⤵
      PID:18332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62811.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62811.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-856.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33695.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52901.exe
        6⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4634.exe
        7⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14084.exe
        8⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        8⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49143.exe
        8⤵
        
        PID:15440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6637.exe
        7⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27466.exe
        7⤵
        
        PID:12432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60052.exe
        7⤵
        
        PID:16444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51458.exe
        6⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
        7⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        7⤵
        
        PID:14768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51821.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        6⤵
        
        PID:9472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53534.exe
        6⤵
        
        PID:13948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50017.exe
        6⤵
        
        PID:17636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55236.exe
        6⤵
        
        PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21359.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30845.exe
        6⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        7⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        7⤵
        
        PID:11780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5361.exe
        7⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5791.exe
        6⤵
        
        PID:10232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23078.exe
        6⤵
        
        PID:14904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27031.exe
        6⤵
        
        PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52749.exe
        5⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12382.exe
        6⤵
        
        PID:13652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
        6⤵
        
        PID:17428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32142.exe
        6⤵
        
        PID:9772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4639.exe
        5⤵
        
        PID:9736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32616.exe
        5⤵
        
        PID:13928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33481.exe
        5⤵
        
        PID:17612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
        5⤵
        
        PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11691.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16529.exe
        5⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19217.exe
        6⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1142.exe
        7⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20249.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39735.exe
        7⤵
        
        PID:13340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
        6⤵
        
        PID:10664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25138.exe
        6⤵
        
        PID:14556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57957.exe
        6⤵
        
        PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-503.exe
        5⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41267.exe
        6⤵
        
        PID:17236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47592.exe
        5⤵
        
        PID:11360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8278.exe
        5⤵
        
        PID:15824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57566.exe
        5⤵
        
        PID:6064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58037.exe
      4⤵
      PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59263.exe
        5⤵
        
        PID:7340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        6⤵
        
        PID:11192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49092.exe
        6⤵
        
        PID:15168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32142.exe
        6⤵
        
        PID:9552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        5⤵
        
        PID:9232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
        5⤵
        
        PID:14180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65480.exe
        5⤵
        
        PID:17892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65523.exe
        5⤵
        
        PID:8224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
      4⤵
      PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55849.exe
        5⤵
        
        PID:17360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6062.exe
      4⤵
      PID:11504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14649.exe
      4⤵
      PID:16200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
      4⤵
      PID:9324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29180.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29180.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58199.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61214.exe
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54899.exe
        6⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48542.exe
        6⤵
        
        PID:12004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54187.exe
        6⤵
        
        PID:16572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
        6⤵
        
        PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15520.exe
        5⤵
        
        PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        5⤵
        
        PID:12636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15616.exe
        5⤵
        
        PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57156.exe
        5⤵
        
        PID:7924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44302.exe
      4⤵
      PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
        5⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        6⤵
        
        PID:10768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39091.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54344.exe
        6⤵
        
        PID:10564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
        5⤵
        
        PID:14268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45060.exe
        5⤵
        
        PID:17832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
      4⤵
      PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55081.exe
        5⤵
        
        PID:16600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3077.exe
      4⤵
      PID:10200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40785.exe
      4⤵
      PID:14128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2654.exe
      4⤵
      PID:9612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14458.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14458.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40649.exe
      4⤵
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23301.exe
        5⤵
        
        PID:5548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32891.exe
        6⤵
        
        PID:11040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        6⤵
        
        PID:14776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
        6⤵
        
        PID:17356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5651.exe
        5⤵
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33613.exe
        6⤵
        
        PID:8944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46518.exe
        5⤵
        
        PID:15020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22954.exe
        5⤵
        
        PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4587.exe
      4⤵
      PID:7276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        5⤵
        
        PID:10828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        5⤵
        
        PID:8676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23662.exe
      4⤵
      PID:9404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47312.exe
      4⤵
      PID:14228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36394.exe
      4⤵
      PID:17972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21789.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21789.exe
    3⤵
    PID:5272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21355.exe
      4⤵
      PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50597.exe
        5⤵
        
        PID:10980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        5⤵
        
        PID:14808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21094.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:18336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
      4⤵
      PID:10676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25138.exe
      4⤵
      PID:14576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46883.exe
      4⤵
      PID:17592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
    3⤵
    PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63441.exe
      4⤵
      PID:15536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12306.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12306.exe
    3⤵
    PID:8744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14449.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14449.exe
    3⤵
    PID:14096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53153.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53153.exe
    3⤵
    PID:17788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15652.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15652.exe
    3⤵
    PID:1544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42243.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42243.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41339.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4944
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 724
      4⤵
      Program crash
      PID:888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28655.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28655.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29061.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34043.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10882.exe
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
        7⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        8⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32258.exe
        8⤵
        
        PID:16448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36934.exe
        8⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6419.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
        7⤵
        
        PID:14392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
        7⤵
        
        PID:18176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8154.exe
        7⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30975.exe
        6⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        7⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3399.exe
        7⤵
        
        PID:15252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21306.exe
        6⤵
        
        PID:11320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23592.exe
        6⤵
        
        PID:16464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47617.exe
        6⤵
        
        PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15905.exe
        5⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8054.exe
        6⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6357.exe
        6⤵
        
        PID:10924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1504.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
        6⤵
        
        PID:18056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42574.exe
        5⤵
        
        PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34588.exe
        5⤵
        
        PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
        5⤵
        
        PID:16784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6738.exe
        5⤵
        
        PID:8548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27912.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14390.exe
        5⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58817.exe
        6⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
        7⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57260.exe
        7⤵
        
        PID:14844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62319.exe
        7⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25853.exe
        6⤵
        
        PID:11476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        6⤵
        
        PID:16224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51204.exe
        5⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
        6⤵
        
        PID:11028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        6⤵
        
        PID:14784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31208.exe
        6⤵
        
        PID:17340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25198.exe
        5⤵
        
        PID:11536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39850.exe
        5⤵
        
        PID:16212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41152.exe
      4⤵
      PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
        5⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        6⤵
        
        PID:10836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3399.exe
        6⤵
        
        PID:14652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33346.exe
        6⤵
        
        PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20154.exe
        5⤵
        
        PID:10252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47888.exe
        5⤵
        
        PID:14440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28567.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
        5⤵
        
        PID:10716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
        5⤵
        
        PID:14636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21094.exe
        5⤵
        
        PID:376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37383.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16852.exe
      4⤵
      PID:15028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43681.exe
      4⤵
      PID:5768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12624.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57431.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21599.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41609.exe
        6⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
        7⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        8⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
        8⤵
        
        PID:14724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
        8⤵
        
        PID:17556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53403.exe
        7⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        7⤵
        
        PID:14688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65357.exe
        7⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60010.exe
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
        7⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exe
        7⤵
        
        PID:17264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10954.exe
        7⤵
        
        PID:9056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30076.exe
        6⤵
        
        PID:10016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49450.exe
        6⤵
        
        PID:14156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22004.exe
        6⤵
        
        PID:17928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49397.exe
        6⤵
        
        PID:17792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56938.exe
        5⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30395.exe
        6⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
        7⤵
        
        PID:15552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
        6⤵
        
        PID:13464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11811.exe
        6⤵
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49187.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4446.exe
        5⤵
        
        PID:6608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4167.exe
        5⤵
        
        PID:12376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46343.exe
        5⤵
        
        PID:15244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
        5⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
        6⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22689.exe
        7⤵
        
        PID:13416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63358.exe
        7⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27790.exe
        6⤵
        
        PID:11720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29807.exe
        6⤵
        
        PID:16184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9478.exe
        6⤵
        
        PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10809.exe
        5⤵
        
        PID:7216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23854.exe
        5⤵
        
        PID:10072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49450.exe
        5⤵
        
        PID:14108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
        5⤵
        
        PID:7564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58421.exe
      4⤵
      PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64899.exe
        6⤵
        
        PID:13108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
        6⤵
        
        PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53804.exe
        5⤵
        
        PID:9932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1504.exe
        5⤵
        
        PID:15464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
        5⤵
        
        PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
      4⤵
      PID:8108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
      4⤵
      PID:12076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
      4⤵
      PID:15920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43905.exe
      4⤵
      PID:5304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30524.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50187.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53669.exe
        5⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
        6⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
        7⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51821.exe
        7⤵
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
        6⤵
        
        PID:9704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
        6⤵
        
        PID:13916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58682.exe
        6⤵
        
        PID:17600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10318.exe
        6⤵
        
        PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exe
        5⤵
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47193.exe
        6⤵
        
        PID:13672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
        6⤵
        
        PID:17436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
        5⤵
        
        PID:10884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39005.exe
        5⤵
        
        PID:15924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14177.exe
        5⤵
        
        PID:8248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28157.exe
      4⤵
      PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58817.exe
        5⤵
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61007.exe
        6⤵
        
        PID:13396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8127.exe
        6⤵
        
        PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
        5⤵
        
        PID:11452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        5⤵
        
        PID:16296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16698.exe
      4⤵
      PID:7696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48708.exe
      4⤵
      PID:12100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46343.exe
      4⤵
      PID:16220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29143.exe
      4⤵
      PID:10420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53509.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53509.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59891.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33991.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        6⤵
        
        PID:10804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        6⤵
        
        PID:15008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53165.exe
        6⤵
        
        PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
        5⤵
        
        PID:10912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        5⤵
        
        PID:14680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12072.exe
        5⤵
        
        PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35505.exe
      4⤵
      PID:1440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30499.exe
        5⤵
        
        PID:11124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35407.exe
        5⤵
        
        PID:16068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-720.exe
      4⤵
      PID:9840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2387.exe
      4⤵
      PID:13968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9752.exe
      4⤵
      PID:17764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20399.exe
      4⤵
      PID:9152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33055.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33055.exe
    3⤵
    PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26399.exe
      4⤵
      PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55833.exe
        5⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19901.exe
        5⤵
        
        PID:15912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32142.exe
        5⤵
        
        PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
      4⤵
      PID:9688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
      4⤵
      PID:14304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30670.exe
      4⤵
      PID:17916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
    3⤵
    PID:6752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17209.exe
      4⤵
      PID:16052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10168.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10168.exe
    3⤵
    PID:9328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12311.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12311.exe
    3⤵
    PID:14192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34679.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34679.exe
    3⤵
    PID:17940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46378.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46378.exe
    3⤵
    PID:8932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22956.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22956.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3404.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3404.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19331.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47317.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11821.exe
        6⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45065.exe
        7⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        8⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        8⤵
        
        PID:14704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14872.exe
        8⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6419.exe
        7⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42023.exe
        7⤵
        
        PID:14452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57686.exe
        7⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
        6⤵
        
        PID:8076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22704.exe
        6⤵
        
        PID:10392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-110.exe
        6⤵
        
        PID:15952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
        6⤵
        
        PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8531.exe
        5⤵
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38293.exe
        6⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45387.exe
        7⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        7⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        7⤵
        
        PID:15720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21821.exe
        6⤵
        
        PID:8340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63839.exe
        6⤵
        
        PID:10580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
        6⤵
        
        PID:16196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33426.exe
        6⤵
        
        PID:8368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61327.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
        6⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44868.exe
        7⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        7⤵
        
        PID:16288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
        7⤵
        
        PID:10448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
        6⤵
        
        PID:9716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
        6⤵
        
        PID:14168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30670.exe
        6⤵
        
        PID:18000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33426.exe
        6⤵
        
        PID:10428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22241.exe
        5⤵
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
        6⤵
        
        PID:10996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        6⤵
        
        PID:14792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6704.exe
        6⤵
        
        PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15977.exe
        5⤵
        
        PID:10000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
        5⤵
        
        PID:15844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18290.exe
        5⤵
        
        PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8977.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49393.exe
        5⤵
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62387.exe
        6⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13482.exe
        7⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
        8⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
        7⤵
        
        PID:12736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54187.exe
        7⤵
        
        PID:15636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
        7⤵
        
        PID:4192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        6⤵
        
        PID:8432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
        6⤵
        
        PID:13772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7535.exe
        6⤵
        
        PID:17588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29342.exe
        6⤵
        
        PID:10152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15546.exe
        5⤵
        
        PID:8016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15262.exe
        6⤵
        
        PID:15760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26788.exe
        5⤵
        
        PID:10368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49311.exe
        5⤵
        
        PID:15768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8260.exe
      4⤵
      PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
        5⤵
        
        PID:6348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24251.exe
        6⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51987.exe
        6⤵
        
        PID:9160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11873.exe
        5⤵
        
        PID:9336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
        5⤵
        
        PID:13796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
        5⤵
        
        PID:17680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65220.exe
      4⤵
      PID:7236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32891.exe
        5⤵
        
        PID:10856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        5⤵
        
        PID:15000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48313.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:18340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17354.exe
      4⤵
      PID:10068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40393.exe
      4⤵
      PID:14368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
      4⤵
      PID:8900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23969.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2968.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55615.exe
        5⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41775.exe
        6⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45387.exe
        7⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        7⤵
        
        PID:12332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        7⤵
        
        PID:15748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22684.exe
        7⤵
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe
        6⤵
        
        PID:8788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
        6⤵
        
        PID:15996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29342.exe
        6⤵
        
        PID:9448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23061.exe
        5⤵
        
        PID:7296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63913.exe
        6⤵
        
        PID:13748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8127.exe
        6⤵
        
        PID:6436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30680.exe
        5⤵
        
        PID:10344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47173.exe
        5⤵
        
        PID:15616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15957.exe
        5⤵
        
        PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60062.exe
      4⤵
      PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
        5⤵
        
        PID:7364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30857.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
        6⤵
        
        PID:17420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51987.exe
        6⤵
        
        PID:7400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24814.exe
        5⤵
        
        PID:10332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55838.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37510.exe
        5⤵
        
        PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10270.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47660.exe
        5⤵
        
        PID:15872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2786.exe
        5⤵
        
        PID:8724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14727.exe
      4⤵
      PID:11496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
      4⤵
      PID:16248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13174.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
      4⤵
      PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62387.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        6⤵
        
        PID:9648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        6⤵
        
        PID:12828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17867.exe
        6⤵
        
        PID:16624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49187.exe
        6⤵
        
        PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54276.exe
        5⤵
        
        PID:8888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
        5⤵
        
        PID:13812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
        5⤵
        
        PID:17556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29342.exe
        5⤵
        
        PID:9532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exe
      4⤵
      PID:8032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6704.exe
        5⤵
        
        PID:6780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51100.exe
      4⤵
      PID:10672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
      4⤵
      PID:16472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6380.exe
      4⤵
      PID:1652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41152.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41152.exe
    3⤵
    PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
      4⤵
      PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59533.exe
        5⤵
        
        PID:11052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57260.exe
        5⤵
        
        PID:14828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17752.exe
        5⤵
        
        PID:11116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48438.exe
      4⤵
      PID:9888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46518.exe
      4⤵
      PID:15032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8564.exe
      4⤵
      PID:17928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11630.exe
    3⤵
    PID:6792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2910.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46921.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46921.exe
    3⤵
    PID:9848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59789.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59789.exe
    3⤵
    PID:14020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
    3⤵
    PID:17780
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23560.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23560.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35667.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35667.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11136.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18667.exe
        5⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62387.exe
        6⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61313.exe
        7⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44074.exe
        7⤵
        
        PID:13008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35521.exe
        7⤵
        
        PID:16416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        6⤵
        
        PID:9064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
        6⤵
        
        PID:13788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40400.exe
        6⤵
        
        PID:17312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
        5⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56819.exe
        6⤵
        
        PID:10628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5537.exe
        6⤵
        
        PID:14568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
        6⤵
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62749.exe
        5⤵
        
        PID:10224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33613.exe
        6⤵
        
        PID:8844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49450.exe
        5⤵
        
        PID:14136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63378.exe
        5⤵
        
        PID:9508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54608.exe
      4⤵
      PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49149.exe
        5⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32891.exe
        6⤵
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        6⤵
        
        PID:14696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51821.exe
        6⤵
        
        PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6419.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30131.exe
        6⤵
        
        PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42023.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55548.exe
        5⤵
        
        PID:6224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17492.exe
      4⤵
      PID:8096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
        5⤵
        
        PID:10736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2910.exe
        5⤵
        
        PID:15944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42932.exe
      4⤵
      PID:10700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30836.exe
      4⤵
      PID:15604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32651.exe
      4⤵
      PID:17744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62387.exe
        5⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64245.exe
        6⤵
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        6⤵
        
        PID:12324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26584.exe
        6⤵
        
        PID:10044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46518.exe
        5⤵
        
        PID:8748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        5⤵
        
        PID:12588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13068.exe
        5⤵
        
        PID:13256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
      4⤵
      PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        5⤵
        
        PID:11912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        5⤵
        
        PID:16264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42092.exe
        5⤵
        
        PID:9244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62749.exe
      4⤵
      PID:10216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49450.exe
      4⤵
      PID:14148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22004.exe
      4⤵
      PID:17988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61650.exe
      4⤵
      PID:17952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58037.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58037.exe
    3⤵
    PID:5616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
      4⤵
      PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58241.exe
        5⤵
        
        PID:15752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
      4⤵
      PID:8796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
      4⤵
      PID:13780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
      4⤵
      PID:17656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
      4⤵
      PID:5156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63274.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63274.exe
    3⤵
    PID:7128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46259.exe
      4⤵
      PID:11992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20249.exe
      4⤵
      PID:16304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27276.exe
    3⤵
    PID:10028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24249.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24249.exe
    3⤵
    PID:14068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34050.exe
    3⤵
    PID:18004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20514.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20514.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11136.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11136.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30535.exe
      4⤵
      PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24095.exe
        5⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38323.exe
        6⤵
        
        PID:9600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
        6⤵
        
        PID:13820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
        6⤵
        
        PID:17664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36934.exe
        6⤵
        
        PID:7708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50218.exe
        5⤵
        
        PID:8452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        5⤵
        
        PID:12644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24282.exe
        5⤵
        
        PID:15968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61439.exe
        5⤵
        
        PID:8232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32817.exe
      4⤵
      PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37219.exe
        5⤵
        
        PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25407.exe
        5⤵
        
        PID:12604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18416.exe
        5⤵
        
        PID:15664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14873.exe
        5⤵
        
        PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35557.exe
      4⤵
      PID:8348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4167.exe
      4⤵
      PID:12340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58595.exe
      4⤵
      PID:15732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35173.exe
    3⤵
    PID:1596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
      4⤵
      PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
        5⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        6⤵
        
        PID:10780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        6⤵
        
        PID:14712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51821.exe
        6⤵
        
        PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31499.exe
        5⤵
        
        PID:10472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
        5⤵
        
        PID:16076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49563.exe
      4⤵
      PID:7532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4167.exe
      4⤵
      PID:10116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9202.exe
      4⤵
      PID:16640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
      4⤵
      PID:10148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58997.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58997.exe
    3⤵
    PID:6600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20691.exe
      4⤵
      PID:8380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17239.exe
      4⤵
      PID:12484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49143.exe
      4⤵
      PID:15972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
      4⤵
      PID:12684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
    3⤵
    PID:8324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4438.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4438.exe
    3⤵
    PID:10488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61686.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61686.exe
    3⤵
    PID:1880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6380.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6380.exe
    3⤵
    PID:1716
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36817.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36817.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35003.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35003.exe
    3⤵
    PID:5204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63949.exe
      4⤵
      PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24967.exe
        5⤵
        
        PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        5⤵
        
        PID:12308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        5⤵
        
        PID:15780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-893.exe
        5⤵
        
        PID:17652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59154.exe
      4⤵
      PID:9128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37389.exe
      4⤵
      PID:12904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43524.exe
      4⤵
      PID:15700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exe
      4⤵
      PID:7936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
    3⤵
    PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
      4⤵
      PID:11140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57260.exe
      4⤵
      PID:14820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32142.exe
      4⤵
      PID:3052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35531.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35531.exe
    3⤵
    PID:9864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2387.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2387.exe
    3⤵
    PID:13976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9752.exe
    3⤵
    PID:17820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49397.exe
    3⤵
    PID:17768
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19010.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19010.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65485.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65485.exe
    3⤵
    PID:7248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41727.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41727.exe
    3⤵
    PID:11352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16943.exe
    3⤵
    PID:15816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63603.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63603.exe
    3⤵
    PID:5392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20334.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20334.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:8124
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57707.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57707.exe
  2⤵
  PID:11312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
  2⤵
  PID:15800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4944 -ip 4944
1⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 392 -p 9664 -ip 9664
1⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 9640 -ip 9640
1⤵
PID:10416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 9776 -ip 9776
1⤵
PID:10472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 9656 -ip 9656
1⤵
PID:10520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 9672 -ip 9672
1⤵
PID:10540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 9672 -ip 9672
1⤵
PID:10708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 9648 -ip 9648
1⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 9680 -ip 9680
1⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 9648 -ip 9648
1⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 9680 -ip 9680
1⤵
PID:11048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 9656 -ip 9656
1⤵
PID:13188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 9776 -ip 9776
1⤵
PID:13196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 9664 -ip 9664
1⤵
PID:10476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 9640 -ip 9640
1⤵
PID:12204

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11572.exe

Filesize
468KB

MD5
5c7eb04a132f07ab0b0bab6118a2081b

SHA1
0588cf5c616ce2b81651e858c289b76d4dfb7efa

SHA256
2ee07a75e693010cc2f244f0e0cfdde86702bcb7dc1b6cd1c374c3b8b1fdc5e6

SHA512
ed8a76d6d5a18da8d14e0820f415766f1c210cf560f22b965b6784f74400745eacda72c40100ffe9449acb35033cc1a784209c31f5e5c6292606a84affdfb940

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12624.exe

Filesize
468KB

MD5
9919f3845c4cd37003ae233ce0956eff

SHA1
2f6fa14345f6ec62faadadd6a47d69378cee75dd

SHA256
6f2ead2965e5d0b93f4e586a999544ae2518c7aae9faeb177aab1a5a4c190823

SHA512
232017180940044b0d27c508b197e1650fc14ac47a7bba1e3782eda4ef532413a4a6ccbed78fc17b0cd3c534eeaad0c8ba43ef35cdabddc4d174699e7edd888a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe

Filesize
468KB

MD5
0f03df3c3d83283f2f9437da3f215846

SHA1
086ceeffe9a39bcdcb0b3426e964f9752937d7d5

SHA256
abb8770b7ce50b3ab9fd427ea3c5151a21adb6e85edbf0179a91b5445b912deb

SHA512
90596416975e967416a478cb5ea3177a7ecf3c237c1e1e25b78cf0805c2bf2a304aacfb89a2206fcb95cb3a0cffe7b5fb24e71f881c2a38d4403d85df62b5b41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19331.exe

Filesize
468KB

MD5
ca9c6a575dbb1c98c86dec1f2114ac8e

SHA1
e884df9535bc872662c6634577480750e55cdf67

SHA256
0e2f2157fed02b200ba569df110170ab8f73bd80d0801996b3cf3b11c4ff408e

SHA512
bd1ef5e25a7cca928e890a572872b6ee7880a427a368b3a3b8917df3e9ff8fc69388bd53c9393ff5560cdc266c8d017a3adbd19b110498393bbb615192d02ccf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20514.exe

Filesize
468KB

MD5
ab8c6d48dad3dc29ea7d86f90176be65

SHA1
7f29d0edf82f70b2c38d97b37004e73566b83d33

SHA256
f36b46f75e06671da13d852b664031f855bd79fc56fe7d4d46fd90b01cb05c86

SHA512
9e6bb62af5fb96b84f91d42f9720a046b58d6361ac58b47e1dba2c606ac4fda2bbb78b87e3ee53650512de753d6d3d0c9dffed3b6c824a3617fcac7d18a33c1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21473.exe

Filesize
468KB

MD5
99265d8e258a6e793fa3e9c76da3d995

SHA1
5a697a66aeee0f20930bc63d82de0cd4d3c5d96a

SHA256
d6bf67e7b10a147be40a039cb9af803b13c000f93505431e81b285527636126a

SHA512
e7bbb492c32c663f169a5878a4b19c9b1407a6820e197ab6d10ca636e940b4fbc20c64fb378b8ae01c7248d1d6c2c0a2585041fc02305e528183d23f0c05d806

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22956.exe

Filesize
468KB

MD5
2d255332aa61028333886fa90893e5c0

SHA1
1f32fe9bd7fd6c729981807d5743e51677841ff0

SHA256
81d4c4036dcbd1a7d550671436b601b89f5976d01625cfa1a1d6b5b96ac9165a

SHA512
05b278fd5c109eda11bb6d08f6e0f397d7234bc040bf475fec6ced0649984e05f5f54c4d62a8113ca11d6e41f77013449c88ff828cb4534cf9419f1264d2519a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23415.exe

Filesize
468KB

MD5
013520685ffcc96056ceb8a96e21b468

SHA1
ff5eaa29c189959ac5994102c1547c7b8169c615

SHA256
1162c9e6d32cdc6cc2e63aefd87f940e22d10bb2bad228847afefda60f1a1f2b

SHA512
3b775cefaae0a7f93fc5e2ebddb51eca4beb98ea2b852420eeff0ecfa1e66278123f60ed5910d09ddaae1c1f89d37c3da9fd9f4e086e59e3e841ac663902ba81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23560.exe

Filesize
468KB

MD5
30110ae1bd0f50f85d9772e5c25f3dad

SHA1
bd11b96423f2a231f2869f14d24f3c363e4dad29

SHA256
3c9a553ddd1dbdde08c783b5943e8d726224eff329e89f8cdafc9f8850e99396

SHA512
f24b2845764206f6b0e88d53639cccf4015e8360d95f50f34e25487795fe8d5cdbb45d59f628aeccc7b131b9875b50fa88ebd18f77919b067ddd93f236eb2ff7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23969.exe

Filesize
468KB

MD5
47241a8a27d5becd97d8b61046b155ad

SHA1
bae4943398bee118007a8448cb5e4382d3f52647

SHA256
cd344c8ebdd4e10a6b77c55f21c75115b68c6e2f99946b18f6d72f14a2f4956d

SHA512
150be1b51e45c8494870ff0ef63d8da9db41fd8dbc5f21134aae28698772e279133ac3498c62e1c1e83a8c5ec442ddde29853b671a6489746770f48337e9dc18

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26107.exe

Filesize
468KB

MD5
22c0e1959ff300dfe4d346bc31f25673

SHA1
12192e6d1734357a039400def2e6eaa1d819bd30

SHA256
7f8efd7d20711e4210f11f26d9fd3326fd9b97713e73e5cab38f7ebfe668268c

SHA512
e3637092781837149ebe43b480e343540cd8ef5706df62aea36d29e916def32b28b0afadc9e4432872b5e801c3a7541264dfc63e9efa13e0151423ce5067448d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28655.exe

Filesize
468KB

MD5
ea597cce8ed3a9ad3e81d3058dd55a6f

SHA1
3eb285264c76cfbaf8907f742daa1181413d2cc7

SHA256
03eb4f81c9212ccaa06b173589aa141c90d3215fab82eba38e91179ab1fb1f65

SHA512
6cd50fbf75382a45f3e253d6c0927958935628ba54905e3c74bbcc52f092543d2c43f91d357bc50902dd521b4c196fc3d503c6fe7fbb8584d88e6475d4212bf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29061.exe

Filesize
468KB

MD5
5085d30b47925e7643224e7054612cdf

SHA1
abb45f12fff4790ff907d4b4dd9e09ee3776c208

SHA256
e3c74cb5adeb7ffc7bdb34ab64f039b8fe3ef96811706f997f7f96ba90eca5a6

SHA512
be67a670948a1fa8f1d82f3d34c3ad879d3d534a7098a1334ec4e2f8bfbd386d4fef76b3071c6dd70d624ff6037689b9580312988523dbe35ea16bb393363343

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29180.exe

Filesize
468KB

MD5
2494478ae71516c09b891b46ccb19e83

SHA1
88a1bd3e0b213cb536950dacef4e698d010c40f7

SHA256
6666e02d3f48c37e9e532f67adebc5605ec56e7cb598a9dcaa044cc7348455ba

SHA512
d6d8d32ed93578e687d23e954f13d921238df70fb9781bea2ea104f9dde6617f15246d3f65eed9441db6a50c506010b7ec76557d2720090f27c977bbeb924a63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29445.exe

Filesize
468KB

MD5
e2698b7643b654a21553d051f0a80c85

SHA1
d091beb6fa27504889d335a34a18c63342c56ae1

SHA256
819f853e44eed5215eeccec581730615c3f43542fe7a4a35210d76e00ec7bfbf

SHA512
6f8eb33fdebb858e8b10b27cea71a0dec78144c8161d4367e7f9e6ff0857713fb23914507f8dc59fe5213cf4b11a42fb32e1ee0499d8b28289ca4d23f3d56833

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30047.exe

Filesize
468KB

MD5
88a906ff4f7ec015faa7cdb84197ed55

SHA1
bc85c6c3c66b2812c6f01bad93f82815747516be

SHA256
057e3a8abe3f9b02fc3cc7e6cdc25e61a5c66a95670de2a1ff1ce2a6735d166a

SHA512
95a5e5db1a1fe81729ca8cc6ea8b288db14ee332631b1d37b9af40279cbba4ce3dc2adc0a05a918fbcc81faabcfa60362ffe7c03359b80e2b750a19355669041

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30524.exe

Filesize
468KB

MD5
7c3d0af02251b92143d584097b5f631d

SHA1
66be491156e32b399c8cd656875b2b5cd2e755b2

SHA256
a762d106fa21227782e972057d420abe0a9ba7d7c47482d00d641aee92b3cc1a

SHA512
073683e0ed665a51fb67d217fc95b1c4c0364c4150ba5051d83ae510e3f2f40f7bed2311737ba7ae97696697e49f1f503da7ff51fd7c720950be50f7fcb9f3c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3404.exe

Filesize
468KB

MD5
ac1c7130f75789d973ca264379f39a3f

SHA1
1b2ed6e375f6795cb1b3c7f38b2bec5d3f1618a0

SHA256
abf4378b27df7ced9d00ced1a3f67d7048ae3962c7ccdbf4807a7c8e0e40ed61

SHA512
4a5215d48c1515ef6fdd030479711de7b407ea35fa0ecc8bb8d7edc97414c269c6064aaecc627f1b0c4026c95269af6bad4d5a3f2e5db9923ab932bd6f187fad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35667.exe

Filesize
468KB

MD5
4ba2fc5d6ac9e5b2e6d5dd002558dc01

SHA1
361a46dc620959511f6c2a2bfe5dafb4800edc5f

SHA256
c18e061f02e54474497ed8a12704a5a3023ba056269f2211e971173f08245cdb

SHA512
95c960c076abce4a66a7a4e248282d525e0a92046c206904eec1c329323f3c494036cd1dfc7285aa93463d337f2a0ae73898e726cb116e7ddd1f36637ff52ff3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37255.exe

Filesize
468KB

MD5
b624932a1e99e401e774579f8a787501

SHA1
a36d0ee0d70d67d1d170e905594f1fd0e9151e67

SHA256
45b1731e452fe9fa638a6a885c2477fce3129ddfb6e7c374db8cc56bec772987

SHA512
21c55fe965215cd3d8fc82ba38347a475cf253d65f48befc1b3461bf70273ace1c55748c1e24dda5cfcb9515c4c47a8a1720a60916327cfc4113f7d15ae453f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40311.exe

Filesize
468KB

MD5
faba226aa66a2619b9747cc46f7900e2

SHA1
2ed1cb9053db78cd9bf28a494540b418ccd454ae

SHA256
c3c1dbf421f975c6b52a84be4708d0fee099aaf8e825e251b40ad9e4698da0ab

SHA512
f16d60b51bac97c5ea34c422a026a5963ddc2d2b9f63ba2595f1aeafcc77375f1c45904cdb22b93de631489cbd6c2450f756ca1baef59606bcfbe2fa1ef0ce12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe

Filesize
468KB

MD5
90d5e627eb7b94ab75933b42bfd18f02

SHA1
1226d918fb95928be7be245cc267141807f30d47

SHA256
c716067563d34601e066b883fa3ccd2baf6a8a81568405fe97944b20d7df9f09

SHA512
0b502389f3a84af82de1f301e92bf118ee850a6aca312f81481646abfd70f74965163faded7c2ad806873763b3d4e5cfaebed630bfc64aae499458df6b30d8b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41339.exe

Filesize
468KB

MD5
17e5a2d8a09a74bec57ebef09eccbd16

SHA1
c0b34cdd1b78030a1262e005fd49e92eb74e4dd0

SHA256
4f157c2199bf5ac547b5e0c502b45b81e8396cabdd3b6c7ff286e21424ae2cd4

SHA512
f51a8ae1be4a4e8cc498f6db103e7e9b3e4fc45cd8027d6e0821bcfea47386b1eade355c7d5f9937c52afa7e69165ee70e62c0f133504637202da26ded35f425

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42243.exe

Filesize
468KB

MD5
31f22180a659d8612f2037312844c9c4

SHA1
29bda979ebe0913d6df972cff936990809e0e577

SHA256
5753c0832613f3143ec19603248207bebde50eb92554ad16b6df680121a9e739

SHA512
b95f60b73c352712285d9f980875ad03b8cf0e76bbe87d6cbff4eb0ed6979f195a62f164c8bd4c5fd5f63c4194598c14120f1d0a8177fa715d6518a797f5ab9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe

Filesize
468KB

MD5
06141a09c8d54a6555497c8996f96886

SHA1
a35370a341f50919bafa59c396f767a495c68ed2

SHA256
a800b892165d4455a0ccc192955be1391ebb5bb3edbb4c082ad0e9d2367256f1

SHA512
553fc43862738da0de5bd90e521d38fe19e31fbcd033381dcfaf9377bcb0b6f2e64100e84ef7720321ab957b12762f365a816b6f4467c9e1ad3fe59311b9307c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48111.exe

Filesize
468KB

MD5
14289e13f54a41f85f591628b74315c9

SHA1
374e0d7a1147f19773988fe8f640c111c824af4d

SHA256
1f41a6071ef09eb4d049db6b89c628a371caf0b4b4bef214b17b013594a517d0

SHA512
2f14136ac778e813ca1906b4234a900d56bcae340374f6b8dea6601a1a6868c37351ad081e880e484e9a2b3eb83a0207417ab49df1d6d03926bdd9b5baa33f33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49076.exe

Filesize
468KB

MD5
4df785f3dfbdcb16a2e0de07ea5aaef8

SHA1
920cce83f1416d7d4f22fc382af52383d50d85db

SHA256
b3d2e2a477f36e534921fda9d43500e64890434437f0f1cd1c961851eb130a45

SHA512
662c71785ed8d6ed6d581d6280f9613febf9fa885abb69083cb36edda87769c54adf077534dee2c4da5e4e6fe83227735e21226f4043c468da23014be08f6c0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5726.exe

Filesize
468KB

MD5
6c572ef1bba2d5bba1719d37151d25c8

SHA1
9fc89ca16735d150011ad770b9af9fa952dcd85b

SHA256
ca541cc202fe3452fc40ee90ebafdd1d1445d09b29c245ec161ac74f4c3fc873

SHA512
fb88c465f91ac9ed366a470376c4567628841084264e310d249f13d020adddba27fd05e6205b4adece6f1fe5cccd40eb1d83c609526b95d7f4bc2b73a986e317

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57431.exe

Filesize
468KB

MD5
072cee60f33a39008f4f2c7f62947094

SHA1
1e1105f95fc01e9c7c2f03de7e4c74ad67ba6161

SHA256
6417a925037619eb1ee28ae2547c03a346b34c39824f3249fc1fc3d8f8c243ea

SHA512
e12b84f9938970f5f81558c9b45cd65ac1ad09fd1159ab9d7d40a56957643818fe0e707e43a3cad9477f9a3f93bb6ac857080c5028227425431d48d25bb21300

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58025.exe

Filesize
468KB

MD5
31292bbb5543b45a393a31fcd363f39d

SHA1
1b0cb6a51a78eb005cfb4d840cad483bdf21a312

SHA256
2d1a5213ba3f3abb96c97ac2a5e855b1748aa2623b7012455c418503a1314b8d

SHA512
a3b0507dc91deb6651b3e11c49cc769cb95d3bda2f987ef93a2d2ff3ad17c809145666059c65521dccd1360b630dfa1fac5c2f71f5200b4266f053ebc7ec6d3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60659.exe

Filesize
468KB

MD5
2c5a8f7278e81ecfb0e4f808f92accb6

SHA1
7f77e6df65e5f29766dad602ca05e481058b8d41

SHA256
e27dc72f8e8107f6121e2fc0fe3b48eea0d02c27b8bf9768a7fe8908542ecf5a

SHA512
b76f836513543234c92b3ef03aa16b3ae0722a53d5263abbb4f8f2cd1d6b7dbc486af638ec8477c760a0a0fca0073482354404a653a406c73feb2a20df72b365

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62.exe

Filesize
468KB

MD5
500835228c9288108081a739ca30fc40

SHA1
e2a21a3ac5735b3cb9d02a15affe6b72ce2a7d52

SHA256
f62b8f587a6adf813548df5d6c06b79b4428259cb8139c9be62fcea03c073d23

SHA512
bd4bcf6b54820ae97701d22ed12a97944bd617223b2ef28e80df41448a10badb7650f0c94bbfeac45778666072947e436b39c3b397668ea2859ff601c96d72fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62811.exe

Filesize
468KB

MD5
6e589f419eb6b28335eb412255e33846

SHA1
5f7c48e8ed92d21fe564e50f97efef4b506d8986

SHA256
59bd0cbaabb8ea304f493c9d8946bb8baa0df45d7157f2c9a3862323139e26a2

SHA512
746c758ae8aae71da47006d2fadf6eaaa3a01265e4eabae5c4393462814570bbf237c5de55aa9b015294d49279aeacb62d765e2bb4498d89674d12b1aec961bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7701.exe

Filesize
468KB

MD5
2b300a9836bc3b987fc1e6966e75d1ff

SHA1
5f027d289098a626fe4913f5b0b43ec24edc0abb

SHA256
d1adb440aa794c39a2eee45a12df44ebc7f89b33008cc7e5257d4ae4f48c32bf

SHA512
ee7ed90f58c974a9558f4c17f7bf367f5bd0984d7aa5b75233bf7b94d0e3bf69bad4be4694c2746eef522796a600718a476bce3ae0786973f0f4edd4c2427f01

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-856.exe

Filesize
468KB

MD5
795382cb37735caa5df39e66838bf2a7

SHA1
15fe0ab3dc322084c479608892019d916ce63268

SHA256
8d1b1d1dac4e2083de7a39e458a62face3bf4d7a2d576fba34cb30735e1c5a50

SHA512
9e3584f31f45a11c1646e3fb6a11f61705e2529bee2c5dc7612e863817e3994785ab294057e97cf0f6a23ec0646e2e77c6f631111aa99eb2257dfdcf634dda8d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads