d1615b4eab723d5e34eb353077cdc46e5c7b0e86066960cc5c0bc838b62646a0

Analysis

max time kernel
149s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 04:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d1615b4eab723d5e34eb353077cdc46e5c7b0e86066960cc5c0bc838b62646a0.exe
Size

468KB
MD5

9c0f777a6a1bef8f3ce3b9b757408ee0
SHA1

fa7f79788c43d31c343c1cfce43e2c7de4d0b0cd
SHA256

d1615b4eab723d5e34eb353077cdc46e5c7b0e86066960cc5c0bc838b62646a0
SHA512

9a062314ab2d77e0b2e115add0a006eeb90d376d1c585cc2f281b4afce4f6259efeefa2344f090286dde96de8c86cf758456693b5d498feb5249015df1da26f4
SSDEEP

3072:kNonowGNjf8U6bYNfo5jYf5EChSBIpLnmHePFFYnXkMHGaOqNhplW:kNEodkU6ufAjYfO0dEXkMmdqNh

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4604	Unicorn-25882.exe
3396	Unicorn-23651.exe
4888	Unicorn-22560.exe
3628	Unicorn-13705.exe
4968	Unicorn-52993.exe
4996	Unicorn-42979.exe
808	Unicorn-58993.exe
3732	Unicorn-41443.exe
2384	Unicorn-40352.exe
1068	Unicorn-59834.exe
3964	Unicorn-43425.exe
5088	Unicorn-37560.exe
2956	Unicorn-23824.exe
1804	Unicorn-21593.exe
4308	Unicorn-48314.exe
4572	Unicorn-15642.exe
3476	Unicorn-48506.exe
4228	Unicorn-25655.exe
4872	Unicorn-11920.exe
4700	Unicorn-41416.exe
4820	Unicorn-27872.exe
5076	Unicorn-31786.exe
4352	Unicorn-22855.exe
3692	Unicorn-64650.exe
60	Unicorn-28387.exe
1384	Unicorn-37681.exe
3412	Unicorn-32256.exe
3912	Unicorn-12642.exe
2504	Unicorn-25287.exe
2616	Unicorn-48906.exe
2276	Unicorn-14624.exe
4796	Unicorn-34490.exe
2676	Unicorn-62154.exe
3956	Unicorn-25466.exe
1356	Unicorn-21552.exe
1720	Unicorn-8361.exe
3700	Unicorn-7328.exe
4164	Unicorn-11049.exe
1324	Unicorn-26810.exe
1056	Unicorn-26810.exe
1756	Unicorn-26810.exe
8	Unicorn-7385.exe
1168	Unicorn-10665.exe
2444	Unicorn-53322.exe
3916	Unicorn-7650.exe
3156	Unicorn-23411.exe
4824	Unicorn-52776.exe
1860	Unicorn-52776.exe
5112	Unicorn-49976.exe
3216	Unicorn-33440.exe
2912	Unicorn-58641.exe
1904	Unicorn-39040.exe
4992	Unicorn-25331.exe
4124	Unicorn-44417.exe
2416	Unicorn-10338.exe
3960	Unicorn-42112.exe
972	Unicorn-61978.exe
5036	Unicorn-9689.exe
2732	Unicorn-51322.exe
3424	Unicorn-34144.exe
2824	Unicorn-4425.exe
4332	Unicorn-64024.exe
1604	Unicorn-4617.exe
396	Unicorn-33376.exe

Program crash 5 IoCs

pid	pid_target	Process	procid_target
6248	4892	WerFault.exe	165
1484	6812	WerFault.exe	268
1352	8932	WerFault.exe	373
2220	15120	WerFault.exe	724
5764	12392	WerFault.exe	703

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56589.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46667.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58641.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38141.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47344.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15260.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32381.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17008.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52733.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3720.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1434.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1299.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45040.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40091.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60896.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64461.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28886.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12521.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64461.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13705.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54653.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2271.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48471.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56154.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48074.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11907.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51322.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60751.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23578.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19363.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38870.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41530.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15884	dwm.exe
Token: SeChangeNotifyPrivilege	15884	dwm.exe
Token: 33	15884	dwm.exe
Token: SeIncBasePriorityPrivilege	15884	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4752	d1615b4eab723d5e34eb353077cdc46e5c7b0e86066960cc5c0bc838b62646a0.exe
4604	Unicorn-25882.exe
4888	Unicorn-22560.exe
3396	Unicorn-23651.exe
3628	Unicorn-13705.exe
4996	Unicorn-42979.exe
4968	Unicorn-52993.exe
808	Unicorn-58993.exe
3732	Unicorn-41443.exe
2384	Unicorn-40352.exe
1068	Unicorn-59834.exe
2956	Unicorn-23824.exe
3964	Unicorn-43425.exe
5088	Unicorn-37560.exe
1804	Unicorn-21593.exe
4308	Unicorn-48314.exe
4572	Unicorn-15642.exe
3476	Unicorn-48506.exe
4228	Unicorn-25655.exe
60	Unicorn-28387.exe
4872	Unicorn-11920.exe
1384	Unicorn-37681.exe
3692	Unicorn-64650.exe
4700	Unicorn-41416.exe
4820	Unicorn-27872.exe
4352	Unicorn-22855.exe
3412	Unicorn-32256.exe
3912	Unicorn-12642.exe
2504	Unicorn-25287.exe
2616	Unicorn-48906.exe
4796	Unicorn-34490.exe
2276	Unicorn-14624.exe
2676	Unicorn-62154.exe
3956	Unicorn-25466.exe
1356	Unicorn-21552.exe
1720	Unicorn-8361.exe
1056	Unicorn-26810.exe
3700	Unicorn-7328.exe
764	Unicorn-40707.exe
4164	Unicorn-11049.exe
1324	Unicorn-26810.exe
1756	Unicorn-26810.exe
2912	Unicorn-58641.exe
4824	Unicorn-52776.exe
1860	Unicorn-52776.exe
8	Unicorn-7385.exe
5112	Unicorn-49976.exe
3156	Unicorn-23411.exe
1904	Unicorn-39040.exe
1168	Unicorn-10665.exe
2444	Unicorn-53322.exe
3916	Unicorn-7650.exe
4992	Unicorn-25331.exe
3216	Unicorn-33440.exe
4124	Unicorn-44417.exe
972	Unicorn-61978.exe
5036	Unicorn-9689.exe
3960	Unicorn-42112.exe
2416	Unicorn-10338.exe
396	Unicorn-33376.exe
1604	Unicorn-4617.exe
2824	Unicorn-4425.exe
768	Unicorn-49416.exe
2732	Unicorn-51322.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4752 wrote to memory of 4604	4752	d1615b4eab723d5e34eb353077cdc46e5c7b0e86066960cc5c0bc838b62646a0.exe	89
PID 4752 wrote to memory of 4604	4752	d1615b4eab723d5e34eb353077cdc46e5c7b0e86066960cc5c0bc838b62646a0.exe	89
PID 4752 wrote to memory of 4604	4752	d1615b4eab723d5e34eb353077cdc46e5c7b0e86066960cc5c0bc838b62646a0.exe	89
PID 4604 wrote to memory of 3396	4604	Unicorn-25882.exe	92
PID 4604 wrote to memory of 3396	4604	Unicorn-25882.exe	92
PID 4604 wrote to memory of 3396	4604	Unicorn-25882.exe	92
PID 4752 wrote to memory of 4888	4752	d1615b4eab723d5e34eb353077cdc46e5c7b0e86066960cc5c0bc838b62646a0.exe	93
PID 4752 wrote to memory of 4888	4752	d1615b4eab723d5e34eb353077cdc46e5c7b0e86066960cc5c0bc838b62646a0.exe	93
PID 4752 wrote to memory of 4888	4752	d1615b4eab723d5e34eb353077cdc46e5c7b0e86066960cc5c0bc838b62646a0.exe	93
PID 4888 wrote to memory of 3628	4888	Unicorn-22560.exe	95
PID 4888 wrote to memory of 3628	4888	Unicorn-22560.exe	95
PID 4888 wrote to memory of 3628	4888	Unicorn-22560.exe	95
PID 4752 wrote to memory of 4968	4752	d1615b4eab723d5e34eb353077cdc46e5c7b0e86066960cc5c0bc838b62646a0.exe	96
PID 4752 wrote to memory of 4968	4752	d1615b4eab723d5e34eb353077cdc46e5c7b0e86066960cc5c0bc838b62646a0.exe	96
PID 4752 wrote to memory of 4968	4752	d1615b4eab723d5e34eb353077cdc46e5c7b0e86066960cc5c0bc838b62646a0.exe	96
PID 4604 wrote to memory of 808	4604	Unicorn-25882.exe	97
PID 4604 wrote to memory of 808	4604	Unicorn-25882.exe	97
PID 4604 wrote to memory of 808	4604	Unicorn-25882.exe	97
PID 3396 wrote to memory of 4996	3396	Unicorn-23651.exe	98
PID 3396 wrote to memory of 4996	3396	Unicorn-23651.exe	98
PID 3396 wrote to memory of 4996	3396	Unicorn-23651.exe	98
PID 3628 wrote to memory of 3732	3628	Unicorn-13705.exe	101
PID 3628 wrote to memory of 3732	3628	Unicorn-13705.exe	101
PID 3628 wrote to memory of 3732	3628	Unicorn-13705.exe	101
PID 4888 wrote to memory of 2384	4888	Unicorn-22560.exe	102
PID 4888 wrote to memory of 2384	4888	Unicorn-22560.exe	102
PID 4888 wrote to memory of 2384	4888	Unicorn-22560.exe	102
PID 4968 wrote to memory of 1068	4968	Unicorn-52993.exe	103
PID 4968 wrote to memory of 1068	4968	Unicorn-52993.exe	103
PID 4968 wrote to memory of 1068	4968	Unicorn-52993.exe	103
PID 4752 wrote to memory of 3964	4752	d1615b4eab723d5e34eb353077cdc46e5c7b0e86066960cc5c0bc838b62646a0.exe	104
PID 4752 wrote to memory of 3964	4752	d1615b4eab723d5e34eb353077cdc46e5c7b0e86066960cc5c0bc838b62646a0.exe	104
PID 4752 wrote to memory of 3964	4752	d1615b4eab723d5e34eb353077cdc46e5c7b0e86066960cc5c0bc838b62646a0.exe	104
PID 4604 wrote to memory of 5088	4604	Unicorn-25882.exe	105
PID 4604 wrote to memory of 5088	4604	Unicorn-25882.exe	105
PID 4604 wrote to memory of 5088	4604	Unicorn-25882.exe	105
PID 3396 wrote to memory of 2956	3396	Unicorn-23651.exe	106
PID 3396 wrote to memory of 2956	3396	Unicorn-23651.exe	106
PID 3396 wrote to memory of 2956	3396	Unicorn-23651.exe	106
PID 808 wrote to memory of 1804	808	Unicorn-58993.exe	107
PID 808 wrote to memory of 1804	808	Unicorn-58993.exe	107
PID 808 wrote to memory of 1804	808	Unicorn-58993.exe	107
PID 3732 wrote to memory of 4308	3732	Unicorn-41443.exe	108
PID 3732 wrote to memory of 4308	3732	Unicorn-41443.exe	108
PID 3732 wrote to memory of 4308	3732	Unicorn-41443.exe	108
PID 2384 wrote to memory of 4572	2384	Unicorn-40352.exe	109
PID 2384 wrote to memory of 4572	2384	Unicorn-40352.exe	109
PID 2384 wrote to memory of 4572	2384	Unicorn-40352.exe	109
PID 3964 wrote to memory of 3476	3964	Unicorn-43425.exe	110
PID 3964 wrote to memory of 3476	3964	Unicorn-43425.exe	110
PID 3964 wrote to memory of 3476	3964	Unicorn-43425.exe	110
PID 4888 wrote to memory of 4228	4888	Unicorn-22560.exe	111
PID 4888 wrote to memory of 4228	4888	Unicorn-22560.exe	111
PID 4888 wrote to memory of 4228	4888	Unicorn-22560.exe	111
PID 2956 wrote to memory of 5076	2956	Unicorn-23824.exe	112
PID 2956 wrote to memory of 5076	2956	Unicorn-23824.exe	112
PID 2956 wrote to memory of 5076	2956	Unicorn-23824.exe	112
PID 4752 wrote to memory of 4352	4752	d1615b4eab723d5e34eb353077cdc46e5c7b0e86066960cc5c0bc838b62646a0.exe	113
PID 4752 wrote to memory of 4352	4752	d1615b4eab723d5e34eb353077cdc46e5c7b0e86066960cc5c0bc838b62646a0.exe	113
PID 4752 wrote to memory of 4352	4752	d1615b4eab723d5e34eb353077cdc46e5c7b0e86066960cc5c0bc838b62646a0.exe	113
PID 3628 wrote to memory of 4872	3628	Unicorn-13705.exe	114
PID 3628 wrote to memory of 4872	3628	Unicorn-13705.exe	114
PID 3628 wrote to memory of 4872	3628	Unicorn-13705.exe	114
PID 1068 wrote to memory of 3692	1068	Unicorn-59834.exe	115

C:\Users\Admin\AppData\Local\Temp\d1615b4eab723d5e34eb353077cdc46e5c7b0e86066960cc5c0bc838b62646a0.exe
"C:\Users\Admin\AppData\Local\Temp\d1615b4eab723d5e34eb353077cdc46e5c7b0e86066960cc5c0bc838b62646a0.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4752
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23651.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23651.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42979.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27690.exe
        7⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62947.exe
        8⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38317.exe
        9⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:13048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        9⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53236.exe
        8⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48580.exe
        8⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10591.exe
        8⤵
        
        PID:15692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53082.exe
        7⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17760.exe
        8⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
        8⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53252.exe
        8⤵
        
        PID:15188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61576.exe
        8⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59374.exe
        7⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37236.exe
        7⤵
        
        PID:13016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60306.exe
        7⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7944.exe
        7⤵
        
        PID:15512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8224.exe
        6⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        7⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9763.exe
        7⤵
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60751.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12653.exe
        6⤵
        
        PID:7684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-899.exe
        6⤵
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58299.exe
        6⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53880.exe
        6⤵
        
        PID:15008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44417.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38899.exe
        6⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41546.exe
        7⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20720.exe
        8⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25315.exe
        8⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17389.exe
        8⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21923.exe
        8⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34026.exe
        8⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32675.exe
        7⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48580.exe
        7⤵
        
        PID:12560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        7⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        6⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
        7⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
        7⤵
        
        PID:12964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64641.exe
        7⤵
        
        PID:15800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12307.exe
        6⤵
        
        PID:10536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65099.exe
        6⤵
        
        PID:13780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
        6⤵
        
        PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2631.exe
        5⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2655.exe
        6⤵
        
        PID:9004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        6⤵
        
        PID:13916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        6⤵
        
        PID:7372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1299.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8124.exe
        5⤵
        
        PID:11220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        5⤵
        
        PID:12784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56665.exe
        5⤵
        
        PID:7796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23824.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31786.exe
        5⤵
        Executes dropped EXE
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17690.exe
        7⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28915.exe
        8⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14995.exe
        9⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26100.exe
        9⤵
        
        PID:14204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6829.exe
        9⤵
        
        PID:15956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-371.exe
        8⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53344.exe
        9⤵
        
        PID:12972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31008.exe
        9⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38283.exe
        8⤵
        
        PID:11700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36143.exe
        8⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10928.exe
        7⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14995.exe
        8⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42436.exe
        8⤵
        
        PID:14112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13279.exe
        8⤵
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7962.exe
        7⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44916.exe
        7⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26159.exe
        7⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21721.exe
        6⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37491.exe
        7⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49902.exe
        7⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11551.exe
        7⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41387.exe
        6⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        7⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63086.exe
        7⤵
        
        PID:15300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24848.exe
        7⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22980.exe
        6⤵
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42523.exe
        6⤵
        
        PID:12392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12392 -s 488
        7⤵
        Program crash
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
        6⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53322.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50938.exe
        6⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28147.exe
        7⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54653.exe
        8⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60391.exe
        8⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        8⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24979.exe
        7⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45709.exe
        8⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6643.exe
        8⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51000.exe
        8⤵
        
        PID:16668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54811.exe
        7⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-74.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-74.exe
        7⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38672.exe
        7⤵
        
        PID:15052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12545.exe
        7⤵
        
        PID:11400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58842.exe
        6⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18416.exe
        7⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        7⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38029.exe
        7⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45216.exe
        7⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13928.exe
        7⤵
        
        PID:10608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1434.exe
        6⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39915.exe
        6⤵
        
        PID:12420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42320.exe
        6⤵
        
        PID:15552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10807.exe
        5⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21581.exe
        6⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38461.exe
        7⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34026.exe
        7⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1792.exe
        7⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
        6⤵
        
        PID:11812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10259.exe
        6⤵
        
        PID:1352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
        6⤵
        
        PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
        5⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18093.exe
        6⤵
        
        PID:13904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6835.exe
        6⤵
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exe
        6⤵
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1917.exe
        5⤵
        
        PID:10812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27331.exe
        5⤵
        
        PID:14548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        5⤵
        
        PID:14068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41416.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30435.exe
        6⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21754.exe
        7⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
        8⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8932 -s 536
        9⤵
        Program crash
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41651.exe
        8⤵
        
        PID:12456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44587.exe
        8⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30586.exe
        8⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35643.exe
        7⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39915.exe
        7⤵
        
        PID:12436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10224.exe
        7⤵
        
        PID:15332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12464.exe
        6⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14995.exe
        7⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26100.exe
        7⤵
        
        PID:14192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        7⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41227.exe
        6⤵
        
        PID:9676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13587.exe
        6⤵
        
        PID:12424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
        6⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15431.exe
        5⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22173.exe
        6⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        6⤵
        
        PID:13792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59215.exe
        6⤵
        
        PID:7132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46875.exe
        5⤵
        
        PID:9220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19715.exe
        5⤵
        
        PID:11692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41744.exe
        5⤵
        
        PID:7340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58641.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23850.exe
        5⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31546.exe
        6⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5836.exe
        7⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57598.exe
        7⤵
        
        PID:13172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57674.exe
        7⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        6⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40692.exe
        6⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40232.exe
        6⤵
        
        PID:16324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61857.exe
        5⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63584.exe
        6⤵
        
        PID:9052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18019.exe
        6⤵
        
        PID:12892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        6⤵
        
        PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1434.exe
        5⤵
        
        PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54798.exe
        5⤵
        
        PID:13284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30808.exe
        5⤵
        
        PID:13868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11847.exe
      4⤵
      PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
        5⤵
        
        PID:9468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        5⤵
        
        PID:14076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        5⤵
        
        PID:6444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63079.exe
      4⤵
      PID:7700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53485.exe
      4⤵
      PID:11056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53893.exe
      4⤵
      PID:14984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48465.exe
      4⤵
      PID:8468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58993.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12642.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10338.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23523.exe
        7⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56154.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43517.exe
        9⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36867.exe
        9⤵
        
        PID:13948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21923.exe
        9⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63681.exe
        9⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
        8⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41268.exe
        8⤵
        
        PID:13244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5448.exe
        8⤵
        
        PID:15584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57633.exe
        7⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50045.exe
        8⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17635.exe
        8⤵
        
        PID:13036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        8⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        7⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47803.exe
        7⤵
        
        PID:13984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        7⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22744.exe
        7⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        6⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        7⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9763.exe
        7⤵
        
        PID:14124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45216.exe
        7⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13279.exe
        7⤵
        
        PID:15540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43323.exe
        6⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21267.exe
        6⤵
        
        PID:11268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1677.exe
        6⤵
        
        PID:13812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26159.exe
        6⤵
        
        PID:15120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42112.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43450.exe
        6⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36397.exe
        7⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        7⤵
        
        PID:13848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        7⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51876.exe
        6⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        7⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63086.exe
        7⤵
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe
        7⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45040.exe
        7⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48827.exe
        6⤵
        
        PID:10516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51188.exe
        6⤵
        
        PID:13264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21959.exe
        5⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        6⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
        6⤵
        
        PID:13024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-601.exe
        6⤵
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18518.exe
        5⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58347.exe
        5⤵
        
        PID:11852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9611.exe
        5⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17273.exe
        5⤵
        
        PID:16344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61978.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59018.exe
        6⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        7⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
        7⤵
        
        PID:12936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        7⤵
        
        PID:14300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27651.exe
        6⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11247.exe
        7⤵
        
        PID:12224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48312.exe
        7⤵
        
        PID:15700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56628.exe
        6⤵
        
        PID:11304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1677.exe
        6⤵
        
        PID:15248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30717.exe
        6⤵
        
        PID:14956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59215.exe
        6⤵
        
        PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
        5⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        6⤵
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9763.exe
        6⤵
        
        PID:14144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44607.exe
        6⤵
        
        PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17754.exe
        5⤵
        
        PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13379.exe
        5⤵
        
        PID:10876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60203.exe
        5⤵
        
        PID:15008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7944.exe
        5⤵
        
        PID:8108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9689.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50378.exe
        5⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55267.exe
        6⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53885.exe
        7⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        7⤵
        
        PID:13864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        7⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11923.exe
        6⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5660.exe
        7⤵
        
        PID:13852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe
        7⤵
        
        PID:16360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48667.exe
        6⤵
        
        PID:12792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        6⤵
        
        PID:6180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10544.exe
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
        6⤵
        
        PID:8616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        6⤵
        
        PID:13836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        6⤵
        
        PID:15352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12586.exe
        5⤵
        
        PID:9500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55684.exe
        5⤵
        
        PID:13192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53291.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61876.exe
        5⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62106.exe
        5⤵
        
        PID:7320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19159.exe
      4⤵
      PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19277.exe
        5⤵
        
        PID:8000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29923.exe
        5⤵
        
        PID:12124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61099.exe
        5⤵
        
        PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38435.exe
        5⤵
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
      4⤵
      PID:7716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9676.exe
      4⤵
      PID:11912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39275.exe
      4⤵
      PID:9292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38465.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28387.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:60
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8361.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47482.exe
        6⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24307.exe
        7⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        8⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26100.exe
        8⤵
        
        PID:14224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
        8⤵
        
        PID:15432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11907.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15402.exe
        7⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40555.exe
        7⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
        7⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36864.exe
        6⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34160.exe
        7⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29731.exe
        7⤵
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61099.exe
        7⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41914.exe
        7⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7194.exe
        6⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32589.exe
        7⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60676.exe
        6⤵
        
        PID:10464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40555.exe
        6⤵
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47601.exe
        5⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6569.exe
        6⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14995.exe
        7⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26100.exe
        7⤵
        
        PID:14180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13996.exe
        7⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59791.exe
        7⤵
        
        PID:15712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42851.exe
        6⤵
        
        PID:8304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5034.exe
        6⤵
        
        PID:12004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        6⤵
        
        PID:15676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62904.exe
        5⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16413.exe
        6⤵
        
        PID:8652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19363.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34810.exe
        6⤵
        
        PID:15560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48052.exe
        5⤵
        
        PID:9988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61627.exe
        5⤵
        
        PID:12912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44851.exe
        5⤵
        
        PID:3512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7328.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47098.exe
        5⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48650.exe
        6⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21789.exe
        7⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44356.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42879.exe
        7⤵
        
        PID:6464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5462.exe
        6⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54811.exe
        6⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3430.exe
        6⤵
        
        PID:15112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36143.exe
        6⤵
        
        PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61857.exe
        5⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54653.exe
        6⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4508.exe
        7⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50641.exe
        7⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
        6⤵
        
        PID:12884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        6⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
        6⤵
        
        PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1434.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23578.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        5⤵
        
        PID:7040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17008.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        5⤵
        
        PID:14028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        5⤵
        
        PID:7848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
      4⤵
      PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32701.exe
        5⤵
        
        PID:13644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44875.exe
      4⤵
      PID:11244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25987.exe
      4⤵
      PID:13292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10800.exe
      4⤵
      PID:1124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37681.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37681.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10665.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22371.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28915.exe
        6⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54653.exe
        7⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26186.exe
        7⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        7⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-371.exe
        6⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54811.exe
        6⤵
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        6⤵
        
        PID:15664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11504.exe
        5⤵
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6879.exe
        6⤵
        
        PID:9652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
        6⤵
        
        PID:12408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        6⤵
        
        PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63515.exe
        5⤵
        
        PID:8960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55182.exe
        5⤵
        
        PID:13344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20342.exe
        5⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58002.exe
        5⤵
        
        PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21976.exe
        5⤵
        
        PID:6980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59594.exe
      4⤵
      PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39166.exe
        5⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17520.exe
        6⤵
        
        PID:13168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
        6⤵
        
        PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52772.exe
        5⤵
        
        PID:10988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34730.exe
        5⤵
        
        PID:12752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        5⤵
        
        PID:6228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29847.exe
      4⤵
      PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15260.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59902.exe
        5⤵
        
        PID:13760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15209.exe
        5⤵
        
        PID:6716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48052.exe
      4⤵
      PID:10016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61627.exe
      4⤵
      PID:12920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9840.exe
      4⤵
      PID:15656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49976.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36595.exe
      4⤵
      PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39166.exe
        5⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7564.exe
        6⤵
        
        PID:9000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        6⤵
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        6⤵
        
        PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        5⤵
        
        PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36733.exe
        5⤵
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18864.exe
        5⤵
        
        PID:5904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37630.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17760.exe
        5⤵
        
        PID:10796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57236.exe
        5⤵
        
        PID:11964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63873.exe
        5⤵
        
        PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1459.exe
      4⤵
      PID:10748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64715.exe
      4⤵
      PID:13824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9180.exe
      4⤵
      PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58002.exe
      4⤵
      PID:13936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29688.exe
      4⤵
      PID:596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60465.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60465.exe
    3⤵
    PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3039.exe
      4⤵
      PID:8764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
      4⤵
      PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
      4⤵
      PID:1352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29984.exe
    3⤵
    PID:7744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64819.exe
    3⤵
    PID:11084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48558.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48558.exe
    3⤵
    PID:14972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60025.exe
    3⤵
    PID:14040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13705.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13705.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41443.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48314.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48906.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51322.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54986.exe
        8⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38701.exe
        9⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26378.exe
        9⤵
        
        PID:13032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45567.exe
        9⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61383.exe
        8⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6556.exe
        9⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
        9⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        8⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
        8⤵
        
        PID:14592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        8⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36864.exe
        7⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14995.exe
        8⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26100.exe
        8⤵
        
        PID:14188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
        8⤵
        
        PID:15444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63323.exe
        7⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54798.exe
        7⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34144.exe
        6⤵
        Executes dropped EXE
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31987.exe
        7⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        8⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10540.exe
        9⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47544.exe
        9⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9763.exe
        8⤵
        
        PID:14164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13996.exe
        8⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        8⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
        7⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
        7⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56062.exe
        7⤵
        
        PID:14380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18864.exe
        7⤵
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23495.exe
        6⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
        7⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        7⤵
        
        PID:14004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59215.exe
        7⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37268.exe
        6⤵
        
        PID:7904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58155.exe
        6⤵
        
        PID:11924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        6⤵
        
        PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14624.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4425.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
        7⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13554.exe
        8⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52183.exe
        9⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49902.exe
        9⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        9⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        8⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63463.exe
        8⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2662.exe
        8⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20383.exe
        8⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37630.exe
        7⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43133.exe
        8⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47627.exe
        8⤵
        
        PID:15268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54971.exe
        8⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31008.exe
        8⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1459.exe
        7⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64715.exe
        7⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
        7⤵
        
        PID:8056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33968.exe
        6⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        7⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53099.exe
        7⤵
        
        PID:15204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31869.exe
        7⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3471.exe
        7⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19565.exe
        6⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16259.exe
        6⤵
        
        PID:11256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2061.exe
        6⤵
        
        PID:15120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15120 -s 464
        7⤵
        Program crash
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30717.exe
        6⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35588.exe
        6⤵
        
        PID:6264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64024.exe
        5⤵
        Executes dropped EXE
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1177.exe
        6⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34634.exe
        7⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        8⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42331.exe
        8⤵
        
        PID:12788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        8⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62529.exe
        8⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45172.exe
        7⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        7⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        7⤵
        
        PID:15364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37630.exe
        6⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60896.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36867.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30624.exe
        7⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1459.exe
        6⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64715.exe
        6⤵
        
        PID:13804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57810.exe
        6⤵
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
        6⤵
        
        PID:12100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        5⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        6⤵
        
        PID:8940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        6⤵
        
        PID:14252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26159.exe
        6⤵
        
        PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28602.exe
        5⤵
        
        PID:7924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24131.exe
        5⤵
        
        PID:12180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5600.exe
        5⤵
        
        PID:3812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11920.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7321.exe
        6⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63258.exe
        7⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        8⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60391.exe
        8⤵
        
        PID:13468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36877.exe
        8⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        8⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
        7⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44427.exe
        7⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52728.exe
        7⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61281.exe
        6⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        7⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51931.exe
        7⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52671.exe
        7⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63515.exe
        6⤵
        
        PID:9024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61252.exe
        6⤵
        
        PID:11968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        6⤵
        
        PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31088.exe
        5⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        6⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        6⤵
        
        PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
        5⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43517.exe
        6⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41972.exe
        6⤵
        
        PID:15276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe
        6⤵
        
        PID:8932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10582.exe
        5⤵
        
        PID:10604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63467.exe
        5⤵
        
        PID:14432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45956.exe
        5⤵
        
        PID:15012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52776.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
        5⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3340.exe
        6⤵
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41651.exe
        6⤵
        
        PID:12336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24464.exe
        6⤵
        
        PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58612.exe
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52011.exe
        5⤵
        
        PID:8020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
        5⤵
        
        PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41744.exe
        5⤵
        
        PID:6824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50689.exe
      4⤵
      PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        5⤵
        
        PID:8952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41651.exe
        5⤵
        
        PID:12328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1930.exe
        5⤵
        
        PID:220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55364.exe
        5⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13520.exe
        5⤵
        
        PID:6648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31674.exe
      4⤵
      PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
        5⤵
        
        PID:13568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40091.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4704.exe
        5⤵
        
        PID:3252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37571.exe
      4⤵
      PID:10832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25565.exe
      4⤵
      PID:14516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46297.exe
      4⤵
      PID:5316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40352.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4617.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
        7⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9660.exe
        8⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47412.exe
        8⤵
        
        PID:11840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
        8⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31055.exe
        8⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46484.exe
        7⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14220.exe
        8⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16403.exe
        8⤵
        
        PID:14924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34026.exe
        8⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1792.exe
        8⤵
        
        PID:13448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-778.exe
        7⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50804.exe
        7⤵
        
        PID:12704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43126.exe
        7⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37508.exe
        7⤵
        
        PID:1304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3673.exe
        6⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9763.exe
        7⤵
        
        PID:14136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        7⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25642.exe
        6⤵
        
        PID:7172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34340.exe
        6⤵
        
        PID:12080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58002.exe
        6⤵
        
        PID:1468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53688.exe
        6⤵
        
        PID:15792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33376.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
        6⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19469.exe
        7⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46151.exe
        7⤵
        
        PID:11952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
        7⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59599.exe
        7⤵
        
        PID:15376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13910.exe
        6⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27706.exe
        6⤵
        
        PID:12008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10259.exe
        6⤵
        
        PID:15112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
        6⤵
        
        PID:7620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54897.exe
        5⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52141.exe
        6⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46644.exe
        6⤵
        
        PID:12144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61099.exe
        6⤵
        
        PID:224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41914.exe
        6⤵
        
        PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3843.exe
        5⤵
        
        PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36250.exe
        5⤵
        
        PID:8852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45117.exe
        5⤵
        
        PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4488.exe
        5⤵
        
        PID:15608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62154.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55354.exe
        5⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44618.exe
        6⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
        7⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        7⤵
        
        PID:13872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        7⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
        6⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51424.exe
        7⤵
        
        PID:12660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19418.exe
        7⤵
        
        PID:13996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30196.exe
        7⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23274.exe
        7⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61147.exe
        6⤵
        
        PID:11892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10259.exe
        6⤵
        
        PID:13652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46990.exe
        6⤵
        
        PID:3180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24464.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
        5⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3324.exe
        6⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41499.exe
        6⤵
        
        PID:456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46891.exe
        6⤵
        
        PID:4548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31222.exe
        6⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25.exe
        6⤵
        
        PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63515.exe
        5⤵
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3744.exe
        6⤵
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3011.exe
        5⤵
        
        PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        5⤵
        
        PID:6948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49416.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27306.exe
        5⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14995.exe
        6⤵
        
        PID:9936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26100.exe
        6⤵
        
        PID:14212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45216.exe
        6⤵
        
        PID:116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11551.exe
        6⤵
        
        PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19203.exe
        5⤵
        
        PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51188.exe
        5⤵
        
        PID:11720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59215.exe
        5⤵
        
        PID:7272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
      4⤵
      PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21104.exe
        5⤵
        
        PID:8332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
        5⤵
        
        PID:12904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38435.exe
        5⤵
        
        PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
        5⤵
        
        PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29571.exe
      4⤵
      PID:9104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
      4⤵
      PID:4932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14008.exe
      4⤵
      PID:3736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25655.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25655.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11049.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64778.exe
        5⤵
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5033.exe
        6⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-636.exe
        7⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51261.exe
        8⤵
        
        PID:14088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47544.exe
        8⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49140.exe
        7⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61099.exe
        7⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
        7⤵
        
        PID:13932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41315.exe
        6⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54811.exe
        6⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
        6⤵
        
        PID:8260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63393.exe
        5⤵
        
        PID:6812
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 632
        6⤵
        Program crash
        
        PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9130.exe
        5⤵
        
        PID:10132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54532.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
        5⤵
        
        PID:7868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
      4⤵
      PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        5⤵
        
        PID:13800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59215.exe
        5⤵
        
        PID:7380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41387.exe
      4⤵
      PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4719.exe
        5⤵
        
        PID:12724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36227.exe
        5⤵
        
        PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54203.exe
        5⤵
        
        PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56710.exe
        5⤵
        
        PID:14248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53540.exe
      4⤵
      PID:11236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6195.exe
      4⤵
      PID:12688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10338.exe
      4⤵
      PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20824.exe
      4⤵
      PID:3372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7385.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:8
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22371.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
        5⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        6⤵
        
        PID:9072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25315.exe
        6⤵
        
        PID:11764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5478.exe
        6⤵
        
        PID:1348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-202.exe
        6⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        6⤵
        
        PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59380.exe
        5⤵
        
        PID:8324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55181.exe
        6⤵
        
        PID:12768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20378.exe
        6⤵
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34218.exe
        6⤵
        
        PID:456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        6⤵
        
        PID:16308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54811.exe
        5⤵
        
        PID:7896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        5⤵
        
        PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46154.exe
      4⤵
      PID:6928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16413.exe
        5⤵
        
        PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19363.exe
        5⤵
        
        PID:13152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15209.exe
        5⤵
        
        PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe
      4⤵
      PID:10000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4755.exe
      4⤵
      PID:12836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60306.exe
      4⤵
      PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38287.exe
      4⤵
      PID:2296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
    3⤵
    PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
      4⤵
      PID:8820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61076.exe
      4⤵
      PID:13768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
      4⤵
      PID:8080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
    3⤵
    PID:7180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
      4⤵
      PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14691.exe
      4⤵
      PID:1348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38141.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45040.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30112.exe
    3⤵
    PID:3440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21522.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21522.exe
    3⤵
    PID:12280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11952.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11952.exe
    3⤵
    PID:6248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52993.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52993.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64650.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23411.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59210.exe
        6⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
        7⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
        7⤵
        
        PID:12928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38435.exe
        7⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49610.exe
        7⤵
        
        PID:8244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26582.exe
        6⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2876.exe
        7⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31587.exe
        7⤵
        
        PID:12576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47344.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5123.exe
        6⤵
        
        PID:11288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1677.exe
        6⤵
        
        PID:13736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30717.exe
        6⤵
        
        PID:8932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        6⤵
        
        PID:12392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        5⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3532.exe
        6⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
        6⤵
        
        PID:12496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44607.exe
        6⤵
        
        PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20634.exe
        5⤵
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28205.exe
        6⤵
        
        PID:15156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16259.exe
        5⤵
        
        PID:11444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39643.exe
        5⤵
        
        PID:15284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34052.exe
        5⤵
        
        PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39040.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38899.exe
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36848.exe
        6⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe
        7⤵
        
        PID:12368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56589.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
        6⤵
        
        PID:11804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35240.exe
        6⤵
        
        PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27651.exe
        5⤵
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43517.exe
        6⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36867.exe
        6⤵
        
        PID:13956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1162.exe
        6⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31776.exe
        6⤵
        
        PID:15808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47675.exe
        5⤵
        
        PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51188.exe
        5⤵
        
        PID:12544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        5⤵
        
        PID:7864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17408.exe
      4⤵
      PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        5⤵
        
        PID:8968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41651.exe
        5⤵
        
        PID:12344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41499.exe
        5⤵
        
        PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
        5⤵
        
        PID:7836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31508.exe
      4⤵
      PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52192.exe
        5⤵
        
        PID:12564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
        5⤵
        
        PID:7284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12602.exe
      4⤵
      PID:10252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50679.exe
      4⤵
      PID:14916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9186.exe
      4⤵
      PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20824.exe
      4⤵
      PID:1960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27872.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27872.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29226.exe
        5⤵
        
        PID:4892
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 724
        6⤵
        Program crash
        
        PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9760.exe
        5⤵
        
        PID:6348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36848.exe
        6⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55181.exe
        7⤵
        
        PID:12760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19418.exe
        7⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63681.exe
        7⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56519.exe
        6⤵
        
        PID:10984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46667.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
        6⤵
        
        PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31402.exe
        5⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63840.exe
        6⤵
        
        PID:6924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1171.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1283.exe
        5⤵
        
        PID:12024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28480.exe
        5⤵
        
        PID:15520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16345.exe
      4⤵
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64810.exe
        5⤵
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49853.exe
        6⤵
        
        PID:9436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17635.exe
        6⤵
        
        PID:13128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25284.exe
        6⤵
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15209.exe
        6⤵
        
        PID:7280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50631.exe
        5⤵
        
        PID:7952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32244.exe
        5⤵
        
        PID:12500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe
        5⤵
        
        PID:5952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52593.exe
      4⤵
      PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6879.exe
        5⤵
        
        PID:9728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60640.exe
        6⤵
        
        PID:11216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17389.exe
        6⤵
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47344.exe
        6⤵
        
        PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48471.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        5⤵
        
        PID:1840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65239.exe
      4⤵
      PID:8784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28570.exe
      4⤵
      PID:13008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14946.exe
      4⤵
      PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62476.exe
      4⤵
      PID:6024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52776.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38899.exe
      4⤵
      PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30221.exe
        5⤵
        
        PID:1252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57056.exe
        6⤵
        
        PID:10296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        6⤵
        
        PID:13672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24464.exe
        6⤵
        
        PID:7312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48548.exe
        5⤵
        
        PID:11036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37531.exe
        5⤵
        
        PID:12740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        5⤵
        
        PID:6908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        5⤵
        
        PID:10324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        5⤵
        
        PID:13600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64065.exe
        5⤵
        
        PID:9292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32381.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51188.exe
      4⤵
      PID:13360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
      4⤵
      PID:11932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23274.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23274.exe
    3⤵
    PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17248.exe
      4⤵
      PID:7208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2902.exe
      4⤵
      PID:11332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57243.exe
      4⤵
      PID:552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44686.exe
      4⤵
      PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24464.exe
      4⤵
      PID:3676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22842.exe
    3⤵
    PID:7200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61604.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61604.exe
    3⤵
    PID:4596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
    3⤵
    PID:15124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52475.exe
    3⤵
    PID:5952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58081.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58081.exe
    3⤵
    PID:6580
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43425.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43425.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48506.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48506.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25466.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57082.exe
        5⤵
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
        6⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13554.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56957.exe
        8⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48471.exe
        8⤵
        
        PID:12612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15562.exe
        8⤵
        
        PID:13448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2890.exe
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe
        8⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49479.exe
        7⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39051.exe
        7⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        6⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50692.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19418.exe
        7⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15209.exe
        7⤵
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58222.exe
        6⤵
        
        PID:9968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37428.exe
        6⤵
        
        PID:12816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29482.exe
        6⤵
        
        PID:872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13026.exe
        6⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29688.exe
        6⤵
        
        PID:10500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
        5⤵
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        6⤵
        
        PID:9884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9763.exe
        6⤵
        
        PID:14152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13996.exe
        6⤵
        
        PID:11672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        6⤵
        
        PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19197.exe
        5⤵
        
        PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43572.exe
        5⤵
        
        PID:11868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57889.exe
        5⤵
        
        PID:7204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
      4⤵
      PID:384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
        5⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54653.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
        6⤵
        
        PID:12872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        6⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49610.exe
        6⤵
        
        PID:7832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3142.exe
        5⤵
        
        PID:7692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27565.exe
        6⤵
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        6⤵
        
        PID:13588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34080.exe
        6⤵
        
        PID:15528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52532.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14890.exe
        5⤵
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        5⤵
        
        PID:920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56081.exe
      4⤵
      PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52141.exe
        5⤵
        
        PID:7628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30307.exe
        5⤵
        
        PID:11984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
        5⤵
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
        5⤵
        
        PID:7476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4394.exe
      4⤵
      PID:8372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35475.exe
      4⤵
      PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56665.exe
      4⤵
      PID:7820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21552.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8073.exe
      4⤵
      PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34618.exe
        5⤵
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3324.exe
        6⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30307.exe
        6⤵
        
        PID:12036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3626.exe
        6⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        6⤵
        
        PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20739.exe
        5⤵
        
        PID:7584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16880.exe
        6⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37811.exe
        6⤵
        
        PID:12404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
        6⤵
        
        PID:6984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29226.exe
        5⤵
        
        PID:11092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60391.exe
        5⤵
        
        PID:13316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
      4⤵
      PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        5⤵
        
        PID:8924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41235.exe
        6⤵
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        6⤵
        
        PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        5⤵
        
        PID:13992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        5⤵
        
        PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19197.exe
      4⤵
      PID:8180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10899.exe
      4⤵
      PID:11976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45035.exe
      4⤵
      PID:1440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24464.exe
      4⤵
      PID:748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-983.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-983.exe
    3⤵
    PID:1096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64026.exe
      4⤵
      PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18784.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39677.exe
        6⤵
        
        PID:220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37891.exe
        6⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2487.exe
        6⤵
        
        PID:14896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46939.exe
        5⤵
        
        PID:12548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43455.exe
        5⤵
        
        PID:15616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40692.exe
      4⤵
      PID:10532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-74.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-74.exe
      4⤵
      PID:14980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3279.exe
      4⤵
      PID:1468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12521.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12521.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34160.exe
      4⤵
      PID:7428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30115.exe
      4⤵
      PID:12156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61099.exe
      4⤵
      PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
      4⤵
      PID:13868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10938.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10938.exe
    3⤵
    PID:8800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24108.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24108.exe
    3⤵
    PID:12536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
    3⤵
    PID:4936
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22855.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22855.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7650.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7650.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22371.exe
      4⤵
      PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9257.exe
        5⤵
        
        PID:7144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
        6⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34931.exe
        6⤵
        
        PID:12948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        6⤵
        
        PID:7120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49780.exe
        5⤵
        
        PID:8980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52411.exe
        5⤵
        
        PID:13928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30253.exe
        5⤵
        
        PID:1296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49169.exe
      4⤵
      PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7564.exe
        5⤵
        
        PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe
      4⤵
      PID:10008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37428.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53880.exe
      4⤵
      PID:7332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64529.exe
    3⤵
    PID:6028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14995.exe
      4⤵
      PID:9980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35403.exe
      4⤵
      PID:13272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
      4⤵
      PID:7388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14573.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14573.exe
    3⤵
    PID:7536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10582.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10582.exe
    3⤵
    PID:11348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2362.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2362.exe
    3⤵
    PID:15200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
    3⤵
    PID:6860
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33440.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33440.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22371.exe
    3⤵
    PID:5292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56154.exe
      4⤵
      PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57056.exe
        5⤵
        
        PID:10280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        5⤵
        
        PID:13580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5002.exe
        5⤵
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44503.exe
        5⤵
        
        PID:14624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41384.exe
        5⤵
        
        PID:6432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
      4⤵
      PID:7408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56919.exe
      4⤵
      PID:11996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3720.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38857.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38857.exe
    3⤵
    PID:6288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45211.exe
      4⤵
      PID:13744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64410.exe
      4⤵
      PID:6856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32871.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32871.exe
    3⤵
    PID:10844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51259.exe
    3⤵
    PID:12532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10338.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10338.exe
    3⤵
    PID:1524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38120.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38120.exe
    3⤵
    PID:15628
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10457.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10457.exe
  2⤵
  PID:6036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
    3⤵
    PID:9036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
    3⤵
    PID:13964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
    3⤵
    PID:5984
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
  2⤵
  PID:7544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33136.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33136.exe
    3⤵
    PID:10900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38870.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:12720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46222.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46222.exe
    3⤵
    PID:4376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63681.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63681.exe
    3⤵
    PID:6308
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41118.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41118.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:10696
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21731.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21731.exe
  2⤵
  PID:14584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19424.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19424.exe
  2⤵
  PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4892 -ip 4892
1⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 6812 -ip 6812
1⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 15120 -ip 15120
1⤵
PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 12392 -ip 12392
1⤵
PID:3676

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11920.exe

Filesize
468KB

MD5
3652e2b853645254fea1002dad441457

SHA1
1c1b115cda8af2e71571d369861f84293db87143

SHA256
87e5ee777242ca91df6ecc1e1d690b658b655f35690eb57d255b6c927ff59755

SHA512
3c31f547ceae134b4442d141830b4a417365ad65a66767e303d72e614bbd15ed6d482f5840a4e22e1a8f40033aae4bbdd3e2b3e8d6b736026eab0e19def2b80f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12642.exe

Filesize
468KB

MD5
58ac43ef6679370f724686c2fc689207

SHA1
fc89b844fc741cba4065b50f046420eded306394

SHA256
5bb5c4c875df419acd16713a90a12a7dc67e16acbd0aaa0c93922d880cdfd4bd

SHA512
01648fcbaf0d16e906467f6b9d642437c49822dca43eec69aae0fda9a859e3e7418e74415dc10266a2f757aeb60706154c6caf138ed59750413ae1ea3ec55d6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13705.exe

Filesize
468KB

MD5
43eb83a51dc5c50f0eca67eaaf3b2b12

SHA1
b8b6635f2d5903ccf802ed76543e4a9bae82d99e

SHA256
ec256063ea105f0ad4499616fe55ea77c385a44aa14d318a4a8e7a71d0b0f06b

SHA512
b87d988d63819212e75b55aa337c4acf88809165e7266c47d7b4a74d16c342e8c4b4f54ead11a7dd01a0a7d73e7b3b43db5b2ee2273aae7a13a63a6e38dda7c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14624.exe

Filesize
468KB

MD5
e5217935cdc9c8d3280f5ca94a0a2d37

SHA1
294d4fc0b9497e076d43af524e24e1d440242e2c

SHA256
57cb63a00dcc5282694ae799c038b43795cb95c763fc73785bc2c0a192781842

SHA512
618d9405dd29783dd9bed323e05751159bd775f04e2c269f32e8863230d98a374657422acd97327eefdc4504f504fd49243476ce6053e19a66e37b8f3ff4766b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe

Filesize
468KB

MD5
87eda7488966b084d1a90ceefdd6e853

SHA1
c5e97b69dfbd7baea1881022a2cc9c232d654567

SHA256
90031c26ff4b24d44db3b7e9b2fe006aaff3ff18fc24846126e960d4d9cea5a7

SHA512
ac8f8a2ab7f0936a673a5d1ec96abe8863caf6d0723fd9b8cbf85d1d85b3c3a36e52b191cf6411a24ff399199a57cd9b76fa7da200a017c2e1283dfb2d8b27ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe

Filesize
468KB

MD5
92fc4e88a436ed4518fddd10fe0431c2

SHA1
c2c6107684e7ceeb112e72986237c247614b2fe3

SHA256
30256f1a2e4fc2f42e122bc7f5df257311e657a34cdd124fdb0479bc1b0df372

SHA512
6a776c27229e3685758ebf4222cbdf9a0a704b3b9bb1909f963813f98b82051987425b364530a86c448befdd6a0fac55fd71df2e28faca716928118a60b6d2f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe

Filesize
468KB

MD5
7ed03887d2735208e08be6a98822ef97

SHA1
1fbadd0106e2ab5d3dbe06e109ae3bc0fdf0b379

SHA256
71de50b219c215016451d190024ec573efea19319b78f3affab45087e293b7f1

SHA512
3656e0576571b7eebfe4337fbdb1533c5c935345c4747cda6f381091539e42c6da38398fb55bc30f0f94aec492420e26510e1d462abd2a77fc2396f065132f89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22855.exe

Filesize
468KB

MD5
8e639fe2adcfbd71e7b8718699711b66

SHA1
282594a8d2e478af369ce677f8dfb95c6b3125d5

SHA256
348fe43be91ae38ace2afe21c52cf5d4460edcd0895f53c6b26b2b9941d22721

SHA512
9a76bbdafd585b559e604430437ca382d9387f6ab957b635aec404745916c7f07d40a15b0ed79491ca12aa91be5aeeaa4b2a28c30c23689cc86a34fe93dc138d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23651.exe

Filesize
468KB

MD5
25f51956867b558d8c8fcd6fd6085f4d

SHA1
d79c1d043b392a0c827fe520d2119dfa328c18b9

SHA256
cb0b40cc85a6f5dd1b868bd2b03b6925ce02447f81f17aa66fc802de7c98c582

SHA512
cc29cbf21035800b59d29eecfb1a6040ecd3d43150c6988cb760724e4cf6972d7efeaeadaa4a8afa49084f448e438779135524b58e243803f2ae72c6d94529a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23824.exe

Filesize
468KB

MD5
4e1021bef1c4eda44cc4c05286857280

SHA1
ca43f954e6c3ca14b4725d103e35e92801fd1708

SHA256
ef3527f5d9acea4ac707ef5c98800466d5773ae187287eaafa4cdb29378b2933

SHA512
8bd5718ec52d32ed875e04abd37ed972af12a7bd22b55cc55f6d318ddb13099ec0739c7b08f6b4590791a1894621a25d23cb5b14b18144c738e72ae8aa59f260

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe

Filesize
468KB

MD5
72f7a3ea3530f07fbaa82eb2675c75bd

SHA1
45311973b96de43e81196ee5bcb7679d86f4582d

SHA256
08ee3b8c0bae615d729a2aac153481d43d9579ce54993e23b27b7bda8f68d1fc

SHA512
b607329b340787047683e19ff1faf8611ae1d3f239f1edf86ea6b694bbe182a47f963bee56914e86913cf45f46bb696d416fb8d33f89e6bb25c36b889230e59b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25655.exe

Filesize
468KB

MD5
923261a0793187ac1cb37e4d9db04476

SHA1
bc018ab8a0bafda277163504f07f36b6c9ef4804

SHA256
57957558fce69063d50ee83afa5aba3f17d856f9c2d7583780ab9fa75ac27852

SHA512
6cf1e5c07d7ddf3f0893da60ec8e705d9889cd6579cebf5433c2c7060e6ff5322b71ebd9f532e9fdefb493de6282bccc7b2c1805f3ed93e468e8747f5e84160b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe

Filesize
468KB

MD5
24216d70c0cc86f6f64b9b9efcb88c5c

SHA1
1cf89247cf6008d60def81f7f4e8dff58cb0f062

SHA256
7d32f9d00c97f7490a4f60e126a345f0c601675a279b96d0611af6cdd04ebc60

SHA512
2b85a24651ed038d84b7f65bc22492a2339dc8ce3b06a421aa625b4e23fbe9638dba476457a8acba22cfe949fa941500e059a7e3a3db05b9723279bcda18d59d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27872.exe

Filesize
468KB

MD5
a8e5c609cca522e251befa66904946bb

SHA1
fecf173a32dfbe71a6cab30ef0980c3e6b287966

SHA256
dd5ef79ca2338ef89be2502c9b2c58a78f03d9781b9e63551c52ca48f2dc5eac

SHA512
4e621dcd3e32befbce6c01b4e3dbbd0aafbade3916440314f004935bcaef1befdbeb236e0d8c5cb05d0c704700087eb72b3da47cb84d5f511c2bdf993d1874e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28387.exe

Filesize
468KB

MD5
5e89d0a65147f2a1e8e1a79cd2b1b79b

SHA1
db9515d98ce11bd39fa1308cb2c486d7e3697c9d

SHA256
bc68ab8be3363cae50732de2a0b3836e60fff1184381e3d0f8d5eb1be454f2e1

SHA512
253e041d4f73b2c1f9fc2dd81389d86c6d357d25e5cbf84ef6406e33ab91fde72435135f4338476f0876c3b3bca502b4eaf9e6b8d6c755890d0ccfe987c308e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31786.exe

Filesize
468KB

MD5
ecdfd91f6aea168a8aeddfff90a75f52

SHA1
867e679a57524ee91ca9fb265df869286cf212f5

SHA256
53099577565fb3272a5a35b80ae7646c85381e3d6cf55ada94854201bf4ddaef

SHA512
bc61a4a62c806997947744ec580fb09ca31c8f25154b2fa4fcd6d0b699490dfdf5fead0a0afa97afc58c97100a77e6ffe0080a39369ecb4828621f464ec52eb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe

Filesize
468KB

MD5
22fc9fe30756ed4f304a1ae7c90f9c27

SHA1
e2a6036183fe40ea4c5281ae4320d5daba93a342

SHA256
270ffe0965046f8ac6a4b9ecf2cab783a30f57931350a7528b0bdb0647915aee

SHA512
a4e60d2bc565479168df47336b158a37e8ea380926fa272babd19fe15363260bf4bcc81e1b5745665cd0a07861a1ed0da9c1d395b4237fab5440f07c0f40a44f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe

Filesize
468KB

MD5
b4bdfd441a0fdd3c2722dde7d1c8d154

SHA1
e9871fc6712936191ad499f058eeec5bf5bbb6b6

SHA256
d4c8d589163bfd79c0c83a88eec08bf8aec3cb9b988bbf17c7b0e327a6a32d00

SHA512
e27e8f2138698c3c9c01764bd0d3aa720bc7dfe4d4bacc49dbd4fd6aaba931eb5c5d8726d1cc17dd58f0bdaada333f54f7f89bee0cb39ddf47b0af23060527d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37681.exe

Filesize
468KB

MD5
940ac9e3c5edf52d79c004482b7d60d6

SHA1
64035e9322e5bfeb8a8888270b03da1755ba99d7

SHA256
5f4e3eaf8fac5f89317630ff0ac81038b5a00c98a7f27f62ca8c6a9b7358b60e

SHA512
76a666c24094315b20acc0daa3d861f214467a6010d606e4da8745e01467f5cbcd747aab0ece936a3795aa724ebe55d8c62e94f9eb01ac147ab87a26eb352494

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40352.exe

Filesize
468KB

MD5
99d38ee6fb7dc46f3c806e20190a6cca

SHA1
fe873e05c2d1c97bfa2a2ad43e64181823393239

SHA256
3047abb6cd33f79b3b7a3ae2908c8de17e7087b2c04b3879fdaee7a654a0dfd6

SHA512
af822a0a38b0f0f93c68caddc88ff4696edcbb38e6cd458a19528d823e5fc8a4c3d45e995d78c3294eaa75287353de940942af6358fe38e40e9e62865f4b3ae1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41416.exe

Filesize
468KB

MD5
939f900e81ef3b1982b8b03ef328023f

SHA1
ae1bd07e64b2bbfd907767ae5a288be221701850

SHA256
e4364e29577cc56937ae215a6281b3704097b94218f59ad60b3604376dc5e24c

SHA512
b8ad6035ad6c8e7fc98befe5430e78131fa934c2dfb9a9d1fc2b58321bb07e57b7945771ff757d2d2e57a676ea9d2c7f6dbb9e9e81b1282db03b17a2432bd7fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41443.exe

Filesize
468KB

MD5
59ba9ec2e06ca050addbb934ebdb33ec

SHA1
26d2b88389d6568f57d43e2bfa6e6aee17a46b9a

SHA256
47d96ce4d22e907e935187fa57cf6c309fd463c887b2e02fa6cdb8747d7c95fe

SHA512
8662d30b31ff47e8a4a351de98db15da1914ea1733919656dac2a433b9b83062c89810f4650afb6720e8df437590806a1b35c0e46c74376568d1f45d4bd6dae7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42979.exe

Filesize
468KB

MD5
7e03d3dc669c3a8d5575503489a9d97b

SHA1
c2648b7c5d52b6ad9d6c34cc5c6bad32c421f644

SHA256
a2b682066deea5dc18c3ed1690f960a1d53182bc7997f2eae469394fcd50d366

SHA512
8d30dcb267c9f6e59093ccfc63b6d973ed2822c7a857c3ae7df0fbdac155f4cda4c523b0b95f6b4f851c812305ece65f273f279d2cd28a8a63cd1108a412589e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43425.exe

Filesize
468KB

MD5
9af12ce9224140b1466d89537abe37d9

SHA1
992ac5431b717c50779572eaba23c2293828ea87

SHA256
afa927b6f00ca41f740f6f52d0293d2a9cac3052c781af19deb9a450352ac3ec

SHA512
bca6bf262e8b688de25fa158de6e49f12430c4008e7645b3bf0e85285432253540957440364a365b604a7fbff9f4d000dcf6b4c1120930a8ba075768d8549f47

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48314.exe

Filesize
468KB

MD5
141dd16d82089251b2c579ec375c5a24

SHA1
2e722ad6dbcec8524779b0927c8dcf96c892def0

SHA256
1425b1f9d1e6958223e37fb270e04b0643dadba34c1c9fd61df87ddb5eeb3018

SHA512
21c42c0c5457e21fcc7fcb5501d69ada386107f81ea72b25ce2c905d9587c05a61c34fbd888ef9d839202618af5d83ff3af0c74f29f70199921b13dbfc0d9671

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48506.exe

Filesize
468KB

MD5
47bb46f64168e7e872c9212b6e099a7a

SHA1
850dec75c2c8919cfccf5358db419a4dbebebf7d

SHA256
e49d40aa999492f455d475b309cc159dc0545d7514c937164d627c1e1b19fec7

SHA512
398e8fe25179ea2bde46c9fc866c95cf4f38369836127bd969b30d846080acc63e9c4871e45f56794744c10db65b351ba3754b87c1458d1e8c5be238e9cbcbcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48906.exe

Filesize
468KB

MD5
de02b9c96f7e82213ba9604579fa64bd

SHA1
f03ea6f5f3c457594b44cf9861efe660b47ecccb

SHA256
8de2f7fdcb853e0066313281d3743293b05ae56c98af4142e671b01e9ca9df4c

SHA512
550f1a27d3339c51905b1ab84052dffe812e8505003017b78c3d23af951d0cb92b0d0363d09dc31b83de9d0bf477111e3b900ae8470083d6a284163a6049001f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52993.exe

Filesize
468KB

MD5
ce5b16e82b0b59c7355910d9733737e2

SHA1
7a82904e7ae35e4f79b262a37b3d71b1cc776c76

SHA256
997e43d5b16fd8e1fe5f835aed0955d2ec79bf35823add78bec8f806d22451ec

SHA512
b9fc4ed6d088baa130cf2533fc70934451707e7bfe3d4816ec39929b660519003d2797d2b494040a6eb2335d39c3e7905128f8a5174aeb7142410586646e7d8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58993.exe

Filesize
468KB

MD5
28cd558664d850a0ea05d833202abcef

SHA1
473d7b3fb476fff3058c28b6555072ea5804819c

SHA256
319624e0ebfe1e35838ad3aa4e645c763a445415d6a69fcd788ba37fce9ac10b

SHA512
b394eb0320dc61804c9a8aefe6b0a31b3614aede08052ca6aa4e9e109b3b4ba3093970f7e603824c5e090fcf4cfdae08dae85504697c2e190539d12000a6c9ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe

Filesize
468KB

MD5
822d442f174a80a84a226f9055ee8ba4

SHA1
bf044a8bcd5d7a31072d24e885437f76c149586c

SHA256
f3af40ad316a50ef53d175b147b1ae9665e95534c0877815d20fdd26dcb40fde

SHA512
76e6e23cbc921462c9afcffc3adb52ccc75ad5518ae1cdbf53208f9c38221b19b58349a5db73fc50a938c88c213e481699b14b12af73ca665bf8ba9366955a24

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64650.exe

Filesize
468KB

MD5
e231ee25b30a10840455e62e60241fd9

SHA1
128b0c6015dc8fa70a09b8b2c3c4883082b25102

SHA256
8cb7116ebd102cd10fa5aecb27e5bb8d63ebb3525a09da39f0ae0d2091788c1d

SHA512
cad426989071e98457b50bdcddf5dd2c057dd159906baba1eb8ae37e16e3d7bb6237082651ec42c67d06fe7bda29c169eac3f7e774eac66d96479d430792e6d0

Download Submit
memory/8-283-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/60-167-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/220-2913-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/220-3213-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/372-3311-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/384-402-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/396-372-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/764-264-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/768-373-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/808-47-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/972-339-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1068-80-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1096-403-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1168-346-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1324-266-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1356-240-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1384-168-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1568-448-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1604-371-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1612-445-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1668-446-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1720-249-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1804-103-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1860-293-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1904-348-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2276-222-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2384-61-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2416-335-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2444-285-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2504-204-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2616-212-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2676-230-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2732-361-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2824-374-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2912-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2952-3534-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2956-90-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3156-292-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3200-399-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3216-307-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3248-404-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3396-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3412-192-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3424-368-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3476-135-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3564-3478-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3576-3342-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3628-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3692-166-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3700-250-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3732-57-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3912-201-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3916-286-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3944-420-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3956-235-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3960-336-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3964-88-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4124-334-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4164-265-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4228-149-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4308-110-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4332-369-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4352-165-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4376-3482-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4572-117-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4604-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4700-153-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4752-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4796-223-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4820-3056-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4820-162-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4824-347-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4872-151-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4880-417-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4888-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4892-415-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4968-32-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4976-387-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4992-352-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4996-42-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5036-340-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5040-447-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5076-170-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5088-89-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5112-295-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5184-449-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5196-451-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5224-465-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5240-466-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5300-464-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5464-506-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5484-547-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5496-515-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5512-549-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5540-516-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5556-517-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5572-518-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5608-519-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5624-524-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5664-550-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5680-551-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5708-552-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5724-553-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5740-554-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15112-2627-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads