0b9fd01668592b4db13e356a704e5479b263145e5236055ad91b8d108efe8f94

Analysis

max time kernel
150s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b9fd01668592b4db13e356a704e5479b263145e5236055ad91b8d108efe8f94.exe
Size

468KB
MD5

05c52e00c02f6a6a54b2e6d4c0e60968
SHA1

1a558b53f279096abaa4faf048d0411dfa8d08e5
SHA256

0b9fd01668592b4db13e356a704e5479b263145e5236055ad91b8d108efe8f94
SHA512

9aa4ece1acd53146e26539af714be487f782ad1053fff182a64a84e054f3bf683bae99705baea8a70dcce29c07e03d64af9a76b6bbe4b39219277daa09c0e73c
SSDEEP

3072:p8ACogIdIU57tbY+BzcjYf//sChC/IdgBRHQRV1mvUHLZO4FQglQ:p81oAc7thB4jYf2kbAvUrg4FQ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2096	Unicorn-50994.exe
224	Unicorn-2945.exe
4708	Unicorn-44533.exe
2792	Unicorn-64144.exe
2852	Unicorn-60060.exe
3684	Unicorn-40194.exe
3244	Unicorn-645.exe
1068	Unicorn-38462.exe
1808	Unicorn-15904.exe
5056	Unicorn-24072.exe
5068	Unicorn-39016.exe
3280	Unicorn-17941.exe
3152	Unicorn-24072.exe
2904	Unicorn-4206.exe
536	Unicorn-23807.exe
1816	Unicorn-2665.exe
4520	Unicorn-60589.exe
3060	Unicorn-50304.exe
4572	Unicorn-15493.exe
3212	Unicorn-27481.exe
2364	Unicorn-18815.exe
2072	Unicorn-1103.exe
1716	Unicorn-1103.exe
2540	Unicorn-3141.exe
2720	Unicorn-9271.exe
1740	Unicorn-60418.exe
32	Unicorn-40552.exe
3720	Unicorn-54943.exe
4304	Unicorn-44082.exe
1308	Unicorn-54288.exe
4556	Unicorn-50880.exe
4976	Unicorn-26930.exe
2216	Unicorn-63900.exe
4944	Unicorn-401.exe
4312	Unicorn-16545.exe
2060	Unicorn-49894.exe
2068	Unicorn-23806.exe
4624	Unicorn-2639.exe
5024	Unicorn-45618.exe
4212	Unicorn-21668.exe
4616	Unicorn-23060.exe
2344	Unicorn-43572.exe
2532	Unicorn-27144.exe
4116	Unicorn-8669.exe
1992	Unicorn-47564.exe
1280	Unicorn-58425.exe
4704	Unicorn-8669.exe
4728	Unicorn-12753.exe
4932	Unicorn-11383.exe
1592	Unicorn-52825.exe
2044	Unicorn-65223.exe
2332	Unicorn-47564.exe
1416	Unicorn-11118.exe
1892	Unicorn-29090.exe
4380	Unicorn-11383.exe
4632	Unicorn-57055.exe
3208	Unicorn-13421.exe
4048	Unicorn-10621.exe
1620	Unicorn-19286.exe
1208	Unicorn-13713.exe
3412	Unicorn-24020.exe
4012	Unicorn-23919.exe
1044	Unicorn-21882.exe
3076	Unicorn-47133.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db	Process not Found
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-wal	Process not Found
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-shm	Process not Found

Program crash 7 IoCs

pid	pid_target	Process	procid_target
6044	4696	WerFault.exe	151
2008	6856	WerFault.exe	280
2944	17208	WerFault.exe	857
1648	16548	WerFault.exe	809
19624	17008	WerFault.exe	896
12320	7292	Process not Found	1152
15044	14884	Process not Found	1277

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25577.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47517.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58223.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40534.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10501.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56772.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53065.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22757.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10385.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24944.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30925.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14821.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0b9fd01668592b4db13e356a704e5479b263145e5236055ad91b8d108efe8f94.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60553.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27608.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31929.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14205.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12973.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23683.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34137.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60553.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24072.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26930.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39899.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59796.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15243.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3141.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25328.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56251.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53714.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27269.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1004.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8558.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4695.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47028.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54191.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7548.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32920.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Process not Found

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 48 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "2"	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\TrustCenter\Experimentation	Process not Found
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides	Process not Found
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,7202269,17110992,41484365,39965824,7153487,17110988,508368333,17962391,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617"	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	Process not Found
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun	Process not Found
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	Process not Found
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	Process not Found
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides	Process not Found
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	Process not Found
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "1"	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata	Process not Found
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 50,1329 10,1329 15,1329 100,1329 6"	Process not Found
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	Process not Found

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	18496	dwm.exe
Token: SeChangeNotifyPrivilege	18496	dwm.exe
Token: 33	18496	dwm.exe
Token: SeIncBasePriorityPrivilege	18496	dwm.exe
Token: SeCreateGlobalPrivilege	8928	Process not Found
Token: SeChangeNotifyPrivilege	8928	Process not Found
Token: 33	8928	Process not Found
Token: SeIncBasePriorityPrivilege	8928	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3660	0b9fd01668592b4db13e356a704e5479b263145e5236055ad91b8d108efe8f94.exe
2096	Unicorn-50994.exe
224	Unicorn-2945.exe
4708	Unicorn-44533.exe
2792	Unicorn-64144.exe
2852	Unicorn-60060.exe
3244	Unicorn-645.exe
3684	Unicorn-40194.exe
1068	Unicorn-38462.exe
3280	Unicorn-17941.exe
536	Unicorn-23807.exe
2904	Unicorn-4206.exe
5068	Unicorn-39016.exe
1808	Unicorn-15904.exe
3152	Unicorn-24072.exe
5056	Unicorn-24072.exe
1816	Unicorn-2665.exe
4520	Unicorn-60589.exe
3060	Unicorn-50304.exe
4572	Unicorn-15493.exe
1716	Unicorn-1103.exe
2364	Unicorn-18815.exe
3212	Unicorn-27481.exe
2072	Unicorn-1103.exe
4304	Unicorn-44082.exe
32	Unicorn-40552.exe
3720	Unicorn-54943.exe
1308	Unicorn-54288.exe
2720	Unicorn-9271.exe
1740	Unicorn-60418.exe
2540	Unicorn-3141.exe
4556	Unicorn-50880.exe
4976	Unicorn-26930.exe
2216	Unicorn-63900.exe
4312	Unicorn-16545.exe
2060	Unicorn-49894.exe
2068	Unicorn-23806.exe
4624	Unicorn-2639.exe
5024	Unicorn-45618.exe
4212	Unicorn-21668.exe
2344	Unicorn-43572.exe
4616	Unicorn-23060.exe
2532	Unicorn-27144.exe
2044	Unicorn-65223.exe
4116	Unicorn-8669.exe
1280	Unicorn-58425.exe
4728	Unicorn-12753.exe
1592	Unicorn-52825.exe
1992	Unicorn-47564.exe
4932	Unicorn-11383.exe
4380	Unicorn-11383.exe
4704	Unicorn-8669.exe
2332	Unicorn-47564.exe
1620	Unicorn-19286.exe
4632	Unicorn-57055.exe
4048	Unicorn-10621.exe
3208	Unicorn-13421.exe
1892	Unicorn-29090.exe
1208	Unicorn-13713.exe
4696	Unicorn-63469.exe
4012	Unicorn-23919.exe
1044	Unicorn-21882.exe
3076	Unicorn-47133.exe
3412	Unicorn-24020.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3660 wrote to memory of 2096	3660	0b9fd01668592b4db13e356a704e5479b263145e5236055ad91b8d108efe8f94.exe	87
PID 3660 wrote to memory of 2096	3660	0b9fd01668592b4db13e356a704e5479b263145e5236055ad91b8d108efe8f94.exe	87
PID 3660 wrote to memory of 2096	3660	0b9fd01668592b4db13e356a704e5479b263145e5236055ad91b8d108efe8f94.exe	87
PID 2096 wrote to memory of 224	2096	Unicorn-50994.exe	88
PID 2096 wrote to memory of 224	2096	Unicorn-50994.exe	88
PID 2096 wrote to memory of 224	2096	Unicorn-50994.exe	88
PID 3660 wrote to memory of 4708	3660	0b9fd01668592b4db13e356a704e5479b263145e5236055ad91b8d108efe8f94.exe	89
PID 3660 wrote to memory of 4708	3660	0b9fd01668592b4db13e356a704e5479b263145e5236055ad91b8d108efe8f94.exe	89
PID 3660 wrote to memory of 4708	3660	0b9fd01668592b4db13e356a704e5479b263145e5236055ad91b8d108efe8f94.exe	89
PID 224 wrote to memory of 2792	224	Unicorn-2945.exe	90
PID 224 wrote to memory of 2792	224	Unicorn-2945.exe	90
PID 224 wrote to memory of 2792	224	Unicorn-2945.exe	90
PID 4708 wrote to memory of 2852	4708	Unicorn-44533.exe	92
PID 4708 wrote to memory of 2852	4708	Unicorn-44533.exe	92
PID 4708 wrote to memory of 2852	4708	Unicorn-44533.exe	92
PID 2096 wrote to memory of 3684	2096	Unicorn-50994.exe	91
PID 2096 wrote to memory of 3684	2096	Unicorn-50994.exe	91
PID 2096 wrote to memory of 3684	2096	Unicorn-50994.exe	91
PID 3660 wrote to memory of 3244	3660	0b9fd01668592b4db13e356a704e5479b263145e5236055ad91b8d108efe8f94.exe	93
PID 3660 wrote to memory of 3244	3660	0b9fd01668592b4db13e356a704e5479b263145e5236055ad91b8d108efe8f94.exe	93
PID 3660 wrote to memory of 3244	3660	0b9fd01668592b4db13e356a704e5479b263145e5236055ad91b8d108efe8f94.exe	93
PID 2792 wrote to memory of 1068	2792	Unicorn-64144.exe	94
PID 2792 wrote to memory of 1068	2792	Unicorn-64144.exe	94
PID 2792 wrote to memory of 1068	2792	Unicorn-64144.exe	94
PID 2852 wrote to memory of 1808	2852	Unicorn-60060.exe	95
PID 2852 wrote to memory of 1808	2852	Unicorn-60060.exe	95
PID 2852 wrote to memory of 1808	2852	Unicorn-60060.exe	95
PID 3684 wrote to memory of 5056	3684	Unicorn-40194.exe	96
PID 3684 wrote to memory of 5056	3684	Unicorn-40194.exe	96
PID 3684 wrote to memory of 5056	3684	Unicorn-40194.exe	96
PID 4708 wrote to memory of 5068	4708	Unicorn-44533.exe	100
PID 4708 wrote to memory of 5068	4708	Unicorn-44533.exe	100
PID 4708 wrote to memory of 5068	4708	Unicorn-44533.exe	100
PID 2096 wrote to memory of 3280	2096	Unicorn-50994.exe	99
PID 2096 wrote to memory of 3280	2096	Unicorn-50994.exe	99
PID 2096 wrote to memory of 3280	2096	Unicorn-50994.exe	99
PID 3244 wrote to memory of 3152	3244	Unicorn-645.exe	97
PID 3244 wrote to memory of 3152	3244	Unicorn-645.exe	97
PID 3244 wrote to memory of 3152	3244	Unicorn-645.exe	97
PID 224 wrote to memory of 2904	224	Unicorn-2945.exe	98
PID 224 wrote to memory of 2904	224	Unicorn-2945.exe	98
PID 224 wrote to memory of 2904	224	Unicorn-2945.exe	98
PID 3660 wrote to memory of 536	3660	0b9fd01668592b4db13e356a704e5479b263145e5236055ad91b8d108efe8f94.exe	101
PID 3660 wrote to memory of 536	3660	0b9fd01668592b4db13e356a704e5479b263145e5236055ad91b8d108efe8f94.exe	101
PID 3660 wrote to memory of 536	3660	0b9fd01668592b4db13e356a704e5479b263145e5236055ad91b8d108efe8f94.exe	101
PID 1068 wrote to memory of 1816	1068	Unicorn-38462.exe	102
PID 1068 wrote to memory of 1816	1068	Unicorn-38462.exe	102
PID 1068 wrote to memory of 1816	1068	Unicorn-38462.exe	102
PID 2792 wrote to memory of 4520	2792	Unicorn-64144.exe	103
PID 2792 wrote to memory of 4520	2792	Unicorn-64144.exe	103
PID 2792 wrote to memory of 4520	2792	Unicorn-64144.exe	103
PID 536 wrote to memory of 3060	536	Unicorn-23807.exe	104
PID 536 wrote to memory of 3060	536	Unicorn-23807.exe	104
PID 536 wrote to memory of 3060	536	Unicorn-23807.exe	104
PID 3280 wrote to memory of 4572	3280	Unicorn-17941.exe	105
PID 3280 wrote to memory of 4572	3280	Unicorn-17941.exe	105
PID 3280 wrote to memory of 4572	3280	Unicorn-17941.exe	105
PID 2096 wrote to memory of 3212	2096	Unicorn-50994.exe	106
PID 2096 wrote to memory of 3212	2096	Unicorn-50994.exe	106
PID 2096 wrote to memory of 3212	2096	Unicorn-50994.exe	106
PID 3660 wrote to memory of 2364	3660	0b9fd01668592b4db13e356a704e5479b263145e5236055ad91b8d108efe8f94.exe	107
PID 3660 wrote to memory of 2364	3660	0b9fd01668592b4db13e356a704e5479b263145e5236055ad91b8d108efe8f94.exe	107
PID 3660 wrote to memory of 2364	3660	0b9fd01668592b4db13e356a704e5479b263145e5236055ad91b8d108efe8f94.exe	107
PID 1808 wrote to memory of 2072	1808	Unicorn-15904.exe	108

C:\Users\Admin\AppData\Local\Temp\0b9fd01668592b4db13e356a704e5479b263145e5236055ad91b8d108efe8f94.exe
"C:\Users\Admin\AppData\Local\Temp\0b9fd01668592b4db13e356a704e5479b263145e5236055ad91b8d108efe8f94.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3660
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50994.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50994.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2945.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38462.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2665.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24020.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4907.exe
        9⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        10⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18146.exe
        11⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38430.exe
        11⤵
        
        PID:15876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24423.exe
        11⤵
        
        PID:17928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19518.exe
        11⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
        10⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23219.exe
        10⤵
        
        PID:13976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
        10⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40988.exe
        9⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
        10⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56547.exe
        10⤵
        
        PID:14052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44103.exe
        10⤵
        
        PID:17076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16893.exe
        9⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2416.exe
        9⤵
        
        PID:15372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6657.exe
        9⤵
        
        PID:18056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65353.exe
        8⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
        10⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18751.exe
        10⤵
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
        10⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        9⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
        9⤵
        
        PID:13488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49828.exe
        9⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33535.exe
        8⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
        9⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34485.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:14276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60823.exe
        9⤵
        
        PID:18572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40657.exe
        8⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41416.exe
        8⤵
        
        PID:14504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61139.exe
        8⤵
        
        PID:17116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41998.exe
        8⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25328.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50766.exe
        9⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
        10⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
        10⤵
        
        PID:14448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19406.exe
        10⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
        9⤵
        
        PID:13480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35437.exe
        9⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
        9⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33115.exe
        9⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58301.exe
        9⤵
        
        PID:17484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27189.exe
        9⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61434.exe
        8⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22147.exe
        8⤵
        
        PID:14844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62530.exe
        8⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46800.exe
        7⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20336.exe
        8⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47340.exe
        8⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6657.exe
        8⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62473.exe
        7⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10139.exe
        7⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2872.exe
        7⤵
        
        PID:16100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65132.exe
        7⤵
        
        PID:18156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26930.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21882.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7045.exe
        8⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8700.exe
        9⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13385.exe
        9⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26921.exe
        9⤵
        
        PID:15516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
        9⤵
        
        PID:18012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30682.exe
        8⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13385.exe
        8⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26921.exe
        8⤵
        
        PID:15532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6657.exe
        8⤵
        
        PID:18064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
        7⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45032.exe
        8⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        8⤵
        
        PID:12524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16333.exe
        8⤵
        
        PID:16720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        8⤵
        
        PID:18144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-993.exe
        7⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49147.exe
        7⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63564.exe
        7⤵
        
        PID:16184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27646.exe
        7⤵
        
        PID:18172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23919.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
        7⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2333.exe
        8⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40346.exe
        9⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        9⤵
        
        PID:13968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19406.exe
        9⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16893.exe
        8⤵
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe
        8⤵
        
        PID:14256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22067.exe
        8⤵
        
        PID:18696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        7⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26506.exe
        8⤵
        
        PID:11892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38430.exe
        8⤵
        
        PID:15948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38622.exe
        8⤵
        
        PID:18456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51093.exe
        7⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7880.exe
        7⤵
        
        PID:16772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:18420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
        6⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3760.exe
        7⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23219.exe
        7⤵
        
        PID:14004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55858.exe
        7⤵
        
        PID:17956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60407.exe
        6⤵
        
        PID:9192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56170.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23643.exe
        6⤵
        
        PID:17152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53292.exe
        6⤵
        
        PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60589.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63900.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13713.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
        8⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44544.exe
        9⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18390.exe
        10⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
        10⤵
        
        PID:13172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18909.exe
        10⤵
        
        PID:14140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        9⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
        9⤵
        
        PID:13700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35437.exe
        9⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19800.exe
        8⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20401.exe
        8⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
        8⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12137.exe
        8⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
        8⤵
        
        PID:18032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
        7⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        8⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48187.exe
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49698.exe
        7⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61445.exe
        7⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18521.exe
        7⤵
        
        PID:17980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63469.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 720
        7⤵
        Program crash
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21719.exe
        6⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23138.exe
        7⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65042.exe
        8⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        8⤵
        
        PID:13996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23683.exe
        8⤵
        
        PID:17176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27086.exe
        7⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
        7⤵
        
        PID:13864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
        7⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44182.exe
        7⤵
        
        PID:18300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46583.exe
        6⤵
        
        PID:8000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43258.exe
        6⤵
        
        PID:10724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1720.exe
        6⤵
        
        PID:15392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7187.exe
        6⤵
        
        PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-401.exe
        5⤵
        Executes dropped EXE
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56417.exe
        6⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61648.exe
        7⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33308.exe
        7⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19711.exe
        7⤵
        
        PID:14328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
        7⤵
        
        PID:17184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41468.exe
        7⤵
        
        PID:17772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
        6⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19250.exe
        6⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
        6⤵
        
        PID:15460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55659.exe
        6⤵
        
        PID:18100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17532.exe
        5⤵
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21244.exe
        6⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28182.exe
        7⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12141.exe
        8⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18228.exe
        8⤵
        
        PID:14428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12005.exe
        8⤵
        
        PID:16904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3158.exe
        7⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34485.exe
        7⤵
        
        PID:14300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
        7⤵
        
        PID:18700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31990.exe
        6⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33714.exe
        7⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12826.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22399.exe
        7⤵
        
        PID:16228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58685.exe
        7⤵
        
        PID:18716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
        6⤵
        
        PID:11860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17190.exe
        6⤵
        
        PID:15784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
        6⤵
        
        PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18919.exe
        5⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42572.exe
        6⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10385.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:18728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54689.exe
        6⤵
        
        PID:11448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40865.exe
        6⤵
        
        PID:16300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
        6⤵
        
        PID:18680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30858.exe
        5⤵
        
        PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        5⤵
        
        PID:11196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42563.exe
        5⤵
        
        PID:16152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31468.exe
        5⤵
        
        PID:17808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-970.exe
        5⤵
        
        PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9271.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12753.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23574.exe
        7⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44352.exe
        8⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39550.exe
        9⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55596.exe
        8⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
        8⤵
        
        PID:14916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52376.exe
        8⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19800.exe
        7⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
        8⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44871.exe
        8⤵
        
        PID:13720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
        8⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1927.exe
        7⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64471.exe
        7⤵
        
        PID:13552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10734.exe
        7⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
        6⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53200.exe
        7⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18751.exe
        7⤵
        
        PID:12848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41468.exe
        7⤵
        
        PID:17740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55771.exe
        7⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-993.exe
        6⤵
        
        PID:7736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10907.exe
        6⤵
        
        PID:12544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62535.exe
        6⤵
        
        PID:16656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57600.exe
        6⤵
        
        PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57055.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
        6⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        7⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42510.exe
        8⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27984.exe
        8⤵
        
        PID:12444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26639.exe
        8⤵
        
        PID:16536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        8⤵
        
        PID:18488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2608.exe
        7⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1263.exe
        7⤵
        
        PID:12628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        7⤵
        
        PID:16824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57070.exe
        7⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63381.exe
        6⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
        7⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 636
        7⤵
        Program crash
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27801.exe
        6⤵
        
        PID:9776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59811.exe
        6⤵
        
        PID:13916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10734.exe
        6⤵
        
        PID:17172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18813.exe
        5⤵
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exe
        6⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42292.exe
        7⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        7⤵
        
        PID:13984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19406.exe
        7⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        7⤵
        
        PID:18360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54418.exe
        6⤵
        
        PID:11128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26921.exe
        6⤵
        
        PID:15548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61888.exe
        6⤵
        
        PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62535.exe
        5⤵
        
        PID:7856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14093.exe
        5⤵
        
        PID:10752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15150.exe
        5⤵
        
        PID:14288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30130.exe
        5⤵
        
        PID:18536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8669.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
        6⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22754.exe
        7⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42292.exe
        8⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        8⤵
        
        PID:11888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23683.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
        7⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23219.exe
        7⤵
        
        PID:13908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55858.exe
        7⤵
        
        PID:17420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4040.exe
        6⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44923.exe
        7⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13385.exe
        6⤵
        
        PID:9520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26921.exe
        6⤵
        
        PID:15524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2573.exe
        6⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50387.exe
        5⤵
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35608.exe
        6⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        7⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65317.exe
        7⤵
        
        PID:12792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53666.exe
        7⤵
        
        PID:17052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        7⤵
        
        PID:18464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58223.exe
        6⤵
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exe
        6⤵
        
        PID:11592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12137.exe
        6⤵
        
        PID:10308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15394.exe
        6⤵
        
        PID:17624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45020.exe
        5⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31960.exe
        6⤵
        
        PID:11788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63127.exe
        6⤵
        
        PID:15772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63126.exe
        6⤵
        
        PID:18524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5462.exe
        5⤵
        
        PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20419.exe
        5⤵
        
        PID:13868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15547.exe
        5⤵
        
        PID:1556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11118.exe
      4⤵
      Executes dropped EXE
      PID:1416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1431.exe
      4⤵
      PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12473.exe
        5⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        6⤵
        
        PID:9028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47340.exe
        6⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50247.exe
        5⤵
        
        PID:7996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1071.exe
        5⤵
        
        PID:12880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53309.exe
        5⤵
        
        PID:17140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6876.exe
        5⤵
        
        PID:19496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53697.exe
      4⤵
      PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63480.exe
        5⤵
        
        PID:10284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5976.exe
        5⤵
        
        PID:13564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44103.exe
        5⤵
        
        PID:4244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17363.exe
      4⤵
      PID:9716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9725.exe
      4⤵
      PID:14604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51722.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40194.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24072.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11383.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
        7⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65156.exe
        8⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58348.exe
        9⤵
        
        PID:12304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
        9⤵
        
        PID:16576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59870.exe
        9⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        8⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
        8⤵
        
        PID:13468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35437.exe
        8⤵
        
        PID:18000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19800.exe
        7⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1927.exe
        7⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30315.exe
        7⤵
        
        PID:14904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55659.exe
        7⤵
        
        PID:18092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53790.exe
        6⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
        7⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30864.exe
        7⤵
        
        PID:14992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12389.exe
        7⤵
        
        PID:17216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8996.exe
        6⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57010.exe
        6⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15664.exe
        6⤵
        
        PID:15792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12675.exe
        6⤵
        
        PID:19688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65223.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55.exe
        6⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62250.exe
        7⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8057.exe
        8⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14144.exe
        8⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10443.exe
        8⤵
        
        PID:17080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58223.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28289.exe
        7⤵
        
        PID:13272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62457.exe
        7⤵
        
        PID:18288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33614.exe
        6⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43470.exe
        7⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6386.exe
        7⤵
        
        PID:13208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21377.exe
        7⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        7⤵
        
        PID:18260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65134.exe
        6⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29085.exe
        6⤵
        
        PID:13952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64019.exe
        6⤵
        
        PID:17300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40988.exe
        5⤵
        
        PID:832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        6⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16444.exe
        7⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57341.exe
        7⤵
        
        PID:12492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16333.exe
        7⤵
        
        PID:16640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23412.exe
        6⤵
        
        PID:8968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        6⤵
        
        PID:13188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8768.exe
        6⤵
        
        PID:16520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14091.exe
        6⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
        5⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27710.exe
        6⤵
        
        PID:10012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        6⤵
        
        PID:14152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35935.exe
        6⤵
        
        PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16833.exe
        5⤵
        
        PID:9688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34610.exe
        5⤵
        
        PID:13812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59553.exe
        5⤵
        
        PID:17108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16545.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44248.exe
        5⤵
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7190.exe
        6⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36672.exe
        7⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13978.exe
        7⤵
        
        PID:13068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43936.exe
        7⤵
        
        PID:16144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22181.exe
        6⤵
        
        PID:8284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47777.exe
        6⤵
        
        PID:12356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34145.exe
        6⤵
        
        PID:16588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40534.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        5⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3158.exe
        6⤵
        
        PID:10824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34485.exe
        6⤵
        
        PID:14312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8558.exe
        6⤵
        
        PID:17856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28621.exe
        5⤵
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
        5⤵
        
        PID:11824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63756.exe
        5⤵
        
        PID:15832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45352.exe
        5⤵
        
        PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39899.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21244.exe
        5⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44352.exe
        6⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        7⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
        7⤵
        
        PID:16816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        7⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe
        6⤵
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53946.exe
        6⤵
        
        PID:13900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2573.exe
        6⤵
        
        PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
        5⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        6⤵
        
        PID:11548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exe
        6⤵
        
        PID:14616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54958.exe
        6⤵
        
        PID:18504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61434.exe
        5⤵
        
        PID:10180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59743.exe
        5⤵
        
        PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10751.exe
      4⤵
      PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        5⤵
        
        PID:9172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59592.exe
        5⤵
        
        PID:13092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        5⤵
        
        PID:17936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47194.exe
      4⤵
      PID:7880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
      4⤵
      PID:11024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42563.exe
      4⤵
      PID:16160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40404.exe
      4⤵
      PID:17664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17941.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17941.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15493.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47564.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
        6⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3703.exe
        7⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43854.exe
        8⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1508.exe
        8⤵
        
        PID:13508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-932.exe
        8⤵
        
        PID:17528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
        8⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        7⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15017.exe
        7⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
        6⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18364.exe
        7⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33115.exe
        7⤵
        
        PID:14820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40595.exe
        7⤵
        
        PID:18208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1927.exe
        6⤵
        
        PID:10512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64471.exe
        6⤵
        
        PID:13456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10734.exe
        6⤵
        
        PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1378.exe
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44352.exe
        6⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62520.exe
        7⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        7⤵
        
        PID:14164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
        7⤵
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe
        6⤵
        
        PID:9708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53946.exe
        6⤵
        
        PID:13940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
        6⤵
        
        PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21283.exe
        5⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31794.exe
        6⤵
        
        PID:10028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        6⤵
        
        PID:14172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5208.exe
        6⤵
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40657.exe
        5⤵
        
        PID:10132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6605.exe
        5⤵
        
        PID:14480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34496.exe
        5⤵
        
        PID:17300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:60
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30372.exe
        5⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45058.exe
        6⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30568.exe
        6⤵
        
        PID:11716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
        6⤵
        
        PID:14868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5016.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27189.exe
        6⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36650.exe
        5⤵
        
        PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47558.exe
        5⤵
        
        PID:11436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1970.exe
        5⤵
        
        PID:16240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62464.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
      4⤵
      PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63480.exe
        5⤵
        
        PID:10292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24947.exe
        5⤵
        
        PID:14768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56739.exe
        5⤵
        
        PID:5552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54953.exe
      4⤵
      PID:9388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12973.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-934.exe
      4⤵
      PID:4532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27481.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27481.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47564.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65156.exe
        6⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60356.exe
        7⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34999.exe
        7⤵
        
        PID:15780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32043.exe
        7⤵
        
        PID:18748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        6⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
        6⤵
        
        PID:13420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27269.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61330.exe
        5⤵
        
        PID:7960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19250.exe
        5⤵
        
        PID:10480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
        5⤵
        
        PID:15572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59743.exe
        5⤵
        
        PID:3516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
      4⤵
      PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
        5⤵
        
        PID:13096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
        5⤵
        
        PID:17176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17539.exe
        5⤵
        
        PID:17896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37750.exe
      4⤵
      PID:7892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33003.exe
      4⤵
      PID:12244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49488.exe
      4⤵
      PID:17048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18863.exe
      4⤵
      PID:17252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10621.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10621.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
      4⤵
      PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3703.exe
        5⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
        6⤵
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5976.exe
        6⤵
        
        PID:14784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12005.exe
        6⤵
        
        PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        5⤵
        
        PID:9376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
        5⤵
        
        PID:13516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15017.exe
        5⤵
        
        PID:1420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
      4⤵
      PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        5⤵
        
        PID:10216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        5⤵
        
        PID:14180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35935.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17008
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17008 -s 464
        6⤵
        Program crash
        
        PID:19624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34791.exe
      4⤵
      PID:8692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
      4⤵
      PID:14456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33292.exe
      4⤵
      PID:13476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2384.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2384.exe
    3⤵
    PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12743.exe
      4⤵
      PID:8332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6386.exe
      4⤵
      PID:13180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2903.exe
      4⤵
      PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
      4⤵
      PID:6272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
    3⤵
    PID:4928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59781.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59781.exe
    3⤵
    PID:12184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15438.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15438.exe
    3⤵
    PID:16344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34298.exe
    3⤵
    PID:18188
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15904.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1103.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23060.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43226.exe
        7⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65156.exe
        8⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39168.exe
        9⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        9⤵
        
        PID:15012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
        9⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38762.exe
        8⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
        8⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2573.exe
        8⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
        7⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4739.exe
        8⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61434.exe
        7⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11841.exe
        7⤵
        
        PID:14988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2374.exe
        7⤵
        
        PID:444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51757.exe
        6⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39116.exe
        7⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36864.exe
        8⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
        8⤵
        
        PID:13268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22993.exe
        8⤵
        
        PID:17492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
        8⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43448.exe
        7⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60578.exe
        7⤵
        
        PID:12808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2162.exe
        7⤵
        
        PID:17084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48420.exe
        7⤵
        
        PID:18612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34137.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
        7⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33115.exe
        7⤵
        
        PID:14892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
        7⤵
        
        PID:17568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47610.exe
        7⤵
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        6⤵
        
        PID:9488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12443.exe
        6⤵
        
        PID:13460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15547.exe
        6⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58425.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
        6⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4040.exe
        7⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        8⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        8⤵
        
        PID:14132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23683.exe
        8⤵
        
        PID:17136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16893.exe
        7⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe
        7⤵
        
        PID:14316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46956.exe
        7⤵
        
        PID:18136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        7⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34922.exe
        7⤵
        
        PID:16216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30453.exe
        7⤵
        
        PID:18472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51093.exe
        6⤵
        
        PID:11332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15131.exe
        6⤵
        
        PID:16264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15394.exe
        6⤵
        
        PID:17680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60392.exe
        6⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21719.exe
        5⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        6⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-277.exe
        6⤵
        
        PID:12832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49636.exe
        6⤵
        
        PID:17460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25333.exe
        5⤵
        
        PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40482.exe
        5⤵
        
        PID:11344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47028.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13985.exe
        5⤵
        
        PID:18336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45618.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32380.exe
        6⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7237.exe
        7⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26236.exe
        8⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53714.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47097.exe
        8⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4527.exe
        8⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40595.exe
        8⤵
        
        PID:18036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58825.exe
        7⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27137.exe
        7⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1970.exe
        7⤵
        
        PID:15884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33875.exe
        7⤵
        
        PID:18180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10890.exe
        6⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29106.exe
        7⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43250.exe
        8⤵
        
        PID:19504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29546.exe
        7⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56826.exe
        7⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48763.exe
        7⤵
        
        PID:18120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52332.exe
        6⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61591.exe
        6⤵
        
        PID:11288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32199.exe
        6⤵
        
        PID:15856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11118.exe
        6⤵
        
        PID:18440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21222.exe
        5⤵
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62250.exe
        6⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
        7⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
        7⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
        7⤵
        
        PID:17672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23412.exe
        6⤵
        
        PID:8952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
        6⤵
        
        PID:11872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54289.exe
        6⤵
        
        PID:17764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49104.exe
        5⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54134.exe
        6⤵
        
        PID:11412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61642.exe
        6⤵
        
        PID:16072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8558.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:19672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23361.exe
        5⤵
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20419.exe
        5⤵
        
        PID:13876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15547.exe
        5⤵
        
        PID:3520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43572.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2193.exe
        5⤵
        
        PID:680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
        6⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60024.exe
        7⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28430.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11325.exe
        7⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27575.exe
        7⤵
        
        PID:17752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25960.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45228.exe
        6⤵
        
        PID:11360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
        6⤵
        
        PID:16256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56434.exe
        6⤵
        
        PID:18024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56391.exe
        5⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29298.exe
        6⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7367.exe
        7⤵
        
        PID:14400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64688.exe
        7⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14808.exe
        6⤵
        
        PID:11936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52166.exe
        6⤵
        
        PID:15940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5016.exe
        6⤵
        
        PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24319.exe
        5⤵
        
        PID:7804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53999.exe
        5⤵
        
        PID:12124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58842.exe
        5⤵
        
        PID:16180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17340.exe
        5⤵
        
        PID:18196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63189.exe
      4⤵
      PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39116.exe
        5⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55338.exe
        6⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
        6⤵
        
        PID:13236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        6⤵
        
        PID:17540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23412.exe
        5⤵
        
        PID:8852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32373.exe
        5⤵
        
        PID:13244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15394.exe
        5⤵
        
        PID:18072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4695.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53278.exe
        5⤵
        
        PID:11916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
        5⤵
        
        PID:3296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-298.exe
      4⤵
      PID:9736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31256.exe
      4⤵
      PID:13732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13186.exe
      4⤵
      PID:5100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39016.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1103.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2639.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7875.exe
        6⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36018.exe
        7⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        8⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24476.exe
        8⤵
        
        PID:12608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
        8⤵
        
        PID:16840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        8⤵
        
        PID:18128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15462.exe
        7⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28543.exe
        7⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58031.exe
        7⤵
        
        PID:15960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5287.exe
        7⤵
        
        PID:17824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-348.exe
        7⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8944.exe
        6⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        7⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48981.exe
        7⤵
        
        PID:12692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6603.exe
        7⤵
        
        PID:17020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        7⤵
        
        PID:18112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26677.exe
        6⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17321.exe
        6⤵
        
        PID:13216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51243.exe
        6⤵
        
        PID:15368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
        6⤵
        
        PID:19404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61715.exe
        5⤵
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
        6⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36864.exe
        7⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26422.exe
        7⤵
        
        PID:12728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6603.exe
        7⤵
        
        PID:17092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        7⤵
        
        PID:20200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14205.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29350.exe
        7⤵
        
        PID:13848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12058.exe
        7⤵
        
        PID:17556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50866.exe
        6⤵
        
        PID:17036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63093.exe
        6⤵
        
        PID:18356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22679.exe
        5⤵
        
        PID:5232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
        6⤵
        
        PID:8652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        6⤵
        
        PID:12984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43936.exe
        6⤵
        
        PID:15860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27495.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56251.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44758.exe
        5⤵
        
        PID:11312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42306.exe
        5⤵
        
        PID:15828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56772.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:18556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24752.exe
        5⤵
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12473.exe
        6⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55338.exe
        7⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26422.exe
        7⤵
        
        PID:12720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6603.exe
        7⤵
        
        PID:16996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-198.exe
        7⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58223.exe
        6⤵
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        6⤵
        
        PID:13196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27243.exe
        6⤵
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10960.exe
        6⤵
        
        PID:19460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
        5⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
        6⤵
        
        PID:11076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        6⤵
        
        PID:14908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2659.exe
        6⤵
        
        PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31885.exe
        5⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59811.exe
        5⤵
        
        PID:13820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64019.exe
        5⤵
        
        PID:14204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57324.exe
      4⤵
      PID:1300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62250.exe
        5⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        6⤵
        
        PID:9148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55011.exe
        6⤵
        
        PID:12840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16717.exe
        6⤵
        
        PID:17128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58223.exe
        5⤵
        
        PID:8688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25001.exe
        5⤵
        
        PID:13748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45544.exe
        5⤵
        
        PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50885.exe
      4⤵
      PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59796.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48081.exe
        5⤵
        
        PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62334.exe
      4⤵
      PID:8820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3884.exe
      4⤵
      PID:13932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34857.exe
      4⤵
      PID:17472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-854.exe
      4⤵
      PID:3484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11383.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20336.exe
        6⤵
        
        PID:8996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46843.exe
        6⤵
        
        PID:13016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43936.exe
        6⤵
        
        PID:15908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52524.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18804.exe
        5⤵
        
        PID:12116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50134.exe
        5⤵
        
        PID:14444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53329.exe
        5⤵
        
        PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
      4⤵
      PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60190.exe
        5⤵
        
        PID:9012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36318.exe
        5⤵
        
        PID:13380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15322.exe
        5⤵
        
        PID:18236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5951.exe
      4⤵
      PID:9368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61445.exe
      4⤵
      PID:13496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14437.exe
      4⤵
      PID:17992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56084.exe
      4⤵
      PID:4960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19286.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
      4⤵
      PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16444.exe
        5⤵
        
        PID:8596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57341.exe
        5⤵
        
        PID:12484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16333.exe
        5⤵
        
        PID:16672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        5⤵
        
        PID:18532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50386.exe
      4⤵
      PID:7284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53999.exe
      4⤵
      PID:12144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34145.exe
      4⤵
      PID:16524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
      4⤵
      PID:19472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
    3⤵
    PID:5456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7377.exe
      4⤵
      PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
        5⤵
        
        PID:11004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15898.exe
        5⤵
        
        PID:14808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27957.exe
        5⤵
        
        PID:1072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
      4⤵
      PID:11104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21055.exe
      4⤵
      PID:15584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
      4⤵
      PID:17576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19021.exe
      4⤵
      PID:7548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42150.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42150.exe
    3⤵
    PID:6432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60508.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60508.exe
    3⤵
    PID:11700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11453.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11453.exe
    3⤵
    PID:14468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35552.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:17516
- C:\Users\Admin\AppData\Local\Temp\Unicorn-645.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-645.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24072.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24072.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44082.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8669.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        6⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        7⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18390.exe
        8⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26422.exe
        8⤵
        
        PID:12736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6603.exe
        8⤵
        
        PID:17012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        8⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23412.exe
        7⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
        7⤵
        
        PID:13308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55659.exe
        7⤵
        
        PID:18308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63957.exe
        6⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38182.exe
        7⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21518.exe
        7⤵
        
        PID:14956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
        7⤵
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19633.exe
        6⤵
        
        PID:9744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39391.exe
        6⤵
        
        PID:14596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22986.exe
        6⤵
        
        PID:17968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11383.exe
        6⤵
        
        PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60693.exe
        5⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28016.exe
        6⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18390.exe
        7⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
        7⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6657.exe
        7⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        6⤵
        
        PID:9628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
        6⤵
        
        PID:13776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
        6⤵
        
        PID:17008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
        6⤵
        
        PID:18324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1658.exe
        5⤵
        
        PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58565.exe
        5⤵
        
        PID:11744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60586.exe
        5⤵
        
        PID:15928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
        5⤵
        
        PID:18164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe
      4⤵
      PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14035.exe
        5⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55338.exe
        6⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
        6⤵
        
        PID:13304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14825.exe
        6⤵
        
        PID:18220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25960.exe
        5⤵
        
        PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27137.exe
        5⤵
        
        PID:12268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-487.exe
        5⤵
        
        PID:17164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62418.exe
        5⤵
        
        PID:17588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38659.exe
      4⤵
      PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36672.exe
        5⤵
        
        PID:7508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20776.exe
        5⤵
        
        PID:12948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35768.exe
        5⤵
        
        PID:17380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61784.exe
      4⤵
      PID:7692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36390.exe
      4⤵
      PID:11380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59372.exe
      4⤵
      PID:16136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14821.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:18244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40552.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:32
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29090.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10553.exe
        5⤵
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
        6⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31794.exe
        7⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        7⤵
        
        PID:14144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64523.exe
        7⤵
        
        PID:17948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
        6⤵
        
        PID:13412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35437.exe
        6⤵
        
        PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23500.exe
        5⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20502.exe
        6⤵
        
        PID:9636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24947.exe
        6⤵
        
        PID:15132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11622.exe
        6⤵
        
        PID:18596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65134.exe
        5⤵
        
        PID:9160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62412.exe
        5⤵
        
        PID:14364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10000.exe
        5⤵
        
        PID:19644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14703.exe
      4⤵
      PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18364.exe
        5⤵
        
        PID:10448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44871.exe
        5⤵
        
        PID:13768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14937.exe
        5⤵
        
        PID:17136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44679.exe
        5⤵
        
        PID:17836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20070.exe
      4⤵
      PID:8912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45526.exe
      4⤵
      PID:12764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34330.exe
      4⤵
      PID:17060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6495.exe
      4⤵
      PID:19484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13421.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
      4⤵
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50190.exe
        5⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
        6⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59287.exe
        6⤵
        
        PID:12572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45690.exe
        6⤵
        
        PID:16756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        6⤵
        
        PID:18268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        5⤵
        
        PID:9444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
        5⤵
        
        PID:13440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27269.exe
        5⤵
        
        PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
      4⤵
      PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
        5⤵
        
        PID:12236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39006.exe
        5⤵
        
        PID:14836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59234.exe
        5⤵
        
        PID:17884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62804.exe
      4⤵
      PID:10172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62412.exe
      4⤵
      PID:14380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21232.exe
      4⤵
      PID:18644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
    3⤵
    PID:5676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
      4⤵
      PID:8932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
      4⤵
      PID:12876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36013.exe
      4⤵
      PID:17788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47394.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47394.exe
    3⤵
    PID:7712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64247.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64247.exe
    3⤵
    PID:12176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23829.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23829.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:16368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10929.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10929.exe
    3⤵
    PID:17692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62307.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62307.exe
    3⤵
    PID:4640
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23807.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23807.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50304.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49894.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5929.exe
        5⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
        6⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exe
        7⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
        8⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55177.exe
        8⤵
        
        PID:14092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52628.exe
        8⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21056.exe
        7⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44216.exe
        7⤵
        
        PID:14492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
        7⤵
        
        PID:17108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
        7⤵
        
        PID:17652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2486.exe
        7⤵
        
        PID:17112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        6⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8057.exe
        7⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53039.exe
        7⤵
        
        PID:14384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44103.exe
        7⤵
        
        PID:16860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16893.exe
        6⤵
        
        PID:10456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe
        6⤵
        
        PID:13088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
        6⤵
        
        PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31310.exe
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29106.exe
        6⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29006.exe
        6⤵
        
        PID:12044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29467.exe
        6⤵
        
        PID:12428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59147.exe
        6⤵
        
        PID:16548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16548 -s 464
        7⤵
        Program crash
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48420.exe
        6⤵
        
        PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64584.exe
        5⤵
        
        PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49994.exe
        5⤵
        
        PID:12076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10210.exe
        5⤵
        
        PID:16728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14621.exe
        5⤵
        
        PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47517.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44378.exe
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exe
        6⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5535.exe
        7⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        7⤵
        
        PID:14116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44103.exe
        7⤵
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28648.exe
        6⤵
        
        PID:10068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23219.exe
        6⤵
        
        PID:14108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8795.exe
        6⤵
        
        PID:18276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        5⤵
        
        PID:7768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51093.exe
        5⤵
        
        PID:11292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15131.exe
        5⤵
        
        PID:16376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52151.exe
        5⤵
        
        PID:18148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29697.exe
      4⤵
      PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45826.exe
        5⤵
        
        PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34398.exe
        5⤵
        
        PID:12020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9152.exe
        5⤵
        
        PID:17076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2573.exe
        5⤵
        
        PID:17188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11213.exe
      4⤵
      PID:8256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24714.exe
      4⤵
      PID:12148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
      4⤵
      PID:15976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
      4⤵
      PID:5600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23806.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48908.exe
      4⤵
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49832.exe
        5⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10501.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
        7⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33115.exe
        7⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
        7⤵
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20480.exe
        6⤵
        
        PID:9996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30813.exe
        6⤵
        
        PID:14932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17791.exe
        6⤵
        
        PID:19660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        5⤵
        
        PID:7788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13385.exe
        5⤵
        
        PID:10064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26921.exe
        5⤵
        
        PID:15540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6657.exe
        5⤵
        
        PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55338.exe
        5⤵
        
        PID:8756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
        5⤵
        
        PID:12640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
        5⤵
        
        PID:16832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        5⤵
        
        PID:18248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26677.exe
      4⤵
      PID:8552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17321.exe
      4⤵
      PID:13224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2042.exe
      4⤵
      PID:2108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
    3⤵
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25904.exe
      4⤵
      PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44352.exe
        5⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54544.exe
        6⤵
        
        PID:9544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
        6⤵
        
        PID:13712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35935.exe
        6⤵
        
        PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe
        5⤵
        
        PID:9796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53946.exe
        5⤵
        
        PID:13804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62080.exe
        5⤵
        
        PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
      4⤵
      PID:7216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
        5⤵
        
        PID:11108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        5⤵
        
        PID:14924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        5⤵
        
        PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1927.exe
      4⤵
      PID:10492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64471.exe
      4⤵
      PID:14088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12137.exe
      4⤵
      PID:17208
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17208 -s 72
        5⤵
        Program crash
        
        PID:2944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24077.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24077.exe
    3⤵
    PID:6032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
      4⤵
      PID:9164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44705.exe
      4⤵
      PID:13052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43936.exe
      4⤵
      PID:16120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
      4⤵
      PID:6364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14913.exe
    3⤵
    PID:7312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59141.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59141.exe
    3⤵
    PID:12104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50664.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50664.exe
    3⤵
    PID:15844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52371.exe
    3⤵
    PID:3948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27144.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27144.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32920.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65156.exe
        5⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39168.exe
        6⤵
        
        PID:11228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        6⤵
        
        PID:15020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38238.exe
        6⤵
        
        PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        5⤵
        
        PID:9532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
        5⤵
        
        PID:14080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15017.exe
        5⤵
        
        PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61330.exe
      4⤵
      PID:7968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51923.exe
      4⤵
      PID:11148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
      4⤵
      PID:15432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55659.exe
      4⤵
      PID:18316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12862.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12862.exe
    3⤵
    PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62250.exe
      4⤵
      PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
        5⤵
        
        PID:7488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24346.exe
        5⤵
        
        PID:11852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1019.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-932.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-278.exe
      4⤵
      PID:8264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44050.exe
      4⤵
      PID:12080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1970.exe
      4⤵
      PID:16424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19485.exe
      4⤵
      PID:17116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20323.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20323.exe
    3⤵
    PID:7040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
      4⤵
      PID:9180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44705.exe
      4⤵
      PID:13044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43936.exe
      4⤵
      PID:16408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17330.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17330.exe
    3⤵
    PID:9616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30725.exe
    3⤵
    PID:14544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40718.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40718.exe
    3⤵
    PID:14204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23523.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23523.exe
    3⤵
    PID:17608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20579.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20579.exe
    3⤵
    PID:7552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52825.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52825.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
    3⤵
    PID:4340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49396.exe
      4⤵
      PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        5⤵
        
        PID:7852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        5⤵
        
        PID:13884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14937.exe
        5⤵
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16613.exe
        5⤵
        
        PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8804.exe
      4⤵
      PID:9864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
      4⤵
      PID:14368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8795.exe
      4⤵
      PID:2396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4040.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4040.exe
    3⤵
    PID:7808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51093.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51093.exe
    3⤵
    PID:11352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15131.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15131.exe
    3⤵
    PID:16248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
    3⤵
    PID:17916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23635.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23635.exe
    3⤵
    PID:1988
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9335.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9335.exe
  2⤵
  PID:5540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13625.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13625.exe
    3⤵
    PID:6820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
      4⤵
      PID:8680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59287.exe
      4⤵
      PID:12564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43936.exe
      4⤵
      PID:15972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
      4⤵
      PID:6260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12120.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12120.exe
    3⤵
    PID:9464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
    3⤵
    PID:13448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22993.exe
    3⤵
    PID:17448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
  2⤵
  PID:7012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2053.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2053.exe
    3⤵
    PID:8612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
    3⤵
    PID:12516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16333.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16333.exe
    3⤵
    PID:16708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53896.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53896.exe
  2⤵
  PID:9892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63821.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63821.exe
  2⤵
  PID:13924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6260.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6260.exe
  2⤵
  PID:17432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4696 -ip 4696
1⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 6856 -ip 6856
1⤵
PID:12256

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:18496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 17008 -ip 17008
1⤵
PID:19580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1103.exe

Filesize
468KB

MD5
c08c9e913de85e59ba8e0405c5fe2919

SHA1
ff1a9c9f0a34eaf98fb306b884d46ac088a4ce6a

SHA256
59a15c0bd85e0c5699045f1ab2a84c9fabbe82c9ab5fcf621d7a0f034de9790d

SHA512
a3e15dad986185ccd4cb27bdb6b1ec66c3d940c3846c05438667df9d31443da010a0317f8ffb268c6e411f87d7fe7d1146bd94d1dad60cfa3f41282c1859f536

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15493.exe

Filesize
468KB

MD5
a3baa5573f768a91c0043aebfb9f03df

SHA1
bdce28ec0ba734ac404a3ea4a3ce33568329628d

SHA256
2fa4b1f94a0845952e6f1d72a376f4f9a212f071dc36a8994ebf6b6e66804ca1

SHA512
f59a5e582f20fcab3f0f89f797fcde60c7c86a786fe93bbe367eb4c53d6da9c7b9d8541d43e5d5151762ce251ea4cf3e1ddc6def76675f5d4bd3aa30d34b817c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15904.exe

Filesize
468KB

MD5
280ced38df738e75dba0ac318cd0af66

SHA1
1b70d2b996f64eefe61052e9c3eb1e576c1de27a

SHA256
77bc2f9dfe349ef4e5d54a44a9d1d4cb8eaa321f0202aef2f811fd6745da7e68

SHA512
581c513135c86e3b981aca4511aa5cea6f214c886a203689091e65d659fc99a2df30990181ef63bbd45c00d53130c9907755ba0020bd95bece9fd7f19286b93b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17941.exe

Filesize
468KB

MD5
1767731237e8e83ef0147b76167e7219

SHA1
c409b8feea5099bc98618448c39f922f9ac4f93a

SHA256
bd72a7c4a32432607dfe841bc5a7a019f25726ecc0e038fe75aaa99a4cfeee9d

SHA512
df105534728f5d9602733b6806a77d222b80a76f9b3f83d3f3630541978cd033d69b8162314294577e8395578d0eb8f6cc938ea85a662814217b35b87f98f19e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe

Filesize
468KB

MD5
6f8938e9b92c372a41292bfc2326bf86

SHA1
1ea9ca9f949d950b75b9c21a681c132d7ea24bb1

SHA256
a10bb5007658afffa7d7f1857dcc7a59c2f9c42fc7bdaa810fbc5f8d704f4367

SHA512
9351c0b6822bc7edd3d021d4601394f0310e8efc391faf555f9108fb18abc81c73aea9088ce0d1de395942984e7024159bc861d13053fcb6027ea5fd90a6b8c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe

Filesize
468KB

MD5
915ae60aea1d28bc99b43c88ef7bb41d

SHA1
580acd89149051bd8226cb80238a2b319a541797

SHA256
ca45dc17d46bde5e2d2d069ad6b83cb86b7beb90f18f9097b8b6c73c05e6b69a

SHA512
95c29d4654244da9ce47b826fa726ae523c01e20dd94d3e3f84f0f88da71bbf32099856bb8c8722df9110a2ba1474b3c94fc51af7e2662a218a1f7d46a8565d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20892.exe

Filesize
468KB

MD5
13d18c13ec02629f4c14947d81f454c5

SHA1
ea09e8a56469c882a6f600a910053ace6f85dc38

SHA256
a2b1940ef5be336b3c5f5a8f8cc69cd42e7a4f6e8217a4c16bd436fcb4fec122

SHA512
f85fd6b60335891f06026dd8257a8ddfb42f4ee73520a6eadd86379c552d2350d7506b3696f807cf1933acdee599c121c5a4f4f8bf91f4f04e415eee0604e267

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23807.exe

Filesize
468KB

MD5
421fc4b517f9cfa3bc2cce3f2d0215ae

SHA1
d86dd8ea8b4b98d86b6b396080b92d696dfff8de

SHA256
745178eae110c50425e383da3d9ef3b3384f6371838e4e4985bdb0f76d5a6773

SHA512
d62aeeb4640d176a4fcc1361ff12364f467f2e8c6ac050958c9ea7d68b5e916691c736d28ee9fb66d848271a585ead2a5d93a577d3326214937426dfb640ea26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24072.exe

Filesize
468KB

MD5
242a3263376956ada3d3261872276750

SHA1
d59a17682d444752ec4959060f9b654f43f09758

SHA256
85bfcaf2516cd0e2ea1fa8753ad5e5a8a512ac97380e751e542e32c54a405bae

SHA512
2e9d364aed10a4746397faf2c4ff12ffdd663a0b4c93235251ca958f5985ad09217fff2d486e5845c73e51acdcb4391855c39985db1c9e763a4feba30af9976d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2665.exe

Filesize
468KB

MD5
d20fdb8adfb03e2065e51c81e87b5a9f

SHA1
b5da1733c191786b95b9c2f631e5e9a905265a66

SHA256
d31d5d2cafed12b1b869ccdc3abc342733943cf8b3861ba7340018e6ab5d9342

SHA512
101d367bb43c1b8beb5ce48898f761eab29e3901d89ae28d528a329f5c16d2cb7a28f1ca4fbc9dac1486c31f26e2118c52b5e1e5efda561bf73653c537457b2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26930.exe

Filesize
468KB

MD5
3abad6db60dbfec64e571fd66d37a6b0

SHA1
17e464b874dc3ed85195def8da155460f7ab2cd8

SHA256
d4c65eb33cb074159ef734aaa72210de12473b78f48418884f650564ce3cf27d

SHA512
d3b7de1bad48415eeb17bcac7740fe6c60fe28ed3e726a12f637f252b191a127872d062d090df48ae589ec150c797411cefe26661bbe5c20029bffac3704e53c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27481.exe

Filesize
468KB

MD5
c32124f48cb652f514003fb97884fc4c

SHA1
69e3a712ebf575417a91ae7d0db78dbf56bb17ae

SHA256
bd3922e9f17ec35b6952a71ee413ff045e620a721dcb2211fddce48475761845

SHA512
bd1b121c476fcd4c51bd29676ca5e5400ccd93bb49273990ee71fc047527b95221c508793bb4a0a2bac9facd0460b4c342854fda5ff64f9a2f873d2974fd6e3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2945.exe

Filesize
468KB

MD5
1cbd2d98797740bcc3bf06ba8fe383e6

SHA1
8d67a17efd9058bcae22d332fe905feefd4cf6cf

SHA256
ce99140f5f2d4c375fc3830e3d2a1c12748ff3a40db927c9a3c554777d2f7810

SHA512
ace66fa515ef4ef87bb74317ca79ee200edd02d3dc59d9c89c826db71022972d30beed3ffe815b3b7fa809b5b6fbf58933b9bcf244a4d6bae3a54e09737b1433

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe

Filesize
468KB

MD5
d4c81e3f2d52a6c8a1e7d34386b636c6

SHA1
b761448c40247314df1ff1ac554d05eafb440ba7

SHA256
049932e555ab6b9ccb925c7150f1717b97dc0ad378e37fb4ff1525622ca71f9c

SHA512
90dc9ed869e2cd84276dc1701468adadfe317749cf981aeeff45f18ed25ad1253c6dbd66a2667c0a8afe04f7370876c811649e31e235ec4833f5bd92665b4d03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38462.exe

Filesize
468KB

MD5
c505165ab86be2f29d995b3b05e8f247

SHA1
a936db491182865c6975ee5fb512d4f0d596c199

SHA256
2f088eb2584b6bdde8d9167fca5567303f91603cb154b890dea40a488cd4f63d

SHA512
d2e4bfbff5afc4b76f83b34f297ad527dbe211dd3d448cf3626e4e4ea1118cf11bdc44b23d7ab16bff0c07bef16f967279d9f8f966e8916c584fd48f7ac37deb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39016.exe

Filesize
468KB

MD5
a4169363aadcdc95af5504c12a7ab1a1

SHA1
6716720baa18203f7f92f39f880919e9ead07bdb

SHA256
8da78f8c6ebffcfb36852e76214b3c7ad214fb1b3cc47197da0080674ec42317

SHA512
254d7b6de0c6a356632ebd3b04c8467b6bef95bf4d62841ca1253b2a680e61cb7c2f5794bf1c6644fe3fa22cc0a3b76b24e9210f5620fada3cb2bf9f9c75e2ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40194.exe

Filesize
468KB

MD5
9f74e09beab33a03ae6ee2dd16cb89cf

SHA1
a1269b2bda0b1b29e43390ce1cd5411719f2b48a

SHA256
866c40ef653ad9f44f83c723afc5f8773f15e37164ff2b60ab4b3baf9f75a64e

SHA512
2674d7a79fbd00d108318e86dc6d36e14524f8bca5eaa3e139f05945092b49454688f1e0e745298f88b197d2fb65ef0670f9674d32442e4c67d4f12dc95730b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40552.exe

Filesize
468KB

MD5
f218d0b3718d74f71a6d042a4d142782

SHA1
6b475f9cabbb3d5d20bf53674d00e048db4ac8c2

SHA256
b20f684685b66f1dbcba6238e4c34a926a7ef71f10d470f599298ea863fde9c0

SHA512
fd42d0854d4668739275d5b0174e5d7cfc82ba8eda6f455184344e9c333bcbe9dc360aeaf36c039d52504cd047624e14fe4f60a1eb497e6e70e6875d469a3d2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe

Filesize
468KB

MD5
ccd863965c9f2b03544d89634f080bae

SHA1
68457694d5bc98d34c7c8a14ab53ccb32eaf9b4d

SHA256
fcb4ad29020d7391d5fef0f21c72d02bffcf96e9acf0503a487bf35c7306f8a5

SHA512
6f7f5a76ffda00a66e25894532a5618cf7d43e147ba79c785497e10c34a5fbb00f71fbffe76bcdca8946e3416a1cb3369817e8c1beb35b2dca68cb8e5463c49f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44082.exe

Filesize
468KB

MD5
56989c9b45aa14de0526bce8b82ad05a

SHA1
12479eaa90bebbee7fb9d8853a53840acf33a2fc

SHA256
125f6f3afa766d1fd6d3fa76de90dcb8e751145d04d0ddb81ea3f7cd4aaaa370

SHA512
d3d8049913970726838999cac2ff2d0fdc478bd3bd47b121e63b15d292d082e9ed30d09870a205d0c0e546419a1652a0ec7cdd5acf9cd57340b4f82dd7747227

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe

Filesize
468KB

MD5
8209ba9d968d980ee75e41884558dc9e

SHA1
b2ee22c26089ab6af742bece540affdcfab862f9

SHA256
10da300197afed130cc6bce0e044fd7603987180e9339f3b5b4120ad3a661ab2

SHA512
29a4ccf0c002cffad474207a98b5242dfe6cbbc000868c5c75d66dba962a2607ef1527191fc185b113977ec8ef3976f4dede1abbe60ea8aeea64e2fa0eae8ce0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50304.exe

Filesize
468KB

MD5
4c5f79627f482022ffe4e9163e6d81ac

SHA1
52e74740264221345eb1f7ecbc576881b180bedf

SHA256
28d50e736d8c07bb52ff55d0cafabf32b0a5a638ce367beb61c758c77f160cb7

SHA512
00a0e31a7733743817c7eda691caea9c244349eb6e35f06f74c7c76f18bfcc5a2777d37f2c2403510b3c82653cc2f6c2b906100d76d295fe84ae8867164cf201

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe

Filesize
468KB

MD5
d6cf233ca23654dbf6eeb71f05ee1eed

SHA1
dc37da8497a1d55d94562057bce3d6692b440425

SHA256
bc901629d40bdb4015c0273f7fe044997cb8f38d3709668d478c61bf67851455

SHA512
b48d63f579dd7522883c6517208f10f130ee7315d73ae0a08bcc72bfe988a456a70cd42aa02e4a6051196db74897d8f8c48d5c1f8ad76cbb81a9396e04f87d94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50994.exe

Filesize
468KB

MD5
bc0184b88ee8709aa66189295298aded

SHA1
fea46fcab10e68f6616d19afc89b785f92609519

SHA256
4da15ee1fbcd90c48478a039a3400e24e7c02fbbb5fadc7a4ab65ccef1447149

SHA512
39565de8e493c51922bfd7b52191a392199837820ac40b7f0aaf1cc32b5f5e053bec7f9ac553f0906816abb21fb797b992459086894b55e5253b7a19efb89f23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe

Filesize
468KB

MD5
1f66ab93768549492333215eefd3b994

SHA1
89fd97729ec2b65495dc941226bb8a98b3dc434f

SHA256
6a245b83de05dd0295521fb98e39477de10d4829a76ada907353eec5bf5f31e3

SHA512
f2ec71314db3965f2b140c562a2589233e176a562e3c091abf7b1ebaf8f79268fa629f42b47bb0d5bb85d05cfaeb20365dce35a6c0041ad10cdb58b9efd15bad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe

Filesize
468KB

MD5
2998e4f4e581c8a64710d792587e7cfd

SHA1
95c1a398c362aa6405005684d2cc4280868ae13b

SHA256
cb168a5cbe47c87ea4bdc8bc01dfa2e6faf64806755fa5c4c7f85d3d7e71bd40

SHA512
360739f53e2b3de4538bcd7947ceab6725d88aebd17f0985c382af12a9333141b5311b9e0529f608b47fd1b1bf2568e7f320f48c8b1230f00e6f9817fbcd946b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe

Filesize
468KB

MD5
1d078bde56928c22f67df79b2a631b66

SHA1
dd9f9ecf3b2e34ebdf0528d233b7d46fa6258620

SHA256
3d585ba48a2dff90e556bd20ad7fc8d98de4eaa385c7acc0834bd74ddf4e6ad2

SHA512
4bc952f8067520cb443b3a9216997a7ae4ced566642db7aacf8fcd6d69a6b4d887c65dd2056da8fe98b206c6383bf232ea77888f152da6006bf6f30f5486c9e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe

Filesize
468KB

MD5
ad35aaa95e7c2bcc9f09c098eb901c72

SHA1
2187567c7c50456e73e025da67669a048fb51cc6

SHA256
caffa3c61dec810e41bfbee4774b4ff12f892bda0a74a33c3c1ad114867048db

SHA512
f93e6b6c82586bdbfc8295e66ea277dae400e2e48575310f64fcf2a853b0db0faa4f1791426227a084690144b3b71bab095130d6808b727c77dffdff116b7a86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60589.exe

Filesize
468KB

MD5
1554c15b6e489219701352d769badc30

SHA1
ff215b8e07e24e68c20388469f813caa496c5810

SHA256
c1735fe6c5cfd28d73ea5a798e5e1f2e0de39609bc409d9340fb2b6f746e3f42

SHA512
24b3c337b51b328bab1c43aceb2c93da5193728a98dcec69b24af6a3bdbf1301dc5f4bda0de1631d3dd4b21fa0651b8f7e94eb5719bc2810a3639d932f82bbb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63900.exe

Filesize
468KB

MD5
983b70d852b9d1b3bb070f30b343ba75

SHA1
7faf717d17a128476dd0dffaf7233352371a2a24

SHA256
decdeb0f43ac93d1ee16cd36c06c76f380b82a456ecf06bd6a3fcdd1e7baf0e8

SHA512
e94d1d669f8ea347712a192740c3150c202aa5b9c6f3ecbb0ce80fcc3366f95ccc4eaf30c347283c00f7d2720b4055359251de77344001dcd9a5b030cdffc755

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe

Filesize
468KB

MD5
1096747fdb2a4a9401a770f946742073

SHA1
a90b6c5c144dde6988d579e78b2d73c30e001822

SHA256
23f21160174e716dae60f6991ce7059a9b258a4fb57c03a1bed75a774a939b1b

SHA512
dd9df8f29654cb117994b1c7449d101493a12b2edacb18170273760836acfc57bffb6caa2eca01480524f4ed1aa3324d31b9b1cae7a8c69a656a91d28a17451a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-645.exe

Filesize
468KB

MD5
777465491ecabd4c4de2599525ddfa6e

SHA1
1305431fdc36c52c965182b9c2c5d24e26738a81

SHA256
94badcb219970551b8d1a13de0cb5fd764bce8af98019768e15bcef3664775bb

SHA512
eae5bd241049aa9a569276a3146ce0002ea6298331bfbf8a0b09e18e8adedf6e5daef0bf8d1a8e26fde72459c8fbc1dadb1f4cdb4ce3b2a18b1f247e6854eecf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9271.exe

Filesize
468KB

MD5
859067b308f823b159862fb9f7cd7814

SHA1
97e0f49a8e3f1d7c73e6b7249d8daede4e7a635d

SHA256
b9451005ff02d6f316c4e038c68f89884188b3d9879881e0ffbdcb383846820d

SHA512
035cb6c105615febbbffc60d2545caa935d7bf327e9349edbec4ce5e333e63962ea04ca29120fdcba06ec8086dea65a2f827f191804f56cd8727e3cd58db1a58

Download Submit
memory/2468-3519-0x00007FFF14C60000-0x00007FFF14CE3000-memory.dmp

Filesize
524KB

Download
memory/4556-3902-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/7836-5128-0x0000000076250000-0x0000000076275000-memory.dmp

Filesize
148KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads