e178617daba844b0ecde6fdf3f1d1b0cf7b3907f421a72d0fe1cb6ac048135bd

Analysis

max time kernel
150s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/09/2024, 02:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e178617daba844b0ecde6fdf3f1d1b0cf7b3907f421a72d0fe1cb6ac048135bd.exe
Size

468KB
MD5

658feb4962d986896ad38c3a4976a49f
SHA1

044d4df17b92b180123d90fb7075c631436f4d46
SHA256

e178617daba844b0ecde6fdf3f1d1b0cf7b3907f421a72d0fe1cb6ac048135bd
SHA512

5e0566755e6d5fd060df28f7252183d39985dec66ae790e11960756367d371f733b7583d74166296ad854a141c0a94e89bc59c56bd6f77bad4367b3d6f4f74fe
SSDEEP

3072:svuuorldIE3YtbYyPzcIffT/ECXZ4RmYnsHCOVhDckdaPS/7tQlf:sv3oQeYtFP4IffoYkkckc6/7t

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3992	Unicorn-29413.exe
4724	Unicorn-16876.exe
4776	Unicorn-59148.exe
3164	Unicorn-29563.exe
2388	Unicorn-49429.exe
1372	Unicorn-32901.exe
1972	Unicorn-26770.exe
1816	Unicorn-48866.exe
4040	Unicorn-60141.exe
3472	Unicorn-350.exe
4896	Unicorn-350.exe
3640	Unicorn-350.exe
1468	Unicorn-11896.exe
4644	Unicorn-11896.exe
4852	Unicorn-31497.exe
1420	Unicorn-16210.exe
1160	Unicorn-14984.exe
224	Unicorn-34658.exe
1708	Unicorn-1528.exe
4020	Unicorn-53983.exe
2648	Unicorn-50262.exe
3412	Unicorn-19666.exe
4488	Unicorn-10543.exe
4344	Unicorn-35810.exe
3808	Unicorn-35810.exe
384	Unicorn-52338.exe
4784	Unicorn-47085.exe
424	Unicorn-47085.exe
2564	Unicorn-33349.exe
1032	Unicorn-61954.exe
2948	Unicorn-16344.exe
4836	Unicorn-51202.exe
4840	Unicorn-31615.exe
1948	Unicorn-53890.exe
4716	Unicorn-33640.exe
1384	Unicorn-53506.exe
1928	Unicorn-584.exe
720	Unicorn-31724.exe
4168	Unicorn-28540.exe
2288	Unicorn-5649.exe
3148	Unicorn-1544.exe
1524	Unicorn-6609.exe
2020	Unicorn-5477.exe
2732	Unicorn-46210.exe
1204	Unicorn-29682.exe
4452	Unicorn-12769.exe
2184	Unicorn-12504.exe
4556	Unicorn-40573.exe
2220	Unicorn-46703.exe
3968	Unicorn-45442.exe
1000	Unicorn-23660.exe
4808	Unicorn-9925.exe
1084	Unicorn-29526.exe
3268	Unicorn-9925.exe
1080	Unicorn-9925.exe
1052	Unicorn-29141.exe
4248	Unicorn-15073.exe
2180	Unicorn-16034.exe
4336	Unicorn-49775.exe
1848	Unicorn-29909.exe
3216	Unicorn-27116.exe
2360	Unicorn-16994.exe
3632	Unicorn-36536.exe
1692	Unicorn-24799.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
8532	6556	WerFault.exe	274
9088	6464	WerFault.exe	271
9772	6548	WerFault.exe	247
12952	11176	WerFault.exe	525
5080	16188	WerFault.exe	814
18120	7032	Process not Found	1039
10472	6184	Process not Found	1043

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12690.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18517.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4037.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51682.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20191.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38434.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29913.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34930.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12943.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16344.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30750.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1128.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41602.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44269.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11896.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57868.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51849.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5777.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55033.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61954.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41285.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28527.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33673.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33689.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40918.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62550.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36249.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	7232	Process not Found
Token: SeChangeNotifyPrivilege	7232	Process not Found
Token: 33	7232	Process not Found
Token: SeIncBasePriorityPrivilege	7232	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5044	e178617daba844b0ecde6fdf3f1d1b0cf7b3907f421a72d0fe1cb6ac048135bd.exe
3992	Unicorn-29413.exe
4724	Unicorn-16876.exe
4776	Unicorn-59148.exe
3164	Unicorn-29563.exe
1372	Unicorn-32901.exe
1972	Unicorn-26770.exe
2388	Unicorn-49429.exe
1816	Unicorn-48866.exe
4040	Unicorn-60141.exe
3640	Unicorn-350.exe
3472	Unicorn-350.exe
4852	Unicorn-31497.exe
1468	Unicorn-11896.exe
4644	Unicorn-11896.exe
4896	Unicorn-350.exe
1420	Unicorn-16210.exe
1160	Unicorn-14984.exe
224	Unicorn-34658.exe
1708	Unicorn-1528.exe
4020	Unicorn-53983.exe
2648	Unicorn-50262.exe
2564	Unicorn-33349.exe
4488	Unicorn-10543.exe
3808	Unicorn-35810.exe
3412	Unicorn-19666.exe
384	Unicorn-52338.exe
4784	Unicorn-47085.exe
424	Unicorn-47085.exe
4344	Unicorn-35810.exe
1032	Unicorn-61954.exe
2948	Unicorn-16344.exe
4836	Unicorn-51202.exe
4840	Unicorn-31615.exe
1948	Unicorn-53890.exe
1384	Unicorn-53506.exe
4716	Unicorn-33640.exe
1928	Unicorn-584.exe
720	Unicorn-31724.exe
4168	Unicorn-28540.exe
2288	Unicorn-5649.exe
3148	Unicorn-1544.exe
1524	Unicorn-6609.exe
2020	Unicorn-5477.exe
2732	Unicorn-46210.exe
2220	Unicorn-46703.exe
4452	Unicorn-12769.exe
2184	Unicorn-12504.exe
3968	Unicorn-45442.exe
4556	Unicorn-40573.exe
1000	Unicorn-23660.exe
3268	Unicorn-9925.exe
4808	Unicorn-9925.exe
4248	Unicorn-15073.exe
1080	Unicorn-9925.exe
1052	Unicorn-29141.exe
1084	Unicorn-29526.exe
4336	Unicorn-49775.exe
2180	Unicorn-16034.exe
3216	Unicorn-27116.exe
1848	Unicorn-29909.exe
2360	Unicorn-16994.exe
3632	Unicorn-36536.exe
208	Unicorn-21077.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5044 wrote to memory of 3992	5044	e178617daba844b0ecde6fdf3f1d1b0cf7b3907f421a72d0fe1cb6ac048135bd.exe	89
PID 5044 wrote to memory of 3992	5044	e178617daba844b0ecde6fdf3f1d1b0cf7b3907f421a72d0fe1cb6ac048135bd.exe	89
PID 5044 wrote to memory of 3992	5044	e178617daba844b0ecde6fdf3f1d1b0cf7b3907f421a72d0fe1cb6ac048135bd.exe	89
PID 3992 wrote to memory of 4724	3992	Unicorn-29413.exe	93
PID 3992 wrote to memory of 4724	3992	Unicorn-29413.exe	93
PID 3992 wrote to memory of 4724	3992	Unicorn-29413.exe	93
PID 5044 wrote to memory of 4776	5044	e178617daba844b0ecde6fdf3f1d1b0cf7b3907f421a72d0fe1cb6ac048135bd.exe	94
PID 5044 wrote to memory of 4776	5044	e178617daba844b0ecde6fdf3f1d1b0cf7b3907f421a72d0fe1cb6ac048135bd.exe	94
PID 5044 wrote to memory of 4776	5044	e178617daba844b0ecde6fdf3f1d1b0cf7b3907f421a72d0fe1cb6ac048135bd.exe	94
PID 3992 wrote to memory of 3164	3992	Unicorn-29413.exe	97
PID 3992 wrote to memory of 3164	3992	Unicorn-29413.exe	97
PID 3992 wrote to memory of 3164	3992	Unicorn-29413.exe	97
PID 4724 wrote to memory of 2388	4724	Unicorn-16876.exe	98
PID 4724 wrote to memory of 2388	4724	Unicorn-16876.exe	98
PID 4724 wrote to memory of 2388	4724	Unicorn-16876.exe	98
PID 4776 wrote to memory of 1372	4776	Unicorn-59148.exe	99
PID 4776 wrote to memory of 1372	4776	Unicorn-59148.exe	99
PID 4776 wrote to memory of 1372	4776	Unicorn-59148.exe	99
PID 5044 wrote to memory of 1972	5044	e178617daba844b0ecde6fdf3f1d1b0cf7b3907f421a72d0fe1cb6ac048135bd.exe	100
PID 5044 wrote to memory of 1972	5044	e178617daba844b0ecde6fdf3f1d1b0cf7b3907f421a72d0fe1cb6ac048135bd.exe	100
PID 5044 wrote to memory of 1972	5044	e178617daba844b0ecde6fdf3f1d1b0cf7b3907f421a72d0fe1cb6ac048135bd.exe	100
PID 3164 wrote to memory of 1816	3164	Unicorn-29563.exe	101
PID 3164 wrote to memory of 1816	3164	Unicorn-29563.exe	101
PID 3164 wrote to memory of 1816	3164	Unicorn-29563.exe	101
PID 3992 wrote to memory of 4040	3992	Unicorn-29413.exe	102
PID 3992 wrote to memory of 4040	3992	Unicorn-29413.exe	102
PID 3992 wrote to memory of 4040	3992	Unicorn-29413.exe	102
PID 1972 wrote to memory of 3472	1972	Unicorn-26770.exe	104
PID 1972 wrote to memory of 3472	1972	Unicorn-26770.exe	104
PID 1972 wrote to memory of 3472	1972	Unicorn-26770.exe	104
PID 1372 wrote to memory of 3640	1372	Unicorn-32901.exe	105
PID 1372 wrote to memory of 3640	1372	Unicorn-32901.exe	105
PID 1372 wrote to memory of 3640	1372	Unicorn-32901.exe	105
PID 2388 wrote to memory of 4896	2388	Unicorn-49429.exe	103
PID 2388 wrote to memory of 4896	2388	Unicorn-49429.exe	103
PID 2388 wrote to memory of 4896	2388	Unicorn-49429.exe	103
PID 4776 wrote to memory of 1468	4776	Unicorn-59148.exe	106
PID 4724 wrote to memory of 4644	4724	Unicorn-16876.exe	107
PID 4724 wrote to memory of 4644	4724	Unicorn-16876.exe	107
PID 4776 wrote to memory of 1468	4776	Unicorn-59148.exe	106
PID 4724 wrote to memory of 4644	4724	Unicorn-16876.exe	107
PID 4776 wrote to memory of 1468	4776	Unicorn-59148.exe	106
PID 5044 wrote to memory of 4852	5044	e178617daba844b0ecde6fdf3f1d1b0cf7b3907f421a72d0fe1cb6ac048135bd.exe	108
PID 5044 wrote to memory of 4852	5044	e178617daba844b0ecde6fdf3f1d1b0cf7b3907f421a72d0fe1cb6ac048135bd.exe	108
PID 5044 wrote to memory of 4852	5044	e178617daba844b0ecde6fdf3f1d1b0cf7b3907f421a72d0fe1cb6ac048135bd.exe	108
PID 1816 wrote to memory of 1420	1816	Unicorn-48866.exe	109
PID 1816 wrote to memory of 1420	1816	Unicorn-48866.exe	109
PID 1816 wrote to memory of 1420	1816	Unicorn-48866.exe	109
PID 3164 wrote to memory of 1160	3164	Unicorn-29563.exe	110
PID 3164 wrote to memory of 1160	3164	Unicorn-29563.exe	110
PID 3164 wrote to memory of 1160	3164	Unicorn-29563.exe	110
PID 4040 wrote to memory of 224	4040	Unicorn-60141.exe	111
PID 4040 wrote to memory of 224	4040	Unicorn-60141.exe	111
PID 4040 wrote to memory of 224	4040	Unicorn-60141.exe	111
PID 3992 wrote to memory of 1708	3992	Unicorn-29413.exe	112
PID 3992 wrote to memory of 1708	3992	Unicorn-29413.exe	112
PID 3992 wrote to memory of 1708	3992	Unicorn-29413.exe	112
PID 3472 wrote to memory of 4020	3472	Unicorn-350.exe	113
PID 3472 wrote to memory of 4020	3472	Unicorn-350.exe	113
PID 3472 wrote to memory of 4020	3472	Unicorn-350.exe	113
PID 1972 wrote to memory of 2648	1972	Unicorn-26770.exe	114
PID 1972 wrote to memory of 2648	1972	Unicorn-26770.exe	114
PID 1972 wrote to memory of 2648	1972	Unicorn-26770.exe	114
PID 4852 wrote to memory of 3412	4852	Unicorn-31497.exe	115

C:\Users\Admin\AppData\Local\Temp\e178617daba844b0ecde6fdf3f1d1b0cf7b3907f421a72d0fe1cb6ac048135bd.exe
"C:\Users\Admin\AppData\Local\Temp\e178617daba844b0ecde6fdf3f1d1b0cf7b3907f421a72d0fe1cb6ac048135bd.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29413.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29413.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16876.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16876.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52338.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15073.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19423.exe
        8⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33266.exe
        9⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9569.exe
        10⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44233.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57261.exe
        10⤵
        
        PID:16396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46924.exe
        10⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
        9⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
        9⤵
        
        PID:12320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54374.exe
        9⤵
        
        PID:17404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15371.exe
        9⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41656.exe
        8⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30831.exe
        9⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16760.exe
        9⤵
        
        PID:13992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
        9⤵
        
        PID:17460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
        8⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59993.exe
        8⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13220.exe
        8⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17237.exe
        7⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42498.exe
        8⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
        9⤵
        
        PID:14888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        9⤵
        
        PID:17340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
        9⤵
        
        PID:17640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31224.exe
        8⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36640.exe
        8⤵
        
        PID:13748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        8⤵
        
        PID:15960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65200.exe
        7⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26706.exe
        8⤵
        
        PID:11996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        8⤵
        
        PID:16056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
        8⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60825.exe
        7⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10508.exe
        7⤵
        
        PID:13652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33131.exe
        7⤵
        
        PID:8944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29141.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20191.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
        8⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38242.exe
        9⤵
        
        PID:12600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57721.exe
        9⤵
        
        PID:16672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52003.exe
        9⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9228.exe
        8⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48373.exe
        8⤵
        
        PID:14868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        8⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40888.exe
        7⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28143.exe
        8⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46553.exe
        8⤵
        
        PID:14300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51315.exe
        8⤵
        
        PID:17360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
        7⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59993.exe
        7⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31285.exe
        7⤵
        
        PID:16664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46816.exe
        6⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
        7⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3841.exe
        8⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
        8⤵
        
        PID:16476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34696.exe
        7⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        7⤵
        
        PID:15016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        7⤵
        
        PID:16372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6546.exe
        7⤵
        
        PID:17440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12757.exe
        6⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53689.exe
        7⤵
        
        PID:16216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47587.exe
        7⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43144.exe
        6⤵
        
        PID:12384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        6⤵
        
        PID:16844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41549.exe
        6⤵
        
        PID:16388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33349.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46210.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58322.exe
        7⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20386.exe
        8⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27231.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46534.exe
        10⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-636.exe
        10⤵
        
        PID:15316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14443.exe
        10⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65350.exe
        9⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
        9⤵
        
        PID:14780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20712.exe
        8⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51682.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32047.exe
        9⤵
        
        PID:15344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21355.exe
        9⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56880.exe
        8⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33673.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64380.exe
        8⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64329.exe
        7⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46534.exe
        8⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-636.exe
        8⤵
        
        PID:14384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-219.exe
        8⤵
        
        PID:17576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51104.exe
        7⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19048.exe
        7⤵
        
        PID:15068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56341.exe
        7⤵
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32120.exe
        6⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43000.exe
        7⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17775.exe
        8⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52438.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
        7⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59408.exe
        7⤵
        
        PID:13848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        7⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54624.exe
        6⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55714.exe
        7⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33221.exe
        7⤵
        
        PID:14028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1749.exe
        7⤵
        
        PID:18284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60925.exe
        6⤵
        
        PID:10104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11521.exe
        6⤵
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        6⤵
        
        PID:8960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40573.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19807.exe
        6⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9249.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56482.exe
        8⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59734.exe
        8⤵
        
        PID:15260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10882.exe
        8⤵
        
        PID:17624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14805.exe
        7⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
        7⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37182.exe
        7⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51849.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
        7⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44269.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24127.exe
        7⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23548.exe
        6⤵
        
        PID:9544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19173.exe
        6⤵
        
        PID:13908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36414.exe
        6⤵
        
        PID:18156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29913.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1886.exe
        6⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
        7⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7781.exe
        7⤵
        
        PID:17232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34322.exe
        7⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4920.exe
        6⤵
        
        PID:11352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58000.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5678.exe
        6⤵
        
        PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10636.exe
        5⤵
        
        PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17000.exe
        5⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7873.exe
        5⤵
        
        PID:15620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61066.exe
        5⤵
        
        PID:6156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11896.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39298.exe
        6⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49519.exe
        7⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe
        8⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22136.exe
        8⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        8⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4421.exe
        7⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15224.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49195.exe
        7⤵
        
        PID:1376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41656.exe
        6⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10753.exe
        7⤵
        
        PID:12160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13320.exe
        7⤵
        
        PID:16376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19330.exe
        7⤵
        
        PID:752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35465.exe
        6⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
        6⤵
        
        PID:14636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51616.exe
        5⤵
        
        PID:1184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4817.exe
        6⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34642.exe
        7⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22600.exe
        7⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10527.exe
        7⤵
        
        PID:15648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57868.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57161.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
        6⤵
        
        PID:11952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64249.exe
        6⤵
        
        PID:15940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16530.exe
        6⤵
        
        PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34537.exe
        5⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56482.exe
        6⤵
        
        PID:11004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
        6⤵
        
        PID:15232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27410.exe
        6⤵
        
        PID:17704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16124.exe
        5⤵
        
        PID:8932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23256.exe
        5⤵
        
        PID:13012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10961.exe
        5⤵
        
        PID:16028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54579.exe
        5⤵
        
        PID:5452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29682.exe
        5⤵
        Executes dropped EXE
        
        PID:1204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57858.exe
        6⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-625.exe
        7⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36258.exe
        8⤵
        
        PID:14836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4728.exe
        7⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
        7⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8091.exe
        7⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43512.exe
        6⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30383.exe
        6⤵
        
        PID:12092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
        6⤵
        
        PID:16572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44787.exe
        6⤵
        
        PID:16280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36368.exe
        5⤵
        
        PID:6464
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 488
        6⤵
        Program crash
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60925.exe
        5⤵
        
        PID:10092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61983.exe
        5⤵
        
        PID:14808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        5⤵
        
        PID:5392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12504.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10657.exe
        5⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56047.exe
        6⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23682.exe
        7⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52569.exe
        7⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
        7⤵
        
        PID:15328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27.exe
        7⤵
        
        PID:18056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
        6⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43465.exe
        6⤵
        
        PID:12960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43789.exe
        6⤵
        
        PID:17044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6411.exe
        6⤵
        
        PID:16936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
        5⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64095.exe
        6⤵
        
        PID:10276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49257.exe
        6⤵
        
        PID:14708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        6⤵
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36221.exe
        5⤵
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34930.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
        6⤵
        
        PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39232.exe
        5⤵
        
        PID:14036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-724.exe
        5⤵
        
        PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9340.exe
      4⤵
      PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
        5⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1246.exe
        6⤵
        
        PID:10964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4472.exe
        6⤵
        
        PID:13404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15490.exe
        6⤵
        
        PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8940.exe
        5⤵
        
        PID:9424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41426.exe
        6⤵
        
        PID:13936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26530.exe
        6⤵
        
        PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34057.exe
        5⤵
        
        PID:13656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48515.exe
        5⤵
        
        PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46248.exe
      4⤵
      PID:7368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51874.exe
        5⤵
        
        PID:7252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31944.exe
        5⤵
        
        PID:13416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
        5⤵
        
        PID:6612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53266.exe
      4⤵
      PID:9008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5159.exe
      4⤵
      PID:13400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29563.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29563.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48866.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16210.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61954.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16034.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54098.exe
        8⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11745.exe
        9⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51442.exe
        10⤵
        
        PID:14504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29435.exe
        10⤵
        
        PID:17724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63725.exe
        9⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
        9⤵
        
        PID:14848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48427.exe
        9⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4184.exe
        8⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18050.exe
        9⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44265.exe
        9⤵
        
        PID:15376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
        9⤵
        
        PID:15864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31356.exe
        9⤵
        
        PID:18024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56880.exe
        8⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34057.exe
        8⤵
        
        PID:13744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65043.exe
        8⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
        7⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33042.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18504.exe
        8⤵
        
        PID:15156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17109.exe
        8⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe
        7⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54230.exe
        7⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64816.exe
        7⤵
        
        PID:16212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28251.exe
        7⤵
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29909.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3553.exe
        7⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50386.exe
        8⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6097.exe
        9⤵
        
        PID:15424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54620.exe
        9⤵
        
        PID:18168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36424.exe
        8⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        8⤵
        
        PID:15144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
        8⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57926.exe
        7⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2808.exe
        7⤵
        
        PID:12416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34172.exe
        7⤵
        
        PID:16712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28251.exe
        7⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6367.exe
        6⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40303.exe
        7⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64514.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13179.exe
        8⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41800.exe
        7⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28959.exe
        7⤵
        
        PID:13664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57180.exe
        7⤵
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18517.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46534.exe
        7⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50658.exe
        8⤵
        
        PID:14108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55750.exe
        8⤵
        
        PID:18140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28975.exe
        7⤵
        
        PID:14308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16747.exe
        7⤵
        
        PID:17656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47360.exe
        6⤵
        
        PID:10920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4632.exe
        6⤵
        
        PID:15132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42216.exe
        6⤵
        
        PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16344.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21618.exe
        7⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23682.exe
        8⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4830.exe
        9⤵
        
        PID:12608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1458.exe
        9⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9336.exe
        8⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
        8⤵
        
        PID:15356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30344.exe
        7⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54111.exe
        8⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23512.exe
        8⤵
        
        PID:16452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52003.exe
        8⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50285.exe
        7⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63865.exe
        7⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        7⤵
        
        PID:16356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
        6⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50210.exe
        7⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
        7⤵
        
        PID:12408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42838.exe
        7⤵
        
        PID:16656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        7⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38525.exe
        6⤵
        
        PID:8316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6652.exe
        6⤵
        
        PID:11576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41752.exe
        6⤵
        
        PID:17204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10522.exe
        6⤵
        
        PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27116.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5089.exe
        6⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
        7⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8940.exe
        7⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34057.exe
        7⤵
        
        PID:13704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48515.exe
        7⤵
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51849.exe
        6⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16827.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
        6⤵
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3871.exe
        6⤵
        
        PID:15276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24027.exe
        6⤵
        
        PID:17616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44905.exe
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59922.exe
        6⤵
        
        PID:8292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62969.exe
        6⤵
        
        PID:12240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17071.exe
        6⤵
        
        PID:16296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53452.exe
        6⤵
        
        PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10143.exe
        5⤵
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17000.exe
        5⤵
        
        PID:11644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8257.exe
        5⤵
        
        PID:15668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44979.exe
        5⤵
        
        PID:6184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14984.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51202.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16994.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        7⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44655.exe
        8⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30296.exe
        8⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        8⤵
        
        PID:16244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21355.exe
        8⤵
        
        PID:16236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23423.exe
        7⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49513.exe
        7⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63856.exe
        7⤵
        
        PID:15784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65532.exe
        7⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3976.exe
        6⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12065.exe
        7⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34629.exe
        7⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        7⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24219.exe
        7⤵
        
        PID:17768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24959.exe
        6⤵
        
        PID:8664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36249.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47904.exe
        6⤵
        
        PID:16404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28251.exe
        6⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36536.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5777.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44655.exe
        7⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13960.exe
        7⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        7⤵
        
        PID:16220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53452.exe
        7⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe
        6⤵
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43648.exe
        6⤵
        
        PID:12224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40918.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        6⤵
        
        PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62112.exe
        5⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15137.exe
        6⤵
        
        PID:8976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8789.exe
        6⤵
        
        PID:12876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
        6⤵
        
        PID:17024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
        6⤵
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24610.exe
        6⤵
        
        PID:17916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30841.exe
        5⤵
        
        PID:9248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44416.exe
        5⤵
        
        PID:11088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23476.exe
        5⤵
        
        PID:16360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
        5⤵
        
        PID:18224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31615.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40943.exe
        5⤵
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54402.exe
        6⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-625.exe
        7⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4728.exe
        7⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
        7⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53452.exe
        7⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1128.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
        6⤵
        
        PID:11960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33689.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        6⤵
        
        PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64137.exe
        5⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35602.exe
        6⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
        6⤵
        
        PID:11484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24559.exe
        6⤵
        
        PID:15388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57292.exe
        6⤵
        
        PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14095.exe
        5⤵
        
        PID:7468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36898.exe
        6⤵
        
        PID:12540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57721.exe
        6⤵
        
        PID:16688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47587.exe
        6⤵
        
        PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42201.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7727.exe
        5⤵
        
        PID:15764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28251.exe
        5⤵
        
        PID:16364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6360.exe
      4⤵
      PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15569.exe
        5⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55970.exe
        6⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59990.exe
        6⤵
        
        PID:11260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6671.exe
        6⤵
        
        PID:15284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49228.exe
        6⤵
        
        PID:17632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33032.exe
        5⤵
        
        PID:7652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36336.exe
        5⤵
        
        PID:11700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16392.exe
        5⤵
        
        PID:15560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24335.exe
      4⤵
      PID:6548
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 716
        5⤵
        Program crash
        
        PID:9772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63974.exe
      4⤵
      PID:6284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63714.exe
        5⤵
        
        PID:12028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
        5⤵
        
        PID:17280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
        5⤵
        
        PID:6416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3617.exe
      4⤵
      PID:11616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
      4⤵
      PID:17292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62148.exe
      4⤵
      PID:16164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-555.exe
      4⤵
      PID:17956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60141.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60141.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34658.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe
        6⤵
        Executes dropped EXE
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5089.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45679.exe
        8⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51682.exe
        9⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9080.exe
        9⤵
        
        PID:14928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64687.exe
        9⤵
        
        PID:18084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63725.exe
        8⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
        8⤵
        
        PID:14736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61692.exe
        8⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        7⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
        8⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        8⤵
        
        PID:16304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47587.exe
        8⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61696.exe
        7⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62880.exe
        7⤵
        
        PID:14860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64380.exe
        7⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8968.exe
        6⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53282.exe
        7⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22600.exe
        7⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10527.exe
        7⤵
        
        PID:15588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21355.exe
        7⤵
        
        PID:9160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12943.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42393.exe
        6⤵
        
        PID:11596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38781.exe
        6⤵
        
        PID:15524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65532.exe
        6⤵
        
        PID:16520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21077.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21346.exe
        6⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49634.exe
        7⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
        8⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45337.exe
        8⤵
        
        PID:16424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
        8⤵
        
        PID:16252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48256.exe
        7⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16408.exe
        7⤵
        
        PID:16856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62550.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7768.exe
        6⤵
        
        PID:8244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21151.exe
        6⤵
        
        PID:11976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
        6⤵
        
        PID:16048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21339.exe
        6⤵
        
        PID:17964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29932.exe
        5⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45906.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38360.exe
        6⤵
        
        PID:10420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
        6⤵
        
        PID:15364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22508.exe
        6⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24297.exe
        5⤵
        
        PID:8404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
        5⤵
        
        PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57897.exe
        5⤵
        
        PID:17304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33640.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57554.exe
        5⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55279.exe
        6⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30831.exe
        7⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50118.exe
        7⤵
        
        PID:12344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61615.exe
        7⤵
        
        PID:18180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24405.exe
        6⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27695.exe
        6⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28796.exe
        6⤵
        
        PID:15964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        6⤵
        
        PID:17504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63945.exe
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59346.exe
        6⤵
        
        PID:8444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13960.exe
        6⤵
        
        PID:12052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        6⤵
        
        PID:16180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exe
        6⤵
        
        PID:1252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58016.exe
        5⤵
        
        PID:8992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        5⤵
        
        PID:12924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43789.exe
        5⤵
        
        PID:17036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        5⤵
        
        PID:17488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
      4⤵
      PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64402.exe
        5⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30850.exe
        6⤵
        
        PID:12032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
        6⤵
        
        PID:17364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19688.exe
        5⤵
        
        PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41248.exe
        5⤵
        
        PID:13260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
        5⤵
        
        PID:17196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12056.exe
      4⤵
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10748.exe
      4⤵
      PID:9592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
      4⤵
      PID:13692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19450.exe
      4⤵
      PID:3528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1528.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1528.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53506.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40175.exe
        5⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64402.exe
        6⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51682.exe
        7⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21960.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
        7⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25212.exe
        7⤵
        
        PID:18100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19688.exe
        6⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
        7⤵
        
        PID:12440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34773.exe
        7⤵
        
        PID:17388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
        7⤵
        
        PID:18312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41248.exe
        6⤵
        
        PID:13268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
        6⤵
        
        PID:17176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54396.exe
        6⤵
        
        PID:17732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26197.exe
        5⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51682.exe
        6⤵
        
        PID:10304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32047.exe
        6⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8091.exe
        6⤵
        
        PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35465.exe
        5⤵
        
        PID:8608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15185.exe
        5⤵
        
        PID:16272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28067.exe
        5⤵
        
        PID:17852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22997.exe
      4⤵
      PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56047.exe
        5⤵
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44655.exe
        6⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13384.exe
        6⤵
        
        PID:11632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        6⤵
        
        PID:15804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21355.exe
        6⤵
        
        PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41400.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12703.exe
        5⤵
        
        PID:11152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44787.exe
        5⤵
        
        PID:1356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12911.exe
      4⤵
      PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51682.exe
        5⤵
        
        PID:10296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32047.exe
        5⤵
        
        PID:15336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39420.exe
        5⤵
        
        PID:16204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30841.exe
      4⤵
      PID:9268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44416.exe
      4⤵
      PID:12076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
      4⤵
      PID:18304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58130.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38751.exe
        5⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        6⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34978.exe
        7⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35432.exe
        7⤵
        
        PID:15456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16642.exe
        7⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9813.exe
        6⤵
        
        PID:9560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13308.exe
        6⤵
        
        PID:13492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        6⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48342.exe
        6⤵
        
        PID:18204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19560.exe
        5⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41506.exe
        6⤵
        
        PID:11340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45526.exe
        6⤵
        
        PID:15200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8578.exe
        6⤵
        
        PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28831.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9080.exe
        5⤵
        
        PID:14520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47659.exe
        5⤵
        
        PID:6816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47417.exe
      4⤵
      PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51682.exe
        5⤵
        
        PID:9264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48473.exe
        5⤵
        
        PID:13616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40572.exe
        5⤵
        
        PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35837.exe
      4⤵
      PID:8480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29414.exe
      4⤵
      PID:9500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10508.exe
      4⤵
      PID:13588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15643.exe
      4⤵
      PID:4528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32280.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32280.exe
    3⤵
    PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32991.exe
      4⤵
      PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23682.exe
        5⤵
        
        PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52569.exe
        5⤵
        
        PID:11056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
        5⤵
        
        PID:13624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51014.exe
      4⤵
      PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36336.exe
      4⤵
      PID:11656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
      4⤵
      PID:15536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48627.exe
      4⤵
      PID:6192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3921.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3921.exe
    3⤵
    PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42626.exe
      4⤵
      PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44233.exe
      4⤵
      PID:11556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57261.exe
      4⤵
      PID:17096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14443.exe
      4⤵
      PID:7036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55284.exe
    3⤵
    PID:9528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7504.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7504.exe
    3⤵
    PID:13628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51868.exe
    3⤵
    PID:17552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59148.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59148.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32901.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32901.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12769.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44098.exe
        7⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42114.exe
        8⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56482.exe
        9⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
        9⤵
        
        PID:15248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40352.exe
        8⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17912.exe
        8⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        8⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18792.exe
        7⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        8⤵
        
        PID:12168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53881.exe
        8⤵
        
        PID:16188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16188 -s 460
        9⤵
        Program crash
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19330.exe
        8⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8063.exe
        7⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1768.exe
        7⤵
        
        PID:13452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48515.exe
        7⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe
        6⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60505.exe
        7⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47485.exe
        7⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38664.exe
        7⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13220.exe
        7⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54624.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44233.exe
        7⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
        7⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57091.exe
        7⤵
        
        PID:17608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60925.exe
        6⤵
        
        PID:10184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10200.exe
        6⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23476.exe
        6⤵
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35021.exe
        6⤵
        
        PID:18068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9925.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39407.exe
        6⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        7⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30831.exe
        8⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16760.exe
        8⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
        8⤵
        
        PID:14560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27.exe
        8⤵
        
        PID:18044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9813.exe
        7⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61440.exe
        7⤵
        
        PID:13572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        7⤵
        
        PID:11564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30520.exe
        6⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63138.exe
        7⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34773.exe
        7⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
        7⤵
        
        PID:704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        6⤵
        
        PID:10884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63958.exe
        6⤵
        
        PID:15116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41686.exe
        6⤵
        
        PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
        5⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe
        6⤵
        
        PID:8212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63161.exe
        6⤵
        
        PID:12112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        6⤵
        
        PID:15692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57292.exe
        6⤵
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30825.exe
        5⤵
        
        PID:8672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45565.exe
        5⤵
        
        PID:12104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48280.exe
        5⤵
        
        PID:16196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
        5⤵
        
        PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31724.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41602.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
        6⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13688.exe
        7⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51315.exe
        7⤵
        
        PID:17352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
        6⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
        6⤵
        
        PID:11372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17560.exe
        6⤵
        
        PID:17272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        6⤵
        
        PID:15684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32491.exe
        6⤵
        
        PID:18240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9285.exe
        5⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23058.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
        6⤵
        
        PID:15480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51043.exe
        6⤵
        
        PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35465.exe
        5⤵
        
        PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14632.exe
        5⤵
        
        PID:14828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40953.exe
      4⤵
      PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32991.exe
        5⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14945.exe
        6⤵
        
        PID:9064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23864.exe
        6⤵
        
        PID:13000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12847.exe
        6⤵
        
        PID:16428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53452.exe
        6⤵
        
        PID:16336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35832.exe
        5⤵
        
        PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
        5⤵
        
        PID:12296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17560.exe
        5⤵
        
        PID:17316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3391.exe
      4⤵
      PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
        5⤵
        
        PID:11316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
        5⤵
        
        PID:15488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-965.exe
        5⤵
        
        PID:6796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25432.exe
      4⤵
      PID:9684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34370.exe
      4⤵
      PID:13640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24519.exe
      4⤵
      PID:7532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16611.exe
      4⤵
      PID:5312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11896.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45442.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21618.exe
        6⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18399.exe
        7⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33042.exe
        8⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52438.exe
        8⤵
        
        PID:15296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2818.exe
        8⤵
        
        PID:18264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52569.exe
        7⤵
        
        PID:11048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
        7⤵
        
        PID:15304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16747.exe
        7⤵
        
        PID:17692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30344.exe
        6⤵
        
        PID:7540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2808.exe
        6⤵
        
        PID:12400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34172.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61692.exe
        6⤵
        
        PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3784.exe
        5⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52898.exe
        6⤵
        
        PID:7684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22600.exe
        6⤵
        
        PID:11692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10527.exe
        6⤵
        
        PID:15640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21355.exe
        6⤵
        
        PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53984.exe
        5⤵
        
        PID:8256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27209.exe
        5⤵
        
        PID:11940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55584.exe
        5⤵
        
        PID:15968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14219.exe
        5⤵
        
        PID:1048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9925.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51986.exe
        5⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41730.exe
        6⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        7⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2645.exe
        7⤵
        
        PID:12452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21516.exe
        7⤵
        
        PID:17068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40572.exe
        7⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
        6⤵
        
        PID:9360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48816.exe
        6⤵
        
        PID:10484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28681.exe
        6⤵
        
        PID:14940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        6⤵
        
        PID:16664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51465.exe
        5⤵
        
        PID:7472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30850.exe
        6⤵
        
        PID:10972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
        6⤵
        
        PID:17356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
        6⤵
        
        PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        5⤵
        
        PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19173.exe
        5⤵
        
        PID:13552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13676.exe
      4⤵
      PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
        5⤵
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51682.exe
        6⤵
        
        PID:9744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48473.exe
        6⤵
        
        PID:13584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
        6⤵
        
        PID:16724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49420.exe
        6⤵
        
        PID:17832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
        5⤵
        
        PID:8012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
        5⤵
        
        PID:12396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17560.exe
        5⤵
        
        PID:17324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        5⤵
        
        PID:17024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
      4⤵
      PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        5⤵
        
        PID:11360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23512.exe
        5⤵
        
        PID:16444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        5⤵
        
        PID:1456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59766.exe
      4⤵
      PID:10316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-945.exe
      4⤵
      PID:14496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29027.exe
      4⤵
      PID:17512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46703.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18271.exe
        5⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49794.exe
        6⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56482.exe
        7⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
        7⤵
        
        PID:13780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19346.exe
        7⤵
        
        PID:18124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
        6⤵
        
        PID:8060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
        6⤵
        
        PID:12372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17560.exe
        6⤵
        
        PID:17340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        6⤵
        
        PID:16948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8075.exe
        6⤵
        
        PID:17892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9285.exe
        5⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20562.exe
        6⤵
        
        PID:10932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23512.exe
        6⤵
        
        PID:16432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33554.exe
        6⤵
        
        PID:15936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
        5⤵
        
        PID:1280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26735.exe
        5⤵
        
        PID:12620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        5⤵
        
        PID:6884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64217.exe
      4⤵
      PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58450.exe
        5⤵
        
        PID:7048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36968.exe
        6⤵
        
        PID:16412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28258.exe
        6⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14805.exe
        5⤵
        
        PID:9324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35017.exe
        5⤵
        
        PID:14368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
        5⤵
        
        PID:12732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30056.exe
        5⤵
        
        PID:16808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47587.exe
        5⤵
        
        PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29414.exe
      4⤵
      PID:9536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10508.exe
      4⤵
      PID:13612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
      4⤵
      PID:116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29526.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29526.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18546.exe
      4⤵
      PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43000.exe
        5⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39122.exe
        6⤵
        
        PID:13504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44384.exe
        5⤵
        
        PID:9736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50960.exe
        5⤵
        
        PID:14772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe
        5⤵
        
        PID:17876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8517.exe
      4⤵
      PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2270.exe
        5⤵
        
        PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
        5⤵
        
        PID:13420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        5⤵
        
        PID:6880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37264.exe
      4⤵
      PID:8392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18287.exe
        5⤵
        
        PID:14312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        5⤵
        
        PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
      4⤵
      PID:12084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24255.exe
      4⤵
      PID:16200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49086.exe
      4⤵
      PID:1984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58240.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58240.exe
    3⤵
    PID:5796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60505.exe
      4⤵
      PID:7552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16030.exe
      4⤵
      PID:13408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62148.exe
      4⤵
      PID:16628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20597.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20597.exe
    3⤵
    PID:6704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64498.exe
      4⤵
      PID:14164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
      4⤵
      PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
      4⤵
      PID:18004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11278.exe
    3⤵
    PID:9504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12839.exe
    3⤵
    PID:13720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
    3⤵
    PID:5252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26770.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26770.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53983.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5649.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57170.exe
        6⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exe
        7⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1009.exe
        8⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39506.exe
        9⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
        9⤵
        
        PID:16148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15211.exe
        9⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36549.exe
        8⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58000.exe
        8⤵
        
        PID:12460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exe
        8⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe
        7⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27695.exe
        7⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        7⤵
        
        PID:16260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64963.exe
        7⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64713.exe
        6⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14945.exe
        7⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56537.exe
        7⤵
        
        PID:12860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
        7⤵
        
        PID:17016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20286.exe
        7⤵
        
        PID:11572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24975.exe
        6⤵
        
        PID:9256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53081.exe
        6⤵
        
        PID:12152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41285.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5317.exe
        5⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57858.exe
        6⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63762.exe
        7⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49897.exe
        7⤵
        
        PID:11932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2079.exe
        7⤵
        
        PID:16236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18555.exe
        7⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4421.exe
        6⤵
        
        PID:9192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
        6⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17560.exe
        6⤵
        
        PID:17332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        6⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6155.exe
        6⤵
        
        PID:17996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36368.exe
        5⤵
        
        PID:6556
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 492
        6⤵
        Program crash
        
        PID:8532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60925.exe
        5⤵
        
        PID:10172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10200.exe
        5⤵
        
        PID:12796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10522.exe
        5⤵
        
        PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
        5⤵
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54402.exe
        6⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        7⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        8⤵
        
        PID:11448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60025.exe
        8⤵
        
        PID:15432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
        8⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24828.exe
        8⤵
        
        PID:18400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9813.exe
        7⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13308.exe
        7⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15378.exe
        7⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8808.exe
        6⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23058.exe
        7⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
        7⤵
        
        PID:15468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2306.exe
        7⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28639.exe
        6⤵
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62880.exe
        6⤵
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62844.exe
        6⤵
        
        PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16197.exe
        5⤵
        
        PID:6712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2398.exe
        6⤵
        
        PID:9340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        6⤵
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1842.exe
        6⤵
        
        PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe
        5⤵
        
        PID:8432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8945.exe
        6⤵
        
        PID:13916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64687.exe
        6⤵
        
        PID:18108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11752.exe
        5⤵
        
        PID:12424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58288.exe
        5⤵
        
        PID:17220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53344.exe
      4⤵
      PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32223.exe
        5⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39938.exe
        6⤵
        
        PID:9020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28856.exe
        6⤵
        
        PID:12772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20763.exe
        6⤵
        
        PID:17820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
        5⤵
        
        PID:12236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
        5⤵
        
        PID:17188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
      4⤵
      PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30850.exe
        5⤵
        
        PID:11920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
        5⤵
        
        PID:15800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46924.exe
        5⤵
        
        PID:7040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10748.exe
      4⤵
      PID:9520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1265.exe
        5⤵
        
        PID:13996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56243.exe
        5⤵
        
        PID:17420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
      4⤵
      PID:14800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1946.exe
      4⤵
      PID:16280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38840.exe
      4⤵
      PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20386.exe
        5⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe
        6⤵
        
        PID:9844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55001.exe
        6⤵
        
        PID:13852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58332.exe
        6⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24405.exe
        5⤵
        
        PID:8424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27695.exe
        5⤵
        
        PID:12096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1509.exe
        5⤵
        
        PID:16152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61728.exe
      4⤵
      PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43602.exe
        5⤵
        
        PID:10200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2526.exe
        6⤵
        
        PID:14200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17109.exe
        6⤵
        
        PID:18348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13688.exe
        5⤵
        
        PID:14272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40572.exe
        5⤵
        
        PID:18336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42086.exe
      4⤵
      PID:8324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
      4⤵
      PID:14020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63730.exe
      4⤵
      PID:16568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16666.exe
      4⤵
      PID:15976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23660.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5665.exe
      4⤵
      PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10718.exe
        5⤵
        
        PID:7348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62678.exe
        5⤵
        
        PID:11176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11176 -s 472
        6⤵
        Program crash
        
        PID:12952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-636.exe
        5⤵
        
        PID:15268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53452.exe
        5⤵
        
        PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30344.exe
      4⤵
      PID:7632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2808.exe
      4⤵
      PID:12364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34172.exe
      4⤵
      PID:16644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61692.exe
      4⤵
      PID:3532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23385.exe
    3⤵
    PID:4288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27247.exe
      4⤵
      PID:7300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36549.exe
      4⤵
      PID:9620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58000.exe
      4⤵
      PID:11196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exe
      4⤵
      PID:1548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35724.exe
    3⤵
    PID:8348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8360.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8360.exe
    3⤵
    PID:12064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58911.exe
    3⤵
    PID:16140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1946.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1946.exe
    3⤵
    PID:16532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31497.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31497.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19666.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19666.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38840.exe
      4⤵
      PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
        5⤵
        
        PID:7936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
        6⤵
        
        PID:17564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52569.exe
        5⤵
        
        PID:10424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18095.exe
        5⤵
        
        PID:14752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6411.exe
        5⤵
        
        PID:4736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54432.exe
      4⤵
      PID:5852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60925.exe
      4⤵
      PID:10208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27858.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9754.exe
      4⤵
      PID:1684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9925.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2593.exe
      4⤵
      PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30962.exe
        5⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24303.exe
        6⤵
        
        PID:11116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25608.exe
        6⤵
        
        PID:15320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27410.exe
        6⤵
        
        PID:17648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
        5⤵
        
        PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
        5⤵
        
        PID:12484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
        5⤵
        
        PID:17152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15378.exe
        5⤵
        
        PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40696.exe
      4⤵
      PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8942.exe
        5⤵
        
        PID:11496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27352.exe
        5⤵
        
        PID:15400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2226.exe
        5⤵
        
        PID:5944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35465.exe
      4⤵
      PID:10404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18095.exe
      4⤵
      PID:14744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
      4⤵
      PID:6904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46816.exe
    3⤵
    PID:5956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
      4⤵
      PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
        5⤵
        
        PID:10252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55017.exe
        5⤵
        
        PID:14480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
        5⤵
        
        PID:16668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63725.exe
      4⤵
      PID:10224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35401.exe
      4⤵
      PID:14332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8075.exe
      4⤵
      PID:17900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13416.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13416.exe
    3⤵
    PID:7676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59378.exe
      4⤵
      PID:11740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61561.exe
      4⤵
      PID:15792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
      4⤵
      PID:6608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26031.exe
    3⤵
    PID:9380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16360.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16360.exe
    3⤵
    PID:14588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10906.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10906.exe
    3⤵
    PID:6736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10543.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10543.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
      4⤵
      PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
        5⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38786.exe
        6⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57689.exe
        6⤵
        
        PID:13284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61088.exe
        6⤵
        
        PID:17164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15378.exe
        6⤵
        
        PID:18324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52832.exe
        5⤵
        
        PID:8988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48457.exe
        5⤵
        
        PID:13016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10431.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32667.exe
        5⤵
        
        PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14572.exe
      4⤵
      PID:6772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        5⤵
        
        PID:9100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28856.exe
        5⤵
        
        PID:12968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        5⤵
        
        PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39019.exe
        5⤵
        
        PID:6792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51401.exe
      4⤵
      PID:9976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17420.exe
      4⤵
      PID:13896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23476.exe
      4⤵
      PID:15636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25685.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25685.exe
    3⤵
    PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31839.exe
      4⤵
      PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28143.exe
        5⤵
        
        PID:10232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46553.exe
        5⤵
        
        PID:14292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2306.exe
        5⤵
        
        PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
      4⤵
      PID:8224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
      4⤵
      PID:12380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17560.exe
      4⤵
      PID:17348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21915.exe
      4⤵
      PID:6244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54624.exe
    3⤵
    PID:6960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40146.exe
      4⤵
      PID:11016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
      4⤵
      PID:15240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19413.exe
    3⤵
    PID:9568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33839.exe
    3⤵
    PID:13728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23476.exe
    3⤵
    PID:17060
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11233.exe
    3⤵
    PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57858.exe
      4⤵
      PID:6256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55122.exe
        5⤵
        
        PID:504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42032.exe
        5⤵
        
        PID:14004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40435.exe
        5⤵
        
        PID:16804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11608.exe
      4⤵
      PID:9032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22524.exe
      4⤵
      PID:12916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
      4⤵
      PID:17056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
      4⤵
      PID:1556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40555.exe
      4⤵
      PID:17780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22632.exe
    3⤵
    PID:6504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38434.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57721.exe
      4⤵
      PID:16680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15490.exe
      4⤵
      PID:5456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13548.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13548.exe
    3⤵
    PID:9632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36575.exe
      4⤵
      PID:16320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14523.exe
      4⤵
      PID:5160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42505.exe
    3⤵
    PID:13708
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10913.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10913.exe
  2⤵
  PID:5592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10328.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10328.exe
    3⤵
    PID:1768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34130.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34322.exe
      4⤵
      PID:6016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
    3⤵
    PID:7248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59408.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59408.exe
    3⤵
    PID:13596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47159.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47159.exe
  2⤵
  PID:7160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46534.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46534.exe
    3⤵
    PID:11124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
    3⤵
    PID:15140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39420.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39420.exe
    3⤵
    PID:1556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15632.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15632.exe
  2⤵
  PID:9676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
  2⤵
  PID:13684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
  2⤵
  PID:16336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 6556 -ip 6556
1⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 6464 -ip 6464
1⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 6548 -ip 6548
1⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 11176 -ip 11176
1⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 16188 -ip 16188
1⤵
PID:16076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 16188 -ip 16188
1⤵
PID:17168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10543.exe

Filesize
468KB

MD5
482447a2029d8552a01bb1932fcd1707

SHA1
5eb924eeb300a0bf46f3409aee81fefaacba62db

SHA256
f4e3f0b70d68ea42fa3980e4be46e670ca36ba7b35264e27da6977d855db96ff

SHA512
00bec0f1daa9176585e780c35c08b6edecfe3b5af43ed00ee8a8257d5893e2333324689acf1db55fbe08666def427118c185308bcc527113b6faa7eebbc512f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11896.exe

Filesize
468KB

MD5
5a04a54d4b05ec670bf3acd9025f749c

SHA1
40ab0f4c95de936271fdd331b64bce9f8db760c9

SHA256
a9c92dd8d3ace1528484c6b0cbcd5feed4d5302e04645516e6b8b08d8211e000

SHA512
c2e9376d6d5dc2bbd1541ad1e11057d01c2227f82baa63ab9694d8d975d13f7d9143a706519b5abaec1cc3f38a3a89cc2d8eafbe46b9a309aa4facfb4e295612

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14984.exe

Filesize
468KB

MD5
677e99b8935779eb7ed811e7fe541551

SHA1
c3fb22e8624e7232d1bbae3ca0fb0026bbabf3e3

SHA256
263fc57f26aed95f303e7c93b11f20d078048325667204c28bbefa4d21420ac1

SHA512
8a2c58cffbb9731f6ae27fe0cd7c50a42599c78ba02cb05d9b7df2b27647b47901c92d2cdfff79fb3a79eda9e696ce7c0f6e6bcccc2bc76831739a6e8edc22d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1528.exe

Filesize
468KB

MD5
4371f55f1c928ce034a4c9196751c04a

SHA1
6d9dc998a7e9daff692a885ef5f14aa346c00586

SHA256
93517b038de99d338e4a629baa4a5d5415c374199972c2c2fd8c6cb87d4a814c

SHA512
375e104fcba79c111b60c25064d313f319ba83b2a41d1ac3f1928e6564ac9e878b410e410b4f8fea180b688dfdeab801bf17c21dd67f30a8dd89ee5b1aa1d6d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16210.exe

Filesize
468KB

MD5
de960d8a993b63ee12af6bb564cba450

SHA1
de05ae7b2e9fd1ec3f9e785e675b5b1a8b68ea68

SHA256
ba1cb8f12c9ba1df49453836aa6ab783c89c610131304bdfe7979e2915fe0fd5

SHA512
282739a92ab2169e4f483c25089f0ec3f34c45ab65552baf2f24f3c2f7533ed5a1e150286d106d0730ba56202024a15f92dbec4a2ad8d59ae1162ccf09e9c631

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16344.exe

Filesize
468KB

MD5
ce1259fd2ffe00ac90a53ba5f07c7ffb

SHA1
e7e72a9628e0b9aa400159866792c9d66b9f5679

SHA256
aa0f597ec562619916275946579285472e2cb03ccfc697948b11428da7af1cdd

SHA512
9e22446f258762affe11276b983d3796fc54a7b2cfb5818315df7a5a75f19191d8fc1e588025907fc6a03a2776f5711208dfc27aa56199b8720f67d921d52674

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16876.exe

Filesize
468KB

MD5
dc4be800cd5ccf8a0a265f7e070755c5

SHA1
c2dc61201b4212c5a02e1d8af0b38ff7317f2921

SHA256
db3a7ee5e887381bb41bf634da5094f518a029a0f62f51eec4da19bf538ff380

SHA512
ee2e4976170492ccff895fbe51144c82421ba6ccfb750f6a6c9a18d0067305025f2ef86ad2641504cc50dfd8f428483f3e51550e5027cb32992e820e07e4026c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19666.exe

Filesize
468KB

MD5
da19a0be9ad493f1234ee29b4c5cee73

SHA1
bafe0a3deb50ee0af58f3a4f21ee7f0d1e2c3057

SHA256
e5c0a84809cc16a23b7c0026b97e909597385c6a74b02368a0111d8e98f4c9c3

SHA512
3b64527bbf8a4aef3a73ebaaf66079e6161672c4ee3e517f5a8bec5a2e4a0f3003c70bdb7da287c5fa73a0cd75cb78f5e7ec8620089fbd834c2e3197092062b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26770.exe

Filesize
468KB

MD5
6b7d31a57a8d0e04cf3509f889f14634

SHA1
7fc5f7865df2b07fa16892cbc07cf32904629135

SHA256
191dd71400a5488aabeeb9290fcfa5b39be4a5e2cceb1a856215976ddecf2ee8

SHA512
a5cdef6d1bcf6f54c6f8ffb6b796be2e02c1e51518c998aaaaede3f9eadbd5c3af050b03dbdc54c195d70cd7742427b3d1574b934c46d6cd0b2c94e183de8687

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29413.exe

Filesize
468KB

MD5
431feb8163bf4dc6c2bff1d59c77ee6e

SHA1
0f5ef848331bf70989a8fce001aec4907d9877f6

SHA256
95d385785d8bcb7f372f5c0c6becf442837532ea81e389d88c635d730016e221

SHA512
b82ea0bafebc1833a8f2a7b8f9ab47ec45cd4324e97b424080f1b6d4892a9331b27b38bae1349d64fef11bc43cadeb1db50a8826bca0f77ac9ff18f8de39da95

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29563.exe

Filesize
468KB

MD5
651c58876f71d05ecbc9efb91477b88c

SHA1
e0bcc968ef6826df2f1aa47aa658f730062d0702

SHA256
c721fe8021875b662ee3d9ef13f7495d45b79c5ec3bad9d22b5944fc68efc1b1

SHA512
a05cb3824e78975e04e033c176e7b9eccbaa9616945e1689a408b4d91d5e127c1e4a850aca340690d529857ab46c8f14b79ac445c54ab9146e6bfe502eda93b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31497.exe

Filesize
468KB

MD5
59c9d50585fcdb8cb56776d1ac2bf1da

SHA1
ee4a80696abdefc8b8400bab45a399819bc45ecd

SHA256
5acfa697ef79cc3004f9361cc4cb687d7fc6af3e8563707a229788e04b3f5f21

SHA512
e3000ee8b25f0f768695d40d0e680510da7c34ecc57ff548d61b8710b991dbd36f4fece3a8625f5d399212c3855eb31964b1203f85c7c3cdadbbbf2c7543666f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31615.exe

Filesize
468KB

MD5
6abede509cecb0fddeef9399ee9c9c80

SHA1
89b0740f25f7cb13d059c31269b4706d43646735

SHA256
974b62bbf133b90bbf41bb4b5b8e8ff8f14e7910ed7d7457273a482fc0faaa9c

SHA512
16c634bfb24208a680c6c9bb1fb3384c35470ff995376e7b875bb1415f34d539d88a94c0f10d350c9de231736cc1b69be0247c323d1cfe69706a915d5684d7e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32901.exe

Filesize
468KB

MD5
47189207a1ca47579c801e63528154f0

SHA1
7df734facb0e99014620ab6dce5b412d523ed762

SHA256
c60159a86359fa322d9dbc638458b61403beaa1d1c8579a3dd2926797a0852d8

SHA512
63cbfd752ecf96003aeef2d4954e55c17efaaacf1a29a3dca70c816237d69b6c992b7de61be484acd9e3d7b1f261272868a7f4616a05c5a18f107dfb55e0bdfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33349.exe

Filesize
468KB

MD5
d6838986663c3205221a9fb2567527b3

SHA1
ceb23389a690a952ce87f39789bfc67383c5732e

SHA256
68d7bd88578be8c7bb83c6a6ee341908607a792e84a44f5cfea940473f24ceb2

SHA512
e0f5e58de5742ee068a535606071c8415b355b15ddef4a444d39012eaa0baef8822494feae0314be080cdc3c46c797c6d1e6f10f53c4a783248d2943f5e79bcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34658.exe

Filesize
468KB

MD5
04ce3214f1400ea8e97f918b20869a3d

SHA1
bf661fa4622b1ddf67e1f0a2d51177f857f5d07f

SHA256
598f54db1ebceef3edc425b2a559aece13a32c13ba04c55acf10544dea3c444d

SHA512
4e529b036040b0502ee451e2bce4b56fba44fbdedeaaae56774cbaf08d5771215f1997524187c4cb3e2d8ecfea0499266f8f6a30efa7006c16623fa29a459b95

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe

Filesize
468KB

MD5
4c65e5ad97745670225c515dabbe295a

SHA1
f95f30c1d101b43fb2bb88616450036502ae04f5

SHA256
eda195b897af64d2b1202a278b3cae3c591792bb16656f71cdf5952325b3e5b0

SHA512
3933fd6ade0d6804322046a40bbf828c3605294db913d9747e0dc1096ae8e4fa882f64fc984a1537b8df0e0df6ea237608b720a523d69c0f51a0148281da8a26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe

Filesize
468KB

MD5
55321730201fad3aa787324ed67c2ccf

SHA1
ea684fd6c3f73ae2b5ab36f1d17b382b62d727da

SHA256
8e9acb38466459c51e1fbfa5551d02b417a4ed84cabee7ee16717732289b9600

SHA512
7b887e10069d597d53b17d60dd9bd6d8124b359cfa04c89e05144d8c369d3e9d1263004f413ac84bf9bd3a69e1b1737871f0513bf0cc482eeaacbe9c30e07efa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exe

Filesize
468KB

MD5
d213a6839630a27c59bc9765e77e6816

SHA1
277d2fdf0a614f28896b7525994402c23a3d2da6

SHA256
ebbbb70b598a1d53dc073d817b4cb61fc40b284c5cbb0ddf8ee0c558b34c494e

SHA512
dd5d2f4afa8d265b911199d87f923f69ff37360cc7b54852d9de079509eea95f6cd33f7b7751b106dee6c1a24665f444b81ec0d2f5103d7f7f4d4e60e7c20ac9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe

Filesize
468KB

MD5
b918df26f7ff8707d048ee09a51051ef

SHA1
ac0cc3e8213028755702efbbd04bf401fb32d26c

SHA256
a5bd1e271c18e21496463970bd2d907218fdc00c13c81f777b28c00e7865b060

SHA512
d0541c3ac38b8945d588a0dfafe0c7a5dada2feb530769ebfd46864bee1ba82e1a263bf457de3d5203e6c74d263dba6f18b50af95e28a944f098353f0e78a1e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48866.exe

Filesize
468KB

MD5
26cff5a49ae43ea16f6b979173894167

SHA1
983511b81d22f758f096ac4e503a0ab45b020ec2

SHA256
800bc487af1e47176844b5449c25139ff0574e446f835e82cd1f16731cc5964e

SHA512
0e28b73a48f5d67caa8e3f78ca99dcbcd81d6f8a70ce248aea9d4a4887a60ac15339ace64aa122c75cce99dce0056bf8a0fc0ffe681242349d57e174f938ffcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe

Filesize
468KB

MD5
0d49009325942493dc1cdbb8b81fc5e2

SHA1
c071eb57f55a7c01b9e9aded98b74c5f66b74e08

SHA256
955abb5a7a04adb234e0952483d4d953538ff16785b4e68a8bd3c800fea8776b

SHA512
82e2ab3fa66c0c071bfe5d5d166231940c4823f50a9bfa1990bb138eb574cd04765e2d279ce844c97754d9ce7ff725f7a1ec058dc5718c741565ead95878fa2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe

Filesize
468KB

MD5
5f65dcbb755f65d64a3481a036c5e9d3

SHA1
feeb6a01417827cb85a45e2a6e0f650499c30127

SHA256
c343d6ef64051fae112882d36156a68db736ab62fd3ca9e81e838b28b82ffde8

SHA512
191f1b25cb7c514ffe97fa50e3d5e804a0ed344e539df2b1759df5a650722fca7cd3507012aceb673892cf31199dcef4109abed03d476731f488c7b78aa60d98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51202.exe

Filesize
468KB

MD5
b160eb6b3cc57716213e42353f61401f

SHA1
ab26ff95654558f9e8fd1d09fe220f5351996720

SHA256
36ee398e5b16f62ec66d9818f373695f360e2854ec433d0c7d97832e68be40ff

SHA512
07b7e3bc0f7a6f0ecc3518c3fe520804c3fb45f31ff0b1687e79a90d389f532065601abaa4cc3376676e5ad626f7d5df636efe3ef4fc72bbcfdb180959e69a8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52338.exe

Filesize
468KB

MD5
e872f01172c7ccb7ed06ab6c7d22ebfa

SHA1
6b342cbb44c281eed70d61e88930562e6a72ae3c

SHA256
4a405219a5f94ed6f46d62245b4a6dc4ded4eaff355d272cd3ac3edf771cfe57

SHA512
fcc876ab11877a0cf1509a42ac03b3c823a019d4fa98587aeb3927d19877cdee658626c1ee2e3ac7eb6a07c186f87b5b4e57170d5a42b40193b28784ae9395f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe

Filesize
468KB

MD5
5347edfc7a88878aafc5db4290016a3b

SHA1
90d159ed08182d80224e5a1a0a70544a08fad298

SHA256
9ca60995079fc78c647896cb16260b85b26f2e6547b36dafe46b4920fded2c16

SHA512
31da7bd59d586fa5abe19f73b56c37bd811d281a5eab5b0c2e0f0ff5f6c9faab3006239370fb96e4e328dd96b8a36907c13f0928ad20ffce7f3dad0d80b47c16

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53983.exe

Filesize
468KB

MD5
2148769c597af49dc22a3ab1c7e44d2d

SHA1
7846303a28da33ac4849bf4f5d8e160d5185e7a5

SHA256
ad327b405f60d41c5877514085ea6a4b4807591ea110c79afcef4b48ae9bb9a4

SHA512
77e0ad6a9e6b98b92bb64255077a2ec4bf48deb271d8a98fba1daed356c92334c3496436616a3a306e98ed6a5780eed7110f368ab57b9c2f31fed39fc9983ec7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57689.exe

Filesize
468KB

MD5
8f64dcaf1f731ea02ff778eb1c6d7736

SHA1
580c08ae9dacd3faf185db12120bc33509e6a791

SHA256
f5d5dd11c8a060a17623536213b292c0ba628233916a51a24324be435beff8f1

SHA512
331d5ebbf70bb8e247fdd50ae65c8e81c219cbc59b6171f25d514166aec00aac9153797e913404e9e459c4438f89e39c514ca2debc446f78a8c6c3664058dca1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59148.exe

Filesize
468KB

MD5
8df1da3b662c992c6dec6c31d54338de

SHA1
c74a8514da2a17fef3165f8ee2ffe8194242226f

SHA256
d17429017805d5eb45abeecccdb1a0a0e961b0787dc16fd1393e90bcad5050ab

SHA512
98d639e97bb3aaf9de983fd3518a6b590f011ad1fbfa5541a68f688f0a989cb965466623faff9b9daca670e0f565f35f9c9f2316f7f20d0db36ca198c55e63bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60141.exe

Filesize
468KB

MD5
d4b8dd7d5c0b967ab9cfe1f3ea154e0a

SHA1
c4c48383342d3fe0265d568028eb320974075d7f

SHA256
eb2e381dafeb6ff128dc5cc9f925ebb6dec9a4d695097b0b347df754e737d84b

SHA512
e5394e401184e9b0d07c8d2821db4ac81a62cbfe6e060e7f08f023b484edfe8966c81edce8ab99923ce466afd6c7715aa7c924eb848b93e6d78642bb626c671e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61954.exe

Filesize
468KB

MD5
31bc8a3be96703f37cb1e8cc515c4815

SHA1
966c40243460a00aeb97065446a2fae04cbfa532

SHA256
af1bc7e03703c2f67139ab545dc77b4cb96a9bf4b4070f845d27f43f11b95d15

SHA512
59d09c52c0ab95784bb1da759c635aff229b54cb8316f34e01af642cb3cc964141a3bfb7aec4c0530af08a426fdee5ac7fabd91246a7fd49aa2b1934721e0a72

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62678.exe

Filesize
468KB

MD5
96390dd9b27b11fff0038feb3c53f61e

SHA1
e2df30f8c75ae44c5301f9ba32ee8544a262484c

SHA256
69d0f1030f9e1982edc77a96c440d6c7bc64163e9ca3c26a455209d628fb8524

SHA512
8eb7b7978da095b9f10559f9c667694b4e2fdc699dba647f481fcd23bab00d42a39e02540fee0da33db47662892243b128d03d2e6dfedd585a8f855fae6fd562

Download Submit
memory/4896-3501-0x00007FFE83050000-0x00007FFE83245000-memory.dmp

Filesize
2.0MB

Download
memory/4960-2783-0x00007FFE83050000-0x00007FFE83245000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads