9e18876bdead65a191c18c328af999584b72bdf1a7d10c801ffe9995f688a03c

Analysis

max time kernel
119s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/09/2024, 05:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

833c596dbb09327e2145810c16a45960N.exe
Size

468KB
MD5

833c596dbb09327e2145810c16a45960
SHA1

c9274ef9d198a191a778b224580f2d53ac124a76
SHA256

9e18876bdead65a191c18c328af999584b72bdf1a7d10c801ffe9995f688a03c
SHA512

6d67c4f36fd98a822dba8c9d55f1c22af9d176fa42434d1005c67f2c63248f3ed932856b688728896e97f3029ea9516405c5f7acd8aceadf3605ef0e6fc51ed1
SSDEEP

3072:t1opowLejy8U6bYOfz5j7f57tgjYYrFBmHegVp+7p8nCJKNHUlY:t12ojLU6Bf1j7fJC5z7pCKKNH

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4536	Unicorn-6672.exe
1656	Unicorn-24073.exe
3392	Unicorn-45048.exe
1936	Unicorn-34649.exe
2264	Unicorn-11990.exe
1512	Unicorn-63792.exe
1584	Unicorn-44965.exe
4580	Unicorn-1907.exe
2644	Unicorn-15136.exe
3328	Unicorn-52557.exe
4448	Unicorn-13719.exe
3228	Unicorn-13984.exe
1156	Unicorn-64633.exe
1712	Unicorn-58420.exe
3000	Unicorn-40238.exe
2524	Unicorn-57544.exe
960	Unicorn-1317.exe
2692	Unicorn-22292.exe
740	Unicorn-8416.exe
2532	Unicorn-8416.exe
3340	Unicorn-46496.exe
452	Unicorn-57431.exe
700	Unicorn-60231.exe
4276	Unicorn-824.exe
3800	Unicorn-56870.exe
3332	Unicorn-3263.exe
4892	Unicorn-6911.exe
992	Unicorn-7176.exe
4736	Unicorn-1120.exe
2028	Unicorn-46216.exe
3152	Unicorn-34094.exe
4616	Unicorn-26969.exe
2836	Unicorn-7103.exe
1696	Unicorn-32183.exe
4976	Unicorn-11016.exe
3540	Unicorn-10824.exe
2228	Unicorn-56496.exe
4384	Unicorn-51095.exe
2316	Unicorn-50897.exe
636	Unicorn-50897.exe
1768	Unicorn-3734.exe
3620	Unicorn-47368.exe
2056	Unicorn-26201.exe
464	Unicorn-9672.exe
4228	Unicorn-35246.exe
1240	Unicorn-58608.exe
2016	Unicorn-33407.exe
736	Unicorn-54388.exe
3936	Unicorn-42833.exe
3248	Unicorn-47472.exe
1236	Unicorn-51001.exe
3500	Unicorn-51878.exe
5032	Unicorn-18137.exe
4076	Unicorn-37580.exe
1356	Unicorn-18251.exe
3020	Unicorn-7316.exe
4968	Unicorn-41489.exe
4428	Unicorn-46128.exe
1148	Unicorn-43793.exe
1464	Unicorn-2760.exe
3008	Unicorn-47476.exe
1396	Unicorn-33740.exe
4204	Unicorn-43217.exe
3572	Unicorn-8276.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
4464	7380	WerFault.exe	302
5452	8832	WerFault.exe	383
15660	8204	WerFault.exe	363
15804	8624	WerFault.exe	375

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18251.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24689.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44393.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58449.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34229.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56870.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30662.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42806.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43817.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34229.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61961.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39420.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24335.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22560.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44952.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60948.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64186.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57593.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58608.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1330.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34137.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22518.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-946.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59421.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34094.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41318.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60043.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64745.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23567.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61823.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50111.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6672.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34193.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54709.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45336.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58181.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45336.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53957.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51001.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20007.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56152.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	7708	dwm.exe
Token: SeChangeNotifyPrivilege	7708	dwm.exe
Token: 33	7708	dwm.exe
Token: SeIncBasePriorityPrivilege	7708	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2608	833c596dbb09327e2145810c16a45960N.exe
4536	Unicorn-6672.exe
1656	Unicorn-24073.exe
3392	Unicorn-45048.exe
1936	Unicorn-34649.exe
2264	Unicorn-11990.exe
1584	Unicorn-44965.exe
4580	Unicorn-1907.exe
2644	Unicorn-15136.exe
3328	Unicorn-52557.exe
4448	Unicorn-13719.exe
3228	Unicorn-13984.exe
1156	Unicorn-64633.exe
1712	Unicorn-58420.exe
3000	Unicorn-40238.exe
2524	Unicorn-57544.exe
960	Unicorn-1317.exe
2532	Unicorn-8416.exe
740	Unicorn-8416.exe
2692	Unicorn-22292.exe
700	Unicorn-60231.exe
452	Unicorn-57431.exe
4276	Unicorn-824.exe
3340	Unicorn-46496.exe
3800	Unicorn-56870.exe
3332	Unicorn-3263.exe
992	Unicorn-7176.exe
4892	Unicorn-6911.exe
4736	Unicorn-1120.exe
2028	Unicorn-46216.exe
3152	Unicorn-34094.exe
4616	Unicorn-26969.exe
2836	Unicorn-7103.exe
1696	Unicorn-32183.exe
4976	Unicorn-11016.exe
2228	Unicorn-56496.exe
3540	Unicorn-10824.exe
4384	Unicorn-51095.exe
2316	Unicorn-50897.exe
1240	Unicorn-58608.exe
1768	Unicorn-3734.exe
464	Unicorn-9672.exe
2016	Unicorn-33407.exe
636	Unicorn-50897.exe
2056	Unicorn-26201.exe
3620	Unicorn-47368.exe
4228	Unicorn-35246.exe
736	Unicorn-54388.exe
3936	Unicorn-42833.exe
3500	Unicorn-51878.exe
1236	Unicorn-51001.exe
5032	Unicorn-18137.exe
3248	Unicorn-47472.exe
4968	Unicorn-41489.exe
4076	Unicorn-37580.exe
1356	Unicorn-18251.exe
4428	Unicorn-46128.exe
3020	Unicorn-7316.exe
1148	Unicorn-43793.exe
3008	Unicorn-47476.exe
1396	Unicorn-33740.exe
4204	Unicorn-43217.exe
1464	Unicorn-2760.exe
3948	Unicorn-2376.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2608 wrote to memory of 4536	2608	833c596dbb09327e2145810c16a45960N.exe	90
PID 2608 wrote to memory of 4536	2608	833c596dbb09327e2145810c16a45960N.exe	90
PID 2608 wrote to memory of 4536	2608	833c596dbb09327e2145810c16a45960N.exe	90
PID 4536 wrote to memory of 1656	4536	Unicorn-6672.exe	92
PID 4536 wrote to memory of 1656	4536	Unicorn-6672.exe	92
PID 4536 wrote to memory of 1656	4536	Unicorn-6672.exe	92
PID 2608 wrote to memory of 3392	2608	833c596dbb09327e2145810c16a45960N.exe	93
PID 2608 wrote to memory of 3392	2608	833c596dbb09327e2145810c16a45960N.exe	93
PID 2608 wrote to memory of 3392	2608	833c596dbb09327e2145810c16a45960N.exe	93
PID 3392 wrote to memory of 1936	3392	Unicorn-45048.exe	96
PID 3392 wrote to memory of 1936	3392	Unicorn-45048.exe	96
PID 3392 wrote to memory of 1936	3392	Unicorn-45048.exe	96
PID 2608 wrote to memory of 2264	2608	833c596dbb09327e2145810c16a45960N.exe	97
PID 2608 wrote to memory of 2264	2608	833c596dbb09327e2145810c16a45960N.exe	97
PID 2608 wrote to memory of 2264	2608	833c596dbb09327e2145810c16a45960N.exe	97
PID 4536 wrote to memory of 1512	4536	Unicorn-6672.exe	98
PID 4536 wrote to memory of 1512	4536	Unicorn-6672.exe	98
PID 4536 wrote to memory of 1512	4536	Unicorn-6672.exe	98
PID 1656 wrote to memory of 1584	1656	Unicorn-24073.exe	99
PID 1656 wrote to memory of 1584	1656	Unicorn-24073.exe	99
PID 1656 wrote to memory of 1584	1656	Unicorn-24073.exe	99
PID 4536 wrote to memory of 4580	4536	Unicorn-6672.exe	100
PID 4536 wrote to memory of 4580	4536	Unicorn-6672.exe	100
PID 4536 wrote to memory of 4580	4536	Unicorn-6672.exe	100
PID 1936 wrote to memory of 2644	1936	Unicorn-34649.exe	101
PID 1936 wrote to memory of 2644	1936	Unicorn-34649.exe	101
PID 1936 wrote to memory of 2644	1936	Unicorn-34649.exe	101
PID 3392 wrote to memory of 3328	3392	Unicorn-45048.exe	102
PID 3392 wrote to memory of 3328	3392	Unicorn-45048.exe	102
PID 3392 wrote to memory of 3328	3392	Unicorn-45048.exe	102
PID 2608 wrote to memory of 4448	2608	833c596dbb09327e2145810c16a45960N.exe	103
PID 2608 wrote to memory of 4448	2608	833c596dbb09327e2145810c16a45960N.exe	103
PID 2608 wrote to memory of 4448	2608	833c596dbb09327e2145810c16a45960N.exe	103
PID 2264 wrote to memory of 3228	2264	Unicorn-11990.exe	104
PID 2264 wrote to memory of 3228	2264	Unicorn-11990.exe	104
PID 2264 wrote to memory of 3228	2264	Unicorn-11990.exe	104
PID 1584 wrote to memory of 1156	1584	Unicorn-44965.exe	105
PID 1584 wrote to memory of 1156	1584	Unicorn-44965.exe	105
PID 1584 wrote to memory of 1156	1584	Unicorn-44965.exe	105
PID 1656 wrote to memory of 1712	1656	Unicorn-24073.exe	106
PID 1656 wrote to memory of 1712	1656	Unicorn-24073.exe	106
PID 1656 wrote to memory of 1712	1656	Unicorn-24073.exe	106
PID 4580 wrote to memory of 3000	4580	Unicorn-1907.exe	107
PID 4580 wrote to memory of 3000	4580	Unicorn-1907.exe	107
PID 4580 wrote to memory of 3000	4580	Unicorn-1907.exe	107
PID 4536 wrote to memory of 2524	4536	Unicorn-6672.exe	108
PID 4536 wrote to memory of 2524	4536	Unicorn-6672.exe	108
PID 4536 wrote to memory of 2524	4536	Unicorn-6672.exe	108
PID 2644 wrote to memory of 960	2644	Unicorn-15136.exe	109
PID 2644 wrote to memory of 960	2644	Unicorn-15136.exe	109
PID 2644 wrote to memory of 960	2644	Unicorn-15136.exe	109
PID 1936 wrote to memory of 2692	1936	Unicorn-34649.exe	110
PID 1936 wrote to memory of 2692	1936	Unicorn-34649.exe	110
PID 1936 wrote to memory of 2692	1936	Unicorn-34649.exe	110
PID 3228 wrote to memory of 740	3228	Unicorn-13984.exe	111
PID 3328 wrote to memory of 2532	3328	Unicorn-52557.exe	112
PID 3228 wrote to memory of 740	3228	Unicorn-13984.exe	111
PID 3228 wrote to memory of 740	3228	Unicorn-13984.exe	111
PID 3328 wrote to memory of 2532	3328	Unicorn-52557.exe	112
PID 3328 wrote to memory of 2532	3328	Unicorn-52557.exe	112
PID 2264 wrote to memory of 3340	2264	Unicorn-11990.exe	113
PID 2264 wrote to memory of 3340	2264	Unicorn-11990.exe	113
PID 2264 wrote to memory of 3340	2264	Unicorn-11990.exe	113
PID 2608 wrote to memory of 452	2608	833c596dbb09327e2145810c16a45960N.exe	114

C:\Users\Admin\AppData\Local\Temp\833c596dbb09327e2145810c16a45960N.exe
"C:\Users\Admin\AppData\Local\Temp\833c596dbb09327e2145810c16a45960N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2608
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6672.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6672.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44965.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64633.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56870.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42833.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52641.exe
        8⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24689.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19521.exe
        10⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62653.exe
        11⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-800.exe
        11⤵
        
        PID:16116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        10⤵
        
        PID:12604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53909.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:15716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
        10⤵
        
        PID:16380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62509.exe
        9⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63405.exe
        9⤵
        
        PID:14560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
        9⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62680.exe
        8⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7380 -s 708
        9⤵
        Program crash
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12622.exe
        8⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23608.exe
        8⤵
        
        PID:14596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38896.exe
        8⤵
        
        PID:13264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59392.exe
        7⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
        8⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        9⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1895.exe
        9⤵
        
        PID:14448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1452.exe
        9⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55021.exe
        8⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
        8⤵
        
        PID:14584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62908.exe
        8⤵
        
        PID:16108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27790.exe
        7⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52613.exe
        7⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59.exe
        7⤵
        
        PID:14688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10684.exe
        7⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47472.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
        7⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        8⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28182.exe
        9⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60333.exe
        9⤵
        
        PID:14472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        9⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6671.exe
        8⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59460.exe
        8⤵
        
        PID:14996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60619.exe
        8⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14159.exe
        7⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
        7⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11132.exe
        7⤵
        
        PID:15176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47595.exe
        7⤵
        
        PID:16124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33177.exe
        7⤵
        
        PID:15268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        6⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        7⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
        8⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
        7⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        7⤵
        
        PID:14928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7139.exe
        6⤵
        
        PID:9288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19639.exe
        6⤵
        
        PID:13256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49002.exe
        6⤵
        
        PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3263.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51001.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10765.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20097.exe
        9⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        9⤵
        
        PID:12872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63785.exe
        9⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4839.exe
        8⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63405.exe
        8⤵
        
        PID:14552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
        8⤵
        
        PID:17028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe
        7⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60473.exe
        8⤵
        
        PID:15384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12919.exe
        7⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9641.exe
        7⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16740.exe
        6⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
        7⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
        8⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54661.exe
        8⤵
        
        PID:14792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        8⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31668.exe
        7⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16782.exe
        7⤵
        
        PID:13712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
        7⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12606.exe
        6⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
        7⤵
        
        PID:13448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51146.exe
        7⤵
        
        PID:748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7159.exe
        6⤵
        
        PID:10912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42724.exe
        6⤵
        
        PID:15164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34013.exe
        6⤵
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16028.exe
        6⤵
        
        PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37580.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9060.exe
        6⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
        7⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30606.exe
        8⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
        8⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65300.exe
        7⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38412.exe
        7⤵
        
        PID:16020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43817.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4350.exe
        6⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13184.exe
        7⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21791.exe
        7⤵
        
        PID:15496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        7⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19935.exe
        6⤵
        
        PID:11620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13455.exe
        5⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44393.exe
        6⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8588.exe
        7⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7740.exe
        6⤵
        
        PID:10564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53212.exe
        6⤵
        
        PID:15144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
        6⤵
        
        PID:15920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65321.exe
        6⤵
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25094.exe
        5⤵
        
        PID:8124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        6⤵
        
        PID:13040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
        5⤵
        
        PID:11480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19333.exe
        5⤵
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31429.exe
        5⤵
        
        PID:16136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58420.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7176.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18137.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11032.exe
        7⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        8⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8313.exe
        9⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65300.exe
        8⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2388.exe
        8⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20348.exe
        8⤵
        
        PID:15752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
        8⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51637.exe
        7⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54726.exe
        8⤵
        
        PID:13696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60029.exe
        7⤵
        
        PID:11860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33366.exe
        7⤵
        
        PID:15384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34805.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe
        6⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48861.exe
        7⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5430.exe
        7⤵
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21692.exe
        7⤵
        
        PID:16296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
        7⤵
        
        PID:15736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18471.exe
        6⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
        7⤵
        
        PID:13416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
        7⤵
        
        PID:15808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43553.exe
        7⤵
        
        PID:15252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7731.exe
        6⤵
        
        PID:10860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9564.exe
        6⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35189.exe
        6⤵
        
        PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7316.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62729.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34502.exe
        7⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
        8⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        9⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27548.exe
        8⤵
        
        PID:12312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
        8⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11279.exe
        7⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
        7⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17533.exe
        7⤵
        
        PID:16344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62908.exe
        7⤵
        
        PID:15920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12327.exe
        6⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11285.exe
        7⤵
        
        PID:11920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7375.exe
        7⤵
        
        PID:14428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        7⤵
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
        6⤵
        
        PID:11272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34229.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7419.exe
        5⤵
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44393.exe
        6⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64321.exe
        7⤵
        
        PID:14056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
        7⤵
        
        PID:16008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5430.exe
        6⤵
        
        PID:12152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
        6⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58449.exe
        6⤵
        
        PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4076.exe
        5⤵
        
        PID:8224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22388.exe
        6⤵
        
        PID:15872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60047.exe
        6⤵
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57593.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44924.exe
        5⤵
        
        PID:12216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48810.exe
        5⤵
        
        PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6911.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51878.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44281.exe
        6⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12021.exe
        7⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47234.exe
        8⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
        7⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18423.exe
        7⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23567.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60776.exe
        6⤵
        
        PID:11524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16055.exe
        5⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        6⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42367.exe
        7⤵
        
        PID:14412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        7⤵
        
        PID:16356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
        6⤵
        
        PID:11360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11132.exe
        6⤵
        
        PID:8
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14827.exe
        5⤵
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-800.exe
        6⤵
        
        PID:15952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
        5⤵
        
        PID:11048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26374.exe
        5⤵
        
        PID:15128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35.exe
        5⤵
        
        PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18251.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11748.exe
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20190.exe
        6⤵
        
        PID:7752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        6⤵
        
        PID:10720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
        6⤵
        
        PID:15216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63748.exe
        5⤵
        
        PID:8240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53589.exe
        5⤵
        
        PID:11712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
        5⤵
        
        PID:7568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37263.exe
      4⤵
      PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        5⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12751.exe
        6⤵
        
        PID:14660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-946.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47512.exe
        5⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
        5⤵
        
        PID:15696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64186.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25625.exe
      4⤵
      PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34446.exe
        5⤵
        
        PID:14288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42977.exe
        5⤵
        
        PID:6552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32070.exe
      4⤵
      PID:11412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49364.exe
      4⤵
      PID:5376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63792.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63792.exe
    3⤵
    - Executes dropped EXE
    PID:1512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1907.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1907.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40238.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1120.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36606.exe
        7⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25478.exe
        8⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45208.exe
        9⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54338.exe
        10⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36484.exe
        9⤵
        
        PID:14068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12145.exe
        9⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59327.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6420.exe
        8⤵
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65321.exe
        8⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-983.exe
        7⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30606.exe
        8⤵
        
        PID:13872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        8⤵
        
        PID:15984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50111.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34765.exe
        7⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38512.exe
        7⤵
        
        PID:15348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41711.exe
        6⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20278.exe
        7⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46085.exe
        7⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27931.exe
        7⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        7⤵
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21267.exe
        6⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
        7⤵
        
        PID:16292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50526.exe
        7⤵
        
        PID:15956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2151.exe
        6⤵
        
        PID:9908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14942.exe
        6⤵
        
        PID:14616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33177.exe
        6⤵
        
        PID:7100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46128.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
        6⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27486.exe
        7⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32681.exe
        8⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
        9⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35436.exe
        8⤵
        
        PID:13740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6326.exe
        8⤵
        
        PID:15788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18517.exe
        8⤵
        
        PID:15120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39260.exe
        7⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16782.exe
        7⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39183.exe
        7⤵
        
        PID:15864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60619.exe
        7⤵
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22607.exe
        6⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22230.exe
        7⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        7⤵
        
        PID:15872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
        6⤵
        
        PID:10984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        6⤵
        
        PID:14408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31103.exe
        6⤵
        
        PID:16008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34229.exe
        6⤵
        
        PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58541.exe
        5⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38633.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
        7⤵
        
        PID:14560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
        6⤵
        
        PID:11584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7139.exe
        5⤵
        
        PID:9268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19639.exe
        5⤵
        
        PID:13292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25395.exe
        5⤵
        
        PID:16324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34037.exe
        5⤵
        
        PID:16256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46216.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43793.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
        6⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4429.exe
        7⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28179.exe
        8⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7740.exe
        7⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1319.exe
        7⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57548.exe
        7⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61773.exe
        7⤵
        
        PID:13232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14159.exe
        6⤵
        
        PID:7860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
        6⤵
        
        PID:11384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11132.exe
        6⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49792.exe
        5⤵
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
        6⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43012.exe
        6⤵
        
        PID:10988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59260.exe
        6⤵
        
        PID:15200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36450.exe
        6⤵
        
        PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5507.exe
        5⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23712.exe
        6⤵
        
        PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7159.exe
        5⤵
        
        PID:10880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9571.exe
        5⤵
        
        PID:14496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
        5⤵
        
        PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47476.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11748.exe
        5⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        6⤵
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
        6⤵
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        6⤵
        
        PID:16376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33270.exe
        5⤵
        
        PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13215.exe
        5⤵
        
        PID:11580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55112.exe
        5⤵
        
        PID:15400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64186.exe
        5⤵
        
        PID:6512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61696.exe
      4⤵
      PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23566.exe
        5⤵
        
        PID:8488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53471.exe
        5⤵
        
        PID:13860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36033.exe
        5⤵
        
        PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9806.exe
      4⤵
      PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
        5⤵
        
        PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56733.exe
      4⤵
      PID:10840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10101.exe
      4⤵
      PID:14728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33366.exe
      4⤵
      PID:15364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60954.exe
      4⤵
      PID:1672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57544.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57544.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10824.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44198.exe
        5⤵
        
        PID:5232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
        6⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
        7⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        7⤵
        
        PID:12844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63785.exe
        7⤵
        
        PID:16252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46173.exe
        6⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64247.exe
        6⤵
        
        PID:13476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        6⤵
        
        PID:14528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23951.exe
        5⤵
        
        PID:7672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62508.exe
        5⤵
        
        PID:10504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59077.exe
        5⤵
        
        PID:15092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
        5⤵
        
        PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30855.exe
      4⤵
      PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16049.exe
        5⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37326.exe
        6⤵
        
        PID:12176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19778.exe
        6⤵
        
        PID:16352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55021.exe
        5⤵
        
        PID:9824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
        5⤵
        
        PID:14576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        5⤵
        
        PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63068.exe
      4⤵
      PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8597.exe
        5⤵
        
        PID:14156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
        5⤵
        
        PID:5656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16396.exe
      4⤵
      PID:10848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26099.exe
      4⤵
      PID:14380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36500.exe
      4⤵
      PID:10980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51095.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29486.exe
      4⤵
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9613.exe
        5⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20678.exe
        6⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        7⤵
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33988.exe
        6⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        6⤵
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        6⤵
        
        PID:16300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34356.exe
        5⤵
        
        PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        5⤵
        
        PID:11960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25009.exe
        5⤵
        
        PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6380.exe
      4⤵
      PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60969.exe
        5⤵
        
        PID:15936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
      4⤵
      PID:11316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43045.exe
      4⤵
      PID:8320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18924.exe
    3⤵
    PID:5168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36025.exe
      4⤵
      PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12021.exe
        5⤵
        
        PID:7852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61840.exe
        5⤵
        
        PID:10676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53020.exe
        5⤵
        
        PID:15204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        5⤵
        
        PID:15880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57112.exe
      4⤵
      PID:8204
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8204 -s 500
        5⤵
        Program crash
        
        PID:15660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47724.exe
      4⤵
      PID:11808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19212.exe
      4⤵
      PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58449.exe
      4⤵
      PID:15032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7453.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7453.exe
    3⤵
    PID:6332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15088.exe
      4⤵
      PID:8736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1764.exe
        5⤵
        
        PID:7128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27548.exe
      4⤵
      PID:11056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
      4⤵
      PID:15076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
    3⤵
    PID:8920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12532.exe
    3⤵
    PID:13012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2772.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2772.exe
    3⤵
    PID:15844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50900.exe
    3⤵
    PID:4704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45048.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45048.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34649.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34649.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15136.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26969.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43217.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37457.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        9⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7901.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17756.exe
        10⤵
        
        PID:12568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2831.exe
        9⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58575.exe
        9⤵
        
        PID:14252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24288.exe
        9⤵
        
        PID:15628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56152.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48772.exe
        8⤵
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27469.exe
        8⤵
        
        PID:14852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61965.exe
        8⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9723.exe
        7⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        8⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61688.exe
        9⤵
        
        PID:16304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3680.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65300.exe
        8⤵
        
        PID:11308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44201.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
        7⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        8⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11270.exe
        7⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51469.exe
        7⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56101.exe
        7⤵
        
        PID:13032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8276.exe
        6⤵
        Executes dropped EXE
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4120.exe
        7⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32577.exe
        8⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        9⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
        9⤵
        
        PID:13280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24672.exe
        9⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1679.exe
        8⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33987.exe
        8⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55061.exe
        8⤵
        
        PID:16332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-946.exe
        8⤵
        
        PID:16012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23566.exe
        7⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12992.exe
        8⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47256.exe
        8⤵
        
        PID:14464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49852.exe
        8⤵
        
        PID:15816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        8⤵
        
        PID:16184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53471.exe
        7⤵
        
        PID:13844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
        7⤵
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28363.exe
        6⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7029.exe
        7⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63942.exe
        8⤵
        
        PID:13184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36892.exe
        8⤵
        
        PID:16108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48424.exe
        8⤵
        
        PID:14744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27025.exe
        8⤵
        
        PID:16344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
        7⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63785.exe
        7⤵
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6567.exe
        6⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27914.exe
        7⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exe
        6⤵
        
        PID:13240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8764.exe
        6⤵
        
        PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe
        6⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31542.exe
        7⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47149.exe
        7⤵
        
        PID:12484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57548.exe
        7⤵
        
        PID:15964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
        7⤵
        
        PID:17036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29821.exe
        6⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7539.exe
        6⤵
        
        PID:10936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
        6⤵
        
        PID:14468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29401.exe
        6⤵
        
        PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47943.exe
        5⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20383.exe
        6⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39593.exe
        7⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
        7⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62908.exe
        7⤵
        
        PID:16296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22518.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13215.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43817.exe
        6⤵
        
        PID:15684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28552.exe
        5⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        6⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30486.exe
        7⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19572.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30536.exe
        7⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1679.exe
        6⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33987.exe
        6⤵
        
        PID:12928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64745.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3667.exe
        5⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-800.exe
        6⤵
        
        PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41911.exe
        5⤵
        
        PID:10600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50942.exe
        5⤵
        
        PID:15104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56101.exe
        5⤵
        
        PID:13204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50897.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43814.exe
        6⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
        7⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61622.exe
        8⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        8⤵
        
        PID:12580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        8⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46365.exe
        7⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64247.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24934.exe
        7⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63785.exe
        7⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62405.exe
        6⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33674.exe
        7⤵
        
        PID:15708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
        6⤵
        
        PID:11028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44321.exe
        6⤵
        
        PID:15896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11369.exe
        6⤵
        
        PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24524.exe
        5⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32081.exe
        6⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64206.exe
        7⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
        7⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
        7⤵
        
        PID:15740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34356.exe
        6⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64321.exe
        7⤵
        
        PID:14032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        7⤵
        
        PID:15892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        6⤵
        
        PID:11444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
        6⤵
        
        PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2907.exe
        5⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60361.exe
        6⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        6⤵
        
        PID:12620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        6⤵
        
        PID:15784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64621.exe
        5⤵
        
        PID:9644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
        5⤵
        
        PID:12160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4824.exe
        5⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48828.exe
        5⤵
        
        PID:15760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53305.exe
        5⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28625.exe
        6⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        7⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54248.exe
        7⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27830.exe
        7⤵
        
        PID:15348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9596.exe
        7⤵
        
        PID:14376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-946.exe
        7⤵
        
        PID:14936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64236.exe
        6⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54056.exe
        6⤵
        
        PID:12404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12241.exe
        6⤵
        
        PID:17128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19148.exe
        5⤵
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        6⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
        7⤵
        
        PID:15484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27548.exe
        6⤵
        
        PID:12296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24934.exe
        6⤵
        
        PID:15116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37168.exe
        6⤵
        
        PID:15524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1667.exe
        5⤵
        
        PID:8904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13215.exe
        5⤵
        
        PID:11332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36500.exe
        5⤵
        
        PID:9068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58816.exe
      4⤵
      PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        5⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28265.exe
        6⤵
        
        PID:9192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        6⤵
        
        PID:12628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63209.exe
        6⤵
        
        PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54341.exe
        5⤵
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64247.exe
        5⤵
        
        PID:13508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
        5⤵
        
        PID:15908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35078.exe
      4⤵
      PID:7548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34620.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64974.exe
      4⤵
      PID:14844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25293.exe
      4⤵
      PID:5904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52557.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8416.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28142.exe
        6⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26718.exe
        8⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53838.exe
        9⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        9⤵
        
        PID:12588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63785.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54341.exe
        8⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63405.exe
        8⤵
        
        PID:14568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57188.exe
        8⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14823.exe
        7⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57606.exe
        8⤵
        
        PID:14232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29137.exe
        8⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61823.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
        7⤵
        
        PID:14704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
        7⤵
        
        PID:17044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16927.exe
        6⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
        7⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5296.exe
        8⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48881.exe
        9⤵
        
        PID:15644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62889.exe
        9⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44269.exe
        8⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39171.exe
        8⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28596.exe
        7⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43308.exe
        7⤵
        
        PID:14188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
        7⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        6⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4949.exe
        7⤵
        
        PID:13068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7094.exe
        7⤵
        
        PID:16120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46203.exe
        7⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55976.exe
        6⤵
        
        PID:10972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56101.exe
        6⤵
        
        PID:10908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24887.exe
        5⤵
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41318.exe
        6⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11632.exe
        7⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5978.exe
        8⤵
        
        PID:15408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33988.exe
        7⤵
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
        6⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58190.exe
        7⤵
        
        PID:14732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        7⤵
        
        PID:16080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        6⤵
        
        PID:11636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
        6⤵
        
        PID:16128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2907.exe
        5⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7413.exe
        6⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27548.exe
        6⤵
        
        PID:12304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
        6⤵
        
        PID:14848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7636.exe
        5⤵
        
        PID:9304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exe
        5⤵
        
        PID:12252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-803.exe
        5⤵
        
        PID:15396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35765.exe
        5⤵
        
        PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56496.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2376.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25487.exe
        7⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20403.exe
        8⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11766.exe
        7⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1324.exe
        7⤵
        
        PID:14888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        7⤵
        
        PID:16232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64408.exe
        6⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64326.exe
        7⤵
        
        PID:12396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17003.exe
        7⤵
        
        PID:15476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
        7⤵
        
        PID:15828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10531.exe
        6⤵
        
        PID:10896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18236.exe
        6⤵
        
        PID:14540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
        6⤵
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34887.exe
        5⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16734.exe
        6⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5893.exe
        7⤵
        
        PID:11352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        7⤵
        
        PID:15884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        7⤵
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65300.exe
        6⤵
        
        PID:11296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11132.exe
        6⤵
        
        PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10791.exe
        5⤵
        
        PID:8456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20094.exe
        6⤵
        
        PID:8080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38484.exe
        5⤵
        
        PID:12276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43045.exe
        5⤵
        
        PID:9024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
      4⤵
      PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20383.exe
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44201.exe
        6⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40412.exe
        6⤵
        
        PID:10628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28707.exe
        6⤵
        
        PID:15080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64948.exe
        6⤵
        
        PID:14936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58699.exe
        6⤵
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6379.exe
        5⤵
        
        PID:8256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3970.exe
        6⤵
        
        PID:6928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53589.exe
        5⤵
        
        PID:10932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
        5⤵
        
        PID:16336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28360.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44393.exe
        5⤵
        
        PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
        5⤵
        
        PID:10660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28707.exe
        5⤵
        
        PID:15112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64937.exe
        5⤵
        
        PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60948.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
      4⤵
      PID:9716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45174.exe
      4⤵
      PID:12528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31538.exe
      4⤵
      PID:6452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60231.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9672.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62049.exe
        5⤵
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14488.exe
        6⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12021.exe
        7⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9541.exe
        8⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2087.exe
        8⤵
        
        PID:14484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27025.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        7⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61293.exe
        7⤵
        
        PID:14524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36033.exe
        7⤵
        
        PID:15040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64236.exe
        6⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30035.exe
        6⤵
        
        PID:13768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52528.exe
        6⤵
        
        PID:15796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49422.exe
        6⤵
        
        PID:16040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12241.exe
        6⤵
        
        PID:17136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50752.exe
        5⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20766.exe
        6⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8313.exe
        7⤵
        
        PID:15416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
        6⤵
        
        PID:11376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38412.exe
        6⤵
        
        PID:752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44201.exe
        6⤵
        
        PID:1184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38751.exe
        5⤵
        
        PID:8280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
        5⤵
        
        PID:11496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37377.exe
        5⤵
        
        PID:7144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34508.exe
      4⤵
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15862.exe
        5⤵
        
        PID:6948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28265.exe
        6⤵
        
        PID:9184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        6⤵
        
        PID:12612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53909.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37168.exe
        6⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12623.exe
        5⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33603.exe
        5⤵
        
        PID:13400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22752.exe
        5⤵
        
        PID:16068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37168.exe
        5⤵
        
        PID:6140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4731.exe
      4⤵
      PID:8624
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 652
        5⤵
        Program crash
        
        PID:15804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53552.exe
      4⤵
      PID:12472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57362.exe
      4⤵
      PID:16168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58608.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58608.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53305.exe
      4⤵
      PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21809.exe
        5⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7797.exe
        6⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12610.exe
        7⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60221.exe
        6⤵
        
        PID:12352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        6⤵
        
        PID:15096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53957.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31491.exe
        5⤵
        
        PID:12648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7620.exe
      4⤵
      PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
        5⤵
        
        PID:9432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60303.exe
        5⤵
        
        PID:13612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24672.exe
        5⤵
        
        PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15414.exe
      4⤵
      PID:9332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39853.exe
      4⤵
      PID:13268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19337.exe
      4⤵
      PID:7236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25646.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25646.exe
    3⤵
    PID:640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11917.exe
      4⤵
      PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57848.exe
        5⤵
        
        PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        5⤵
        
        PID:16292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4476.exe
      4⤵
      PID:9924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36484.exe
      4⤵
      PID:13948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18543.exe
    3⤵
    PID:7684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60238.exe
    3⤵
    PID:10492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3838.exe
    3⤵
    PID:15056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17564.exe
    3⤵
    PID:16260
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11990.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11990.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8416.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34094.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2760.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13528.exe
        7⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        8⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3485.exe
        9⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54661.exe
        9⤵
        
        PID:14696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        9⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65300.exe
        8⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61389.exe
        8⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56152.exe
        7⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15030.exe
        7⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61293.exe
        7⤵
        
        PID:14444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60427.exe
        7⤵
        
        PID:16176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3668.exe
        6⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        7⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57222.exe
        8⤵
        
        PID:14088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        8⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7740.exe
        7⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27638.exe
        7⤵
        
        PID:15040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-946.exe
        7⤵
        
        PID:15180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        6⤵
        
        PID:8196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53589.exe
        6⤵
        
        PID:12256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36308.exe
        6⤵
        
        PID:15712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33740.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61577.exe
        6⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        7⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41633.exe
        8⤵
        
        PID:16088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48088.exe
        7⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60228.exe
        7⤵
        
        PID:14860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exe
        7⤵
        
        PID:13212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57221.exe
        6⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
        6⤵
        
        PID:11572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13716.exe
        6⤵
        
        PID:15912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61965.exe
        6⤵
        
        PID:7296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30662.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44393.exe
        6⤵
        
        PID:7936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37143.exe
        6⤵
        
        PID:10712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
        6⤵
        
        PID:15260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19778.exe
        6⤵
        
        PID:16200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        5⤵
        
        PID:8500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
        6⤵
        
        PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
        5⤵
        
        PID:12416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17564.exe
        5⤵
        
        PID:16092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7103.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59392.exe
        5⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15862.exe
        6⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15389.exe
        7⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
        7⤵
        
        PID:11804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63209.exe
        7⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42908.exe
        6⤵
        
        PID:10152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
        6⤵
        
        PID:14332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
        6⤵
        
        PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20007.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30.exe
        5⤵
        
        PID:11112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43388.exe
        5⤵
        
        PID:14820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22717.exe
        5⤵
        
        PID:15488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25201.exe
        5⤵
        
        PID:5800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
      4⤵
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48230.exe
        5⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44393.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60494.exe
        7⤵
        
        PID:14960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        7⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37143.exe
        6⤵
        
        PID:10704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
        6⤵
        
        PID:15304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19202.exe
        6⤵
        
        PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47724.exe
        5⤵
        
        PID:12280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57764.exe
        5⤵
        
        PID:988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37680.exe
      4⤵
      PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44393.exe
        5⤵
        
        PID:7876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7528.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        6⤵
        
        PID:16076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
        5⤵
        
        PID:10460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3403.exe
        5⤵
        
        PID:14836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
        5⤵
        
        PID:15340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60948.exe
      4⤵
      PID:8216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48631.exe
      4⤵
      PID:9672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20669.exe
      4⤵
      PID:13152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33074.exe
      4⤵
      PID:6200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46496.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46496.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35246.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53798.exe
        5⤵
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47929.exe
        6⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
        7⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30185.exe
        8⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        8⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
        8⤵
        
        PID:15672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        7⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1014.exe
        7⤵
        
        PID:13884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13343.exe
        7⤵
        
        PID:15932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        7⤵
        
        PID:14564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24335.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38966.exe
        7⤵
        
        PID:13780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        7⤵
        
        PID:15976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54148.exe
        6⤵
        
        PID:10636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59077.exe
        6⤵
        
        PID:15120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41300.exe
        6⤵
        
        PID:16080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
        6⤵
        
        PID:15868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8951.exe
        5⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12021.exe
        6⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
        7⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-800.exe
        7⤵
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48772.exe
        6⤵
        
        PID:11608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        5⤵
        
        PID:8176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53589.exe
        5⤵
        
        PID:11488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37377.exe
        5⤵
        
        PID:7108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33439.exe
      4⤵
      PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        5⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        6⤵
        
        PID:8744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
        6⤵
        
        PID:11476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        6⤵
        
        PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
        5⤵
        
        PID:8512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        5⤵
        
        PID:12436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13126.exe
        5⤵
        
        PID:15488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40001.exe
        5⤵
        
        PID:888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42871.exe
      4⤵
      PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53838.exe
        5⤵
        
        PID:8368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        5⤵
        
        PID:12596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        5⤵
        
        PID:5792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56444.exe
      4⤵
      PID:8428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31188.exe
      4⤵
      PID:13828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29209.exe
      4⤵
      PID:6264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54388.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54388.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exe
      4⤵
      PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24689.exe
        5⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12805.exe
        6⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60797.exe
        6⤵
        
        PID:13096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1330.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53848.exe
        5⤵
        
        PID:9988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
        5⤵
        
        PID:13660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38512.exe
        5⤵
        
        PID:6436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3779.exe
      4⤵
      PID:7400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3028.exe
      4⤵
      PID:10324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59.exe
      4⤵
      PID:14720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17426.exe
      4⤵
      PID:16348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50072.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50072.exe
    3⤵
    PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41318.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        5⤵
        
        PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27548.exe
        5⤵
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6524.exe
        5⤵
        
        PID:15448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33612.exe
        5⤵
        
        PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
        5⤵
        
        PID:5288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49624.exe
      4⤵
      PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
      4⤵
      PID:11600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58449.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-107.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-107.exe
    3⤵
    PID:6872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60361.exe
      4⤵
      PID:9144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
      4⤵
      PID:12636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53909.exe
      4⤵
      PID:15724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41300.exe
      4⤵
      PID:16092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37168.exe
      4⤵
      PID:3204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39420.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39420.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
      4⤵
      PID:14632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61977.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:13488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7204.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7204.exe
    3⤵
    PID:14744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56101.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56101.exe
    3⤵
    PID:5828
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50897.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34769.exe
        5⤵
        
        PID:440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15862.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39593.exe
        7⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
        7⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        7⤵
        
        PID:1248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54149.exe
        6⤵
        
        PID:9448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31491.exe
        6⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
        5⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
        6⤵
        
        PID:10748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2713.exe
        6⤵
        
        PID:16228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
        5⤵
        
        PID:10856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59260.exe
        5⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34229.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30471.exe
      4⤵
      PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24689.exe
        5⤵
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29334.exe
        6⤵
        
        PID:9168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        6⤵
        
        PID:12572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        6⤵
        
        PID:15944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        5⤵
        
        PID:9912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63405.exe
        5⤵
        
        PID:14528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37443.exe
        5⤵
        
        PID:15396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3779.exe
      4⤵
      PID:7408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62500.exe
      4⤵
      PID:9364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33947.exe
      4⤵
      PID:16032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41532.exe
      4⤵
      PID:6920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47368.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47368.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34769.exe
      4⤵
      PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40745.exe
        5⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        6⤵
        
        PID:9376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
        6⤵
        
        PID:13284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37635.exe
        6⤵
        
        PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28404.exe
        5⤵
        
        PID:8476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58575.exe
        5⤵
        
        PID:14272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36500.exe
        5⤵
        
        PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6188.exe
      4⤵
      PID:7464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62700.exe
      4⤵
      PID:10304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
      4⤵
      PID:14428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34137.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38068.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38068.exe
    3⤵
    PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
      4⤵
      PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        5⤵
        
        PID:7244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55878.exe
        6⤵
        
        PID:13560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43553.exe
        6⤵
        
        PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64424.exe
        5⤵
        
        PID:9968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17742.exe
        5⤵
        
        PID:14624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
        5⤵
        
        PID:15056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56152.exe
      4⤵
      PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
        5⤵
        
        PID:16304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48772.exe
      4⤵
      PID:11560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
    3⤵
    PID:6556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
      4⤵
      PID:8764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64055.exe
      4⤵
      PID:13544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63016.exe
      4⤵
      PID:15620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
      4⤵
      PID:6816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7139.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7139.exe
    3⤵
    PID:9324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12156.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12156.exe
    3⤵
    PID:2292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57431.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57431.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26201.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26201.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36030.exe
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
        5⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        6⤵
        
        PID:8752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64247.exe
        6⤵
        
        PID:13592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53525.exe
        6⤵
        
        PID:15944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63785.exe
        6⤵
        
        PID:16320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45981.exe
        5⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35990.exe
        6⤵
        
        PID:15224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64636.exe
        6⤵
        
        PID:15164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31491.exe
        5⤵
        
        PID:12320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14142.exe
      4⤵
      PID:8008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54902.exe
        5⤵
        
        PID:11468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17932.exe
      4⤵
      PID:11092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10723.exe
      4⤵
      PID:15168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29209.exe
      4⤵
      PID:6276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15396.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15396.exe
    3⤵
    PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
      4⤵
      PID:6156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45208.exe
        5⤵
        
        PID:9788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3811.exe
        5⤵
        
        PID:13896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24672.exe
        5⤵
        
        PID:7748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42140.exe
      4⤵
      PID:10236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64440.exe
      4⤵
      PID:14260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59300.exe
      4⤵
      PID:5344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26062.exe
    3⤵
    PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45213.exe
      4⤵
      PID:9592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
      4⤵
      PID:11616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32300.exe
      4⤵
      PID:5552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6375.exe
    3⤵
    PID:9576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35214.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35214.exe
    3⤵
    PID:12452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60784.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60784.exe
    3⤵
    PID:15956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61442.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61442.exe
    3⤵
    PID:17148
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33407.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33407.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50913.exe
    3⤵
    PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32081.exe
      4⤵
      PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
        5⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        6⤵
        
        PID:16312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65300.exe
        5⤵
        
        PID:10952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44201.exe
        5⤵
        
        PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50111.exe
      4⤵
      PID:10964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59260.exe
      4⤵
      PID:15224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10025.exe
      4⤵
      PID:2312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54709.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
      4⤵
      PID:8832
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8832 -s 468
        5⤵
        Program crash
        
        PID:5452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27548.exe
      4⤵
      PID:11740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62824.exe
      4⤵
      PID:788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
      4⤵
      PID:14696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59716.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59716.exe
    3⤵
    PID:9396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44840.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44840.exe
    3⤵
    PID:12424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39681.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39681.exe
    3⤵
    PID:6180
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41937.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41937.exe
  2⤵
  PID:5364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24030.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24030.exe
    3⤵
    PID:6960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20678.exe
      4⤵
      PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33988.exe
      4⤵
      PID:11856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
      4⤵
      PID:15196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59416.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59416.exe
    3⤵
    PID:9072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8313.exe
      4⤵
      PID:6628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
    3⤵
    PID:11340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
    3⤵
    PID:15876
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51270.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51270.exe
  2⤵
  PID:6520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
    3⤵
    PID:13604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
    3⤵
    PID:16048
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32687.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32687.exe
  2⤵
  PID:9972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58344.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58344.exe
  2⤵
  PID:14632
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23801.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23801.exe
  2⤵
  PID:15412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 8624 -ip 8624
1⤵
PID:15568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 8832 -ip 8832
1⤵
PID:1496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 8204 -ip 8204
1⤵
PID:4304

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:7708

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:5744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1120.exe

Filesize
468KB

MD5
15c28ccbbb987a38c9144097a0bf45c7

SHA1
1973e46920ab7c2335c2c588400c456a48c343ae

SHA256
ef104ba8e7b665cde988d5afef9f8d31988d5a34b6380c3e90502918ff42b5e8

SHA512
942194de60f09c851922986886e7032c6ca7388436e0739230d6fab13848ca1a5fe59774fce28658aa0bd84a1be0d58b1c85777406ff6dd30cac6857216296f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11990.exe

Filesize
468KB

MD5
3db9213de1775e1befe4edd545201de8

SHA1
2eb8548e4b06bdb9d8dd5f7e5592c9ed9e262202

SHA256
c4290ad4f03823a48bb096f26d395c9ae36b53d44206e5918741cd49da6956c7

SHA512
31c9fa416f7f1984ad641f87cff6b722cc63979b8381ede5880f9f0ec101bd01b752dae49f31837b84d9b42bf7ae798d24eec4e2379b3b763472bde0b59379e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe

Filesize
468KB

MD5
49f3edc569d06371e9da72e224a834fa

SHA1
d3043a0dddbd013408f69e0956f7e39a33760518

SHA256
0c89fdd9e547ff8c18708f2c33033a24db6901961ff74398f5a1e4691bbe42d2

SHA512
faf9119d81d59678703a17d13ab370db1b1223327b094f26144c04b9f5ec367ddf2c55c6bbc5e62d1cdf587b533f70451fd1d7816eb1b7b08433142cdf9e8026

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe

Filesize
468KB

MD5
fe05f49308e438b8512345458c2f9f40

SHA1
5af07eca8b6bf0908632a0f2d8de2fd266389b44

SHA256
6726699af277e7c67b67c30f9a7d6c185e905af4d9e9e46e87e09f237f62c0ed

SHA512
7e2a3d3b28da48da06d75e8dd97694274689374ebe9f267e883d0ce8850487dcec2057e0426b282741244f4d25aeb6c811782d174721f24e5510c56c91ea5775

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe

Filesize
468KB

MD5
8ab55e5909b88530f8980e3a38e0366c

SHA1
a33fc95f7397cbdbbed0b72f3266057a8ebdafd1

SHA256
74164f22d10c8e725001fdb05775849ca107c5192061a29d311a82f3cd5c4da4

SHA512
e35ee2748e948a2bea0a445def7a536f54d0675283664eb56f494a66205fa84bdf2f0cadd3d9640e52994df6fac1314c80b8c9c26041cf5a4839f4a7c79c060c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15136.exe

Filesize
468KB

MD5
3549373f3b6108ec1ae70dadfa7f9808

SHA1
a9eadd973be87afc87f6a7a2c53601f7c54b5044

SHA256
c21d0f9a30e7d208635c3e4e3a44a396de29fb879727efc594aa3a8b7b5c9267

SHA512
3b06bc953b867828b0ee21ae94ba74d1a3fd8fbc0f422a96927ef8d6b6f43a48945129d46392598ade3ba32702d57b985a38c150de3d97bb79909edcc26998fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1907.exe

Filesize
468KB

MD5
729135deab16561d77e0fe8bb81d14c0

SHA1
9b23ce8a182068dc5e63429b89eb2a4c56c8c0d3

SHA256
884b7589de842e9702450a915d0ec7a8a3638c2d50cc7a7c204eabd75fee2f26

SHA512
1aa94df787b64d6284bdfc660bc83f28594b81279790eadf8ca5ff045366462119c135984d686d2a7eebafcff7e9051dac70773e9db8a63d650c1c56fc3d694c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe

Filesize
468KB

MD5
a5ac02c78494ca7d172c9ee8db773044

SHA1
46e916b6bd2920765f5c4747a4b8c913c1a93fb0

SHA256
b7ca5dd00d42d727a1bfa26e3a91f3d1136dbda6d6c976800be67fc61494da8d

SHA512
877537f1f1d0da7a7b77e4a25bca6acd6484e195d38138f0399965b6fc59cbefb48572ff07d6f6478cd89a5cc466551ed02fce4c8dd4a80768cb6f7f03ee737e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe

Filesize
468KB

MD5
3f02dd6b097ea9e78603d6da962134fd

SHA1
934994ee6d48a9432e341ee2589664a56adeda55

SHA256
e510146d9d35eddd08b6bed8e7a8d7b1324e1df34278267daac1460fe53ec64f

SHA512
0b88fd69b5238ce7e22e7904b17aea8c3acb84a3e21e01d3aafce0b80e30f32a5ae874901fb166c11794e05d6d119b7a6ee032db5795e15d54aeeb46e895d5cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26969.exe

Filesize
468KB

MD5
a1a1f7917fb24fb3e5517a9950480c53

SHA1
4779ff2c02b48d1f57018c0890f916c36486dd16

SHA256
f48e985bac936b458ce1bfa91be74a613a48736f98f9fab76522f28994dd5805

SHA512
5fa9cc2305622de82fd11b341e8d386de2b7a7eea4ad75bdc49567c38748480386d49e0afcadc81fc472741f00c73e122f475272b1647c1cc9ad20192ff453d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3263.exe

Filesize
468KB

MD5
66adbf77a6db590260211ec70d2f8b79

SHA1
28f007b1ab4c329edb91dfd37e728579323e89bf

SHA256
c480d6c4b6cf47a1635aaadd87f1f849a2ee9e32528b50eb3f6f62b7ef02730e

SHA512
d9467240a7e1f958cb65c1d01c9d61bb292ab6af28c256548d3076cc9072da54ebf05a0263c6e939e20e7934c877f67c69e5c73f83dd975148496d85758c74ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34094.exe

Filesize
468KB

MD5
9ef9d298ca26a954b4ce29fc71958521

SHA1
dd9290f67f1b9e67f530a24e4f76fa4e1a3f092f

SHA256
14b65f1575765e24c999e7907e980f49447399943f0d05a3ba5da89c0f0ac773

SHA512
a5494ad0b76e767d3b1395516e00a97613c822fedffce1db41d7d6d82e8bcc01c5fd24829d725a98aa7d6858cb59844084e40e60c76d5e78cfdff7e484553e42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34649.exe

Filesize
468KB

MD5
5b12b1b2c20b8031ccd8e0c099c6527b

SHA1
a9015a69d2f140527e5d49e8bed7e059c296a1a8

SHA256
27efd88e6aef3c9a250a01cc0c372eb36dbef2436525c8c478b9c9c98ebb966b

SHA512
8f9775b95d570d474021432b4320e5670b6151d695088dbe4153f7c9d9c9640709da77b877b507192f36a0a7bae1326513868b57249208a1c44435c52aa882f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe

Filesize
468KB

MD5
901abce508994b319d3cac2e92099e56

SHA1
2ece906db759d7d3095f3163e2fa163a47cfa3c7

SHA256
362718203c89d86c5fc36a60a62a17b324b21ad14f14acbe22f9a8cbd1aac449

SHA512
93db7c08b389071895a46b8c5c158385b733c5b0f0d3217c22fbd4b2e6f26e8f684e8186929c237cad5381897ba92881513d1cdf94f9d1e2cb62899045179c89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40238.exe

Filesize
468KB

MD5
666ce9a8c66cce86e699a362b40452bc

SHA1
884d028e90de79f08dfdf8afa82d3002d620b0fc

SHA256
57517b44317dfb26db43c263244715d4a067a8e20298c0a124ec5ffdbef4fa92

SHA512
4d5e1bfe19b5f1897c519a119f95599fe74854419b2a5432162b019d708ad0e539f696835e0776199bdca1df109a59366fca886f6cf340b819a6620b18e2a7fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44965.exe

Filesize
468KB

MD5
0ad9294f9047ba8f3a96d68e22841885

SHA1
26f0c14b54dde6b3d065f9372a889fe12c5f21b7

SHA256
0c752ce486dc91e1a9fc002383ef9ac236ad7654fe941fba38368a25da0d4614

SHA512
027db51949302a0ae6d4bea97d2fe527a38e6061f04f7180b903035e085b5b561bb8ed68b9a38c528bd3a0b984b0a02f6e8432654129c7cb1f38c9044e13ee8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45048.exe

Filesize
468KB

MD5
32f020bd037f925d8df30bb7abd20e94

SHA1
56ff32ef95d33b08eba5240a6c88ceb47c6a6eef

SHA256
9d2f140326b2c3f5b069a31c0aa96b1138a759cf5025163302ccc154ffba768a

SHA512
3b96a32836e740991f071728c9ffef4fb85680e750b1502232bb826a354d1089e03aef3c16a0e57ba8ed17132553b17ebb24098d63b0f04440162ee64c62ccc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46216.exe

Filesize
468KB

MD5
0c0a9b19256e3f683f01e50b61f8555e

SHA1
8b184f5afbf0a5bd27e46269c6d1c506be18822e

SHA256
0b64242d852112cf3f7aa818efe0b7e58b1c1f289a91f2f2f8bd2de6b8395d33

SHA512
149162c57ca8c495d5102595de525692a57621e421eb289dbe2c36aaff81b4377030d1995dd5cff57e2caa5d110ad9a846ee503b4d84daaa7cd8c86a458080b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46496.exe

Filesize
468KB

MD5
d42bf6373bc3671760c5bd3b0918e3f0

SHA1
f5c574508b362fc1fdf6150b5c09ea9296b3b6a7

SHA256
3be012bd8bfa7fa6e9e7475c33c6d3d91085c692b5680a7f0f677355a6a70744

SHA512
7437bb483284c53936eacc313fe3763bd0a6ce9adc9332338591e7f5ac6fa54752d9b54fb18ca422c0caac6287fdf0b052a37f660d964c0005e321ee53acca16

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52557.exe

Filesize
468KB

MD5
8afaad0b73012d59a526d5445bcb1379

SHA1
42b10bc0304eb6b90314c1ba1298abf01848f3cb

SHA256
42206cb7be2f89fee9312902541875a7a438bc9b4304423d8c42989290c53a4e

SHA512
f517260b7b2060c4bb75e8261d79c6172f959b567da0f168d3160ecc8c02767e0f47eb554d5ca4f53362ed41ca8f4c452ed3260c4759a7eb0442ac2eaef5b4e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56870.exe

Filesize
468KB

MD5
942d59ebbbc71edd09065ccf0907cdec

SHA1
b859b0ba88a0f9a9315e7613de0fed3f4e029174

SHA256
e0c1dd77247b4faa6139138db4e473b93d32982e6dec31cc2139380c752fb1d4

SHA512
071c1ff434d2e5f15fb3f7b31a4de20327ca94f398d5232550a2b2af790db7c2862a1d8e82ec379786cb8e5dcae71af09b4b157151a9c93695d9609f651aa621

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57431.exe

Filesize
468KB

MD5
cd568ae3c5649b06dc25c34d06f7b7f9

SHA1
f3876a99ba60f514870be46838ea31e6a0e3f781

SHA256
d1f3f6123f39dd9ce45956c68afa0d6f6259caadd8eb03bc881e44ecff031539

SHA512
a209322b2ab52d3bde19f312493b9da344bd7ae9fcdaf42e62b1d5871d7e93e15a8f5f7f9b20befb4593dd198c22e67f850389af5005ea04d5e26c018806165a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57544.exe

Filesize
468KB

MD5
aca4f9af8d3d1e61f5dd61c03db9e70b

SHA1
5e1bb1498d68575491f5e043767fe1dc5814d9b9

SHA256
2b7bb6fcfdf8e16fb3ff765c4bc666d491a5dfa2587773f7d2f44087e22964ca

SHA512
2bea0d2bcf10cc88a338a89f7e18cc4fefdc6d312fa70a2e969042814b62c8b7ad6a2c0001353b9c3f9bff719f828e508c0a1ec1833d0eca56b9b0a753367462

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58420.exe

Filesize
468KB

MD5
c7fb33aeddc4d021d363c936955881b5

SHA1
0d2c4c2c2d5a0b693c6a3b76a8cbb2648e1c71ee

SHA256
124c0c9280b251916be533cc1b563891b85bd29c8af4f6dd4303e3876ef3d045

SHA512
6c402d8161e7e40b7f3193e76b4ec64c03b0c2dc5d7e266b16abd9cb10ab2bb1cf930fd2bbb9b60b7d64da6b8222058ecbdd5625b226efa0108239f0d404de8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60231.exe

Filesize
468KB

MD5
c8ff3d8454745a1ae0623e09ad2abbbe

SHA1
1938521d659c1f56904e27b47254056b59168bb9

SHA256
166004d8ff80a63d3df059ae7b077c6891c47af5e4a155cc42e3acc46ab94dc2

SHA512
b845f686f348c1dee84044e53eaba57b356e22d92ed4f015742403b0962863d2bc2fd0700917b2852bda5711b4a413db9a7205fa9d7216635924c5881556cbcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63792.exe

Filesize
468KB

MD5
dae081da7e29b29d76d0953d3c73478c

SHA1
1344514754faf8784ec38d5b525db33edc475e95

SHA256
a8a8ff28c901612431f87c70564fa26ebdd15c4a1df1b34a4731a9467af09558

SHA512
622fe8a5a16974329a8671ba711a1fbbe4bed7dddb92f97cea47a3cd1e92ddfde40692075c08475b27e08103dd7020f5698422377c47b9f2ac579e882b54cdfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64633.exe

Filesize
468KB

MD5
db276f4129cfcb56896da327156c8863

SHA1
df6aee4aab82b29c1ab0a0d9b77fa28be6a16890

SHA256
fe2230d018bf8c003d6a3b4b0e0e044505fe2ca447edc9b8577b3712f2727181

SHA512
c4095dd3fd29ae781573c568caa48598c707839bcd0f2bb5d9a202e3217dd6cdd3fd0b4fde36c109a8e2178461218b798b4b947428414a09a6cdb9149d6dd22f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6672.exe

Filesize
468KB

MD5
b7e54df88d4f4e37f1b77627e1f9f522

SHA1
a0fab2e67b42c091310e783c711c00d3dd1f489d

SHA256
0052f7cfa1ce8865c3c53232456f9e802d10410b6749db6981ed793da0c635b7

SHA512
cac56cc672d89fa5cde99dfc41a11a2e6462a3f2b6a9558ecdac2ac2c3a8cb44fcf124ea72c0bec7ca71d47458cb8aa9df87c77a24e28429e1b3dfbeb0eb3397

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6815.exe

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6911.exe

Filesize
468KB

MD5
06435350745ff8a18f9e54d539beead1

SHA1
3e2417385fcba1afdc0b9052f38dc82a1d9b1fd5

SHA256
483700b463bdf7b85afb89299f76ecd8dfb196a8db2fc083093eb721f31a89d2

SHA512
f88c82eefe3b3afdc158baded870e44135ba491660d7936b56f0c5128e7a413b5b87e178cfb233b22f08af50309e5871f5685d5bfea4c7fe4c6fd1908cee8457

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7176.exe

Filesize
468KB

MD5
4656bbe4d8c11897417b4bd3688286d5

SHA1
a437b70a1fe1fdc3b2a7ec97237a71277f8da156

SHA256
8ff490415da8e6cb4cca8c668778e8c697a12837895ec69651b3ac5c6c6de708

SHA512
c4ad7fee1a3bd03f4b5399ae06f5145256f1100423a404cc5f66c0abb33eaec30b24b40506b83d6f013f405608cf1ad71517147d2092ba1638675e9a5af53f03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe

Filesize
468KB

MD5
b672bfee251eddb851632d4a20118d28

SHA1
61a2992b5cf190e4f44fbd0ce49ebb026dfe0d56

SHA256
aed08e21770d776580ff1db862e94f29224b90674656be8715fbf6ef56897f86

SHA512
75e3a5b59376ec532c12cc657cdcdf37dfaabcb8aa4f615461dc9e9ae7eb8b7d3845cc8a2605a318fd6b9c9adad7bb27d4559d1f976d31def58f8e1f458a6ad6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8416.exe

Filesize
468KB

MD5
5bf1d83658529c6cc1a6a86e94935e9d

SHA1
4b422873fc93b4af53178e139863c0f78a8f384a

SHA256
efab347e120a93b21049425e8f56b3344692ab620bdcb80060ba358537c3f5d0

SHA512
e61843d2ee4e5f34cd7ff43db77b06e15b957d5842d61ea3873348c454f3679b1ca5684063093f6855c459902c427b9d4dabbb722742e50319d1e026bb22c947

Download Submit
memory/452-159-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/464-276-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/532-3818-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/636-271-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/700-160-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/736-286-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/740-145-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/960-120-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/992-197-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1100-495-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1148-363-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1156-91-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1236-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1240-284-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1356-341-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1396-365-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1464-364-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1512-41-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1584-48-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1656-14-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1696-233-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1712-98-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1768-272-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1840-457-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1936-33-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2016-285-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2028-208-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2056-274-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2228-267-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2264-40-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2524-109-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2532-144-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2608-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2616-460-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2644-63-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2684-418-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2692-135-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2700-416-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2732-410-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2740-415-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2836-228-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2848-461-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2936-422-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3000-105-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3008-373-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3020-345-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3152-216-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3228-86-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3248-318-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3328-70-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3332-181-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3340-158-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3392-21-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3500-323-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3540-255-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3572-388-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3620-273-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3800-173-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3936-313-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3948-394-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4076-340-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4204-378-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4228-283-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4276-161-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4384-275-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4428-346-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4448-85-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4536-7-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4580-56-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4612-407-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4616-225-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4712-412-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4736-202-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4748-462-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4784-393-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4892-194-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4968-352-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4976-241-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5032-336-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5124-470-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5148-471-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5168-472-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5180-473-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5220-474-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5232-475-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5252-476-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5336-496-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5352-499-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5364-519-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5496-538-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5516-539-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5596-540-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5636-541-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5728-542-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5752-543-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5760-544-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5832-545-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14468-2913-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15448-2904-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16040-3230-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16344-3713-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads