0a9f1bb761c6797fb38b3f41f259f46ee15ecc92d075fa29f77d43ac615383db

Analysis

max time kernel
114s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 21:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62ed051d13c1eb99325c3ce550c28400N.exe
Size

468KB
MD5

62ed051d13c1eb99325c3ce550c28400
SHA1

6bfbc89e553eb1b2020cb8ef4d69e297abfa57de
SHA256

0a9f1bb761c6797fb38b3f41f259f46ee15ecc92d075fa29f77d43ac615383db
SHA512

45dc1f2505e0ec4a34cc95c22cc6e2448c2bc126cc168d280520a5aa3f7f609c0b0b5bb45711fee83b6f898f3228e3d8225b06a2110a4f819483b1d4a54e5585
SSDEEP

3072:5QoHogIKI05QtbYJHzcOmfr/GChzPmp9nLHeaVP8k/uLOXDg6Old:5QIoD8QtOH4OmfxmQhk/QsDg6

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3648	Unicorn-35339.exe
2232	Unicorn-7902.exe
2320	Unicorn-53574.exe
3996	Unicorn-41727.exe
4760	Unicorn-3408.exe
348	Unicorn-62815.exe
4064	Unicorn-53164.exe
752	Unicorn-29065.exe
5044	Unicorn-23589.exe
2840	Unicorn-34218.exe
4204	Unicorn-54124.exe
5036	Unicorn-53569.exe
4948	Unicorn-51523.exe
3596	Unicorn-14409.exe
2128	Unicorn-10590.exe
3672	Unicorn-64991.exe
1836	Unicorn-63408.exe
4440	Unicorn-38925.exe
3348	Unicorn-38925.exe
2280	Unicorn-42909.exe
5032	Unicorn-2531.exe
4736	Unicorn-1976.exe
3952	Unicorn-6060.exe
3064	Unicorn-28427.exe
3256	Unicorn-43371.exe
4108	Unicorn-59245.exe
4516	Unicorn-65110.exe
5092	Unicorn-56445.exe
3612	Unicorn-45510.exe
4256	Unicorn-10720.exe
1716	Unicorn-48224.exe
3292	Unicorn-29771.exe
4328	Unicorn-58451.exe
3240	Unicorn-9713.exe
4040	Unicorn-9713.exe
2028	Unicorn-50575.exe
208	Unicorn-7331.exe
1840	Unicorn-23832.exe
2156	Unicorn-44353.exe
3388	Unicorn-30517.exe
2244	Unicorn-30539.exe
1916	Unicorn-62442.exe
2792	Unicorn-9049.exe
4664	Unicorn-44929.exe
5096	Unicorn-36761.exe
5020	Unicorn-20979.exe
3764	Unicorn-63211.exe
4616	Unicorn-26354.exe
3504	Unicorn-55043.exe
4536	Unicorn-57736.exe
2948	Unicorn-16149.exe
4344	Unicorn-34623.exe
2308	Unicorn-14757.exe
4124	Unicorn-38707.exe
384	Unicorn-1850.exe
1628	Unicorn-41207.exe
3976	Unicorn-21416.exe
4076	Unicorn-30082.exe
4564	Unicorn-63595.exe
4796	Unicorn-58120.exe
4888	Unicorn-12448.exe
1040	Unicorn-12448.exe
3868	Unicorn-39091.exe
1088	Unicorn-2234.exe

Program crash 12 IoCs

pid	pid_target	Process	procid_target
4836	2296	WerFault.exe	169
8108	5848	WerFault.exe	218
9160	5392	WerFault.exe	178
7268	5400	WerFault.exe	179
1984	5196	WerFault.exe	228
11012	5848	WerFault.exe	218
10640	5196	WerFault.exe	228
8812	6328	WerFault.exe	236
12640	3868	WerFault.exe	156
14888	3868	WerFault.exe	156
14712	6016	WerFault.exe	201
14592	6016	WerFault.exe	201

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38842.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55043.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52625.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39480.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63014.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18059.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14476.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19686.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55650.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41207.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5811.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16149.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30480.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42641.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8665.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25498.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31795.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55972.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36329.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46740.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53066.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30643.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25251.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54218.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12303.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19241.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38842.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60223.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36725.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3507.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42073.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2800.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62442.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27629.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35339.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16940	dwm.exe
Token: SeChangeNotifyPrivilege	16940	dwm.exe
Token: 33	16940	dwm.exe
Token: SeIncBasePriorityPrivilege	16940	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5072	62ed051d13c1eb99325c3ce550c28400N.exe
3648	Unicorn-35339.exe
2320	Unicorn-53574.exe
2232	Unicorn-7902.exe
3996	Unicorn-41727.exe
4760	Unicorn-3408.exe
4064	Unicorn-53164.exe
348	Unicorn-62815.exe
752	Unicorn-29065.exe
5044	Unicorn-23589.exe
2840	Unicorn-34218.exe
4204	Unicorn-54124.exe
4948	Unicorn-51523.exe
3596	Unicorn-14409.exe
5036	Unicorn-53569.exe
2128	Unicorn-10590.exe
3672	Unicorn-64991.exe
1836	Unicorn-63408.exe
3348	Unicorn-38925.exe
4440	Unicorn-38925.exe
5032	Unicorn-2531.exe
4736	Unicorn-1976.exe
5092	Unicorn-56445.exe
3256	Unicorn-43371.exe
3064	Unicorn-28427.exe
3612	Unicorn-45510.exe
3952	Unicorn-6060.exe
4516	Unicorn-65110.exe
4108	Unicorn-59245.exe
4256	Unicorn-10720.exe
1716	Unicorn-48224.exe
3292	Unicorn-29771.exe
4328	Unicorn-58451.exe
3240	Unicorn-9713.exe
4040	Unicorn-9713.exe
2028	Unicorn-50575.exe
208	Unicorn-7331.exe
1840	Unicorn-23832.exe
2156	Unicorn-44353.exe
3388	Unicorn-30517.exe
2244	Unicorn-30539.exe
1916	Unicorn-62442.exe
2792	Unicorn-9049.exe
5096	Unicorn-36761.exe
5020	Unicorn-20979.exe
4664	Unicorn-44929.exe
3504	Unicorn-55043.exe
3764	Unicorn-63211.exe
4616	Unicorn-26354.exe
384	Unicorn-1850.exe
4344	Unicorn-34623.exe
4124	Unicorn-38707.exe
2308	Unicorn-14757.exe
2948	Unicorn-16149.exe
1628	Unicorn-41207.exe
4536	Unicorn-57736.exe
3976	Unicorn-21416.exe
4076	Unicorn-30082.exe
4564	Unicorn-63595.exe
4888	Unicorn-12448.exe
3868	Unicorn-39091.exe
1088	Unicorn-2234.exe
4796	Unicorn-58120.exe
632	Unicorn-8099.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 3648	5072	62ed051d13c1eb99325c3ce550c28400N.exe	89
PID 5072 wrote to memory of 3648	5072	62ed051d13c1eb99325c3ce550c28400N.exe	89
PID 5072 wrote to memory of 3648	5072	62ed051d13c1eb99325c3ce550c28400N.exe	89
PID 3648 wrote to memory of 2232	3648	Unicorn-35339.exe	92
PID 3648 wrote to memory of 2232	3648	Unicorn-35339.exe	92
PID 3648 wrote to memory of 2232	3648	Unicorn-35339.exe	92
PID 5072 wrote to memory of 2320	5072	62ed051d13c1eb99325c3ce550c28400N.exe	93
PID 5072 wrote to memory of 2320	5072	62ed051d13c1eb99325c3ce550c28400N.exe	93
PID 5072 wrote to memory of 2320	5072	62ed051d13c1eb99325c3ce550c28400N.exe	93
PID 2320 wrote to memory of 3996	2320	Unicorn-53574.exe	96
PID 2320 wrote to memory of 3996	2320	Unicorn-53574.exe	96
PID 2320 wrote to memory of 3996	2320	Unicorn-53574.exe	96
PID 2232 wrote to memory of 4760	2232	Unicorn-7902.exe	99
PID 2232 wrote to memory of 4760	2232	Unicorn-7902.exe	99
PID 2232 wrote to memory of 4760	2232	Unicorn-7902.exe	99
PID 5072 wrote to memory of 348	5072	62ed051d13c1eb99325c3ce550c28400N.exe	98
PID 5072 wrote to memory of 348	5072	62ed051d13c1eb99325c3ce550c28400N.exe	98
PID 5072 wrote to memory of 348	5072	62ed051d13c1eb99325c3ce550c28400N.exe	98
PID 3648 wrote to memory of 4064	3648	Unicorn-35339.exe	100
PID 3648 wrote to memory of 4064	3648	Unicorn-35339.exe	100
PID 3648 wrote to memory of 4064	3648	Unicorn-35339.exe	100
PID 3996 wrote to memory of 752	3996	Unicorn-41727.exe	101
PID 3996 wrote to memory of 752	3996	Unicorn-41727.exe	101
PID 3996 wrote to memory of 752	3996	Unicorn-41727.exe	101
PID 2320 wrote to memory of 5044	2320	Unicorn-53574.exe	102
PID 2320 wrote to memory of 5044	2320	Unicorn-53574.exe	102
PID 2320 wrote to memory of 5044	2320	Unicorn-53574.exe	102
PID 4760 wrote to memory of 2840	4760	Unicorn-3408.exe	103
PID 4760 wrote to memory of 2840	4760	Unicorn-3408.exe	103
PID 4760 wrote to memory of 2840	4760	Unicorn-3408.exe	103
PID 2232 wrote to memory of 4204	2232	Unicorn-7902.exe	104
PID 2232 wrote to memory of 4204	2232	Unicorn-7902.exe	104
PID 2232 wrote to memory of 4204	2232	Unicorn-7902.exe	104
PID 4064 wrote to memory of 5036	4064	Unicorn-53164.exe	105
PID 4064 wrote to memory of 5036	4064	Unicorn-53164.exe	105
PID 4064 wrote to memory of 5036	4064	Unicorn-53164.exe	105
PID 3648 wrote to memory of 4948	3648	Unicorn-35339.exe	106
PID 3648 wrote to memory of 4948	3648	Unicorn-35339.exe	106
PID 3648 wrote to memory of 4948	3648	Unicorn-35339.exe	106
PID 5072 wrote to memory of 3596	5072	62ed051d13c1eb99325c3ce550c28400N.exe	108
PID 5072 wrote to memory of 3596	5072	62ed051d13c1eb99325c3ce550c28400N.exe	108
PID 5072 wrote to memory of 3596	5072	62ed051d13c1eb99325c3ce550c28400N.exe	108
PID 348 wrote to memory of 2128	348	Unicorn-62815.exe	107
PID 348 wrote to memory of 2128	348	Unicorn-62815.exe	107
PID 348 wrote to memory of 2128	348	Unicorn-62815.exe	107
PID 752 wrote to memory of 3672	752	Unicorn-29065.exe	109
PID 752 wrote to memory of 3672	752	Unicorn-29065.exe	109
PID 752 wrote to memory of 3672	752	Unicorn-29065.exe	109
PID 3996 wrote to memory of 1836	3996	Unicorn-41727.exe	110
PID 3996 wrote to memory of 1836	3996	Unicorn-41727.exe	110
PID 3996 wrote to memory of 1836	3996	Unicorn-41727.exe	110
PID 5044 wrote to memory of 3348	5044	Unicorn-23589.exe	111
PID 2840 wrote to memory of 4440	2840	Unicorn-34218.exe	112
PID 5044 wrote to memory of 3348	5044	Unicorn-23589.exe	111
PID 5044 wrote to memory of 3348	5044	Unicorn-23589.exe	111
PID 2840 wrote to memory of 4440	2840	Unicorn-34218.exe	112
PID 2840 wrote to memory of 4440	2840	Unicorn-34218.exe	112
PID 2320 wrote to memory of 2280	2320	Unicorn-53574.exe	113
PID 2320 wrote to memory of 2280	2320	Unicorn-53574.exe	113
PID 2320 wrote to memory of 2280	2320	Unicorn-53574.exe	113
PID 4760 wrote to memory of 5032	4760	Unicorn-3408.exe	114
PID 4760 wrote to memory of 5032	4760	Unicorn-3408.exe	114
PID 4760 wrote to memory of 5032	4760	Unicorn-3408.exe	114
PID 2128 wrote to memory of 4736	2128	Unicorn-10590.exe	115

C:\Users\Admin\AppData\Local\Temp\62ed051d13c1eb99325c3ce550c28400N.exe
"C:\Users\Admin\AppData\Local\Temp\62ed051d13c1eb99325c3ce550c28400N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35339.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35339.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7902.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7902.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3408.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34218.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38925.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55043.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48364.exe
        8⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8608.exe
        9⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
        9⤵
        
        PID:12840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4955.exe
        9⤵
        
        PID:17084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
        9⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44881.exe
        8⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13107.exe
        8⤵
        
        PID:12304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
        8⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
        7⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19647.exe
        8⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        8⤵
        
        PID:12860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15078.exe
        8⤵
        
        PID:17004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51969.exe
        8⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19381.exe
        7⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22698.exe
        7⤵
        
        PID:13204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13641.exe
        7⤵
        
        PID:16036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14757.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22153.exe
        7⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49117.exe
        8⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37405.exe
        9⤵
        
        PID:12512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11180.exe
        9⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exe
        8⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14005.exe
        8⤵
        
        PID:12588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        8⤵
        
        PID:17140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20594.exe
        7⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
        7⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4354.exe
        7⤵
        
        PID:12920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19914.exe
        6⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17021.exe
        7⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18059.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16361.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-741.exe
        7⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        7⤵
        
        PID:13616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30859.exe
        7⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39626.exe
        7⤵
        
        PID:14856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16528.exe
        6⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24383.exe
        6⤵
        
        PID:14080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53564.exe
        6⤵
        
        PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2531.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50575.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16917.exe
        7⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51701.exe
        8⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23601.exe
        9⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
        9⤵
        
        PID:11756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36895.exe
        9⤵
        
        PID:14724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51969.exe
        9⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50305.exe
        8⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
        8⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
        8⤵
        
        PID:15096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
        7⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22693.exe
        8⤵
        
        PID:12768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39360.exe
        8⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
        7⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        7⤵
        
        PID:13064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
        7⤵
        
        PID:16904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        7⤵
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19609.exe
        6⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25059.exe
        7⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9210.exe
        8⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        8⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        8⤵
        
        PID:15224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32899.exe
        7⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64213.exe
        8⤵
        
        PID:16268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58006.exe
        7⤵
        
        PID:12968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30176.exe
        7⤵
        
        PID:16144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19120.exe
        6⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6216.exe
        7⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39827.exe
        7⤵
        
        PID:13804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe
        7⤵
        
        PID:6712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37617.exe
        6⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60057.exe
        6⤵
        
        PID:12128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9775.exe
        6⤵
        
        PID:15604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23832.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33061.exe
        6⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47425.exe
        7⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27301.exe
        8⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31053.exe
        9⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
        9⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17513.exe
        8⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        8⤵
        
        PID:17172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28714.exe
        8⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18016.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31951.exe
        8⤵
        
        PID:14768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62857.exe
        7⤵
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34976.exe
        7⤵
        
        PID:15588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
        6⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62625.exe
        7⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12303.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15078.exe
        7⤵
        
        PID:16840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57423.exe
        7⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48327.exe
        6⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17705.exe
        6⤵
        
        PID:12764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        6⤵
        
        PID:16732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47186.exe
        5⤵
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44410.exe
        6⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19325.exe
        7⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
        8⤵
        
        PID:16072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1104.exe
        6⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44395.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24263.exe
        6⤵
        
        PID:12036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56081.exe
        6⤵
        
        PID:15372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57310.exe
        6⤵
        
        PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60223.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39797.exe
        6⤵
        
        PID:13284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        6⤵
        
        PID:16128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47465.exe
        5⤵
        
        PID:9168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24105.exe
        5⤵
        
        PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9176.exe
        5⤵
        
        PID:16316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54124.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6060.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38707.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56579.exe
        7⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
        8⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2002.exe
        9⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8089.exe
        9⤵
        
        PID:12256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61975.exe
        9⤵
        
        PID:15484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51777.exe
        9⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22339.exe
        8⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63014.exe
        8⤵
        
        PID:13372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31100.exe
        8⤵
        
        PID:17372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28138.exe
        8⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33719.exe
        7⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21323.exe
        8⤵
        
        PID:12908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19546.exe
        7⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31904.exe
        7⤵
        
        PID:12676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        7⤵
        
        PID:16988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20761.exe
        6⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53777.exe
        7⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64815.exe
        8⤵
        
        PID:14672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-741.exe
        7⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        7⤵
        
        PID:13396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53418.exe
        7⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44715.exe
        6⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19533.exe
        7⤵
        
        PID:12752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38922.exe
        7⤵
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
        6⤵
        
        PID:10924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4354.exe
        6⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41207.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3294.exe
        6⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14306.exe
        7⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36725.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe
        8⤵
        
        PID:15532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
        7⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26038.exe
        7⤵
        
        PID:12984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
        7⤵
        
        PID:16796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44674.exe
        7⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61130.exe
        6⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46725.exe
        7⤵
        
        PID:15356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
        6⤵
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        6⤵
        
        PID:17196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3578.exe
        5⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        6⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37405.exe
        7⤵
        
        PID:12704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33738.exe
        7⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        6⤵
        
        PID:9704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39480.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        5⤵
        
        PID:11732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62868.exe
        5⤵
        
        PID:14948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59245.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34623.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        6⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32781.exe
        7⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63450.exe
        8⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29816.exe
        8⤵
        
        PID:17268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34865.exe
        8⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
        7⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26038.exe
        7⤵
        
        PID:13248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
        7⤵
        
        PID:16944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30859.exe
        7⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14067.exe
        6⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17793.exe
        6⤵
        
        PID:10232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27296.exe
        6⤵
        
        PID:14128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26576.exe
        6⤵
        
        PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33781.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27301.exe
        6⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13450.exe
        7⤵
        
        PID:8456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
        6⤵
        
        PID:11636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
        6⤵
        
        PID:15184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        5⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56538.exe
        6⤵
        
        PID:15112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41504.exe
        5⤵
        
        PID:11876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58599.exe
        5⤵
        
        PID:15424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30082.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        5⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-793.exe
        6⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18059.exe
        7⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe
        7⤵
        
        PID:15524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21242.exe
        7⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-741.exe
        6⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        6⤵
        
        PID:13404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30859.exe
        6⤵
        
        PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47617.exe
        5⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26881.exe
        6⤵
        
        PID:14908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8830.exe
        5⤵
        
        PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18857.exe
        5⤵
        
        PID:14104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34367.exe
        5⤵
        
        PID:5464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51816.exe
      4⤵
      PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        5⤵
        
        PID:676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        6⤵
        
        PID:11204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26947.exe
        5⤵
        
        PID:11392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33770.exe
        5⤵
        
        PID:15812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43609.exe
        5⤵
        
        PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12416.exe
      4⤵
      PID:8912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57690.exe
        5⤵
        
        PID:15040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60587.exe
      4⤵
      PID:12168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
      4⤵
      PID:15640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53164.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53164.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53569.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51151.exe
        6⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27690.exe
        7⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53777.exe
        8⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40896.exe
        8⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        8⤵
        
        PID:13328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32997.exe
        8⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39147.exe
        7⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        7⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14773.exe
        7⤵
        
        PID:14116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53034.exe
        7⤵
        
        PID:776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36111.exe
        6⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60570.exe
        7⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32727.exe
        7⤵
        
        PID:14224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62083.exe
        7⤵
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44881.exe
        6⤵
        
        PID:8232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13107.exe
        6⤵
        
        PID:11320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24172.exe
        6⤵
        
        PID:15752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
        5⤵
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63377.exe
        6⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53777.exe
        7⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57057.exe
        8⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6712.exe
        8⤵
        
        PID:16872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-741.exe
        7⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51472.exe
        7⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4337.exe
        6⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15999.exe
        7⤵
        
        PID:14728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        6⤵
        
        PID:10784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63782.exe
        6⤵
        
        PID:14160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22691.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39995.exe
        5⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53445.exe
        6⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51556.exe
        6⤵
        
        PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10325.exe
        5⤵
        
        PID:9560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23768.exe
        5⤵
        
        PID:13004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
        5⤵
        
        PID:16760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45510.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63211.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
        6⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53777.exe
        7⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42641.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8140.exe
        7⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4955.exe
        7⤵
        
        PID:17104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44674.exe
        7⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48385.exe
        6⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47083.exe
        7⤵
        
        PID:15288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9598.exe
        6⤵
        
        PID:11084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35962.exe
        6⤵
        
        PID:14268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45250.exe
        6⤵
        
        PID:17000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5385.exe
        5⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53450.exe
        6⤵
        
        PID:8328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
        6⤵
        
        PID:11764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36895.exe
        6⤵
        
        PID:14404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43609.exe
        6⤵
        
        PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36713.exe
        5⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44753.exe
        6⤵
        
        PID:15396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37804.exe
        5⤵
        
        PID:9636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26310.exe
        5⤵
        
        PID:15648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1850.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37865.exe
        5⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27301.exe
        6⤵
        
        PID:8316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
        6⤵
        
        PID:11780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36895.exe
        6⤵
        
        PID:14788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36329.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26362.exe
        6⤵
        
        PID:16532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
        5⤵
        
        PID:11984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58599.exe
        5⤵
        
        PID:15068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32798.exe
        5⤵
        
        PID:10128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48530.exe
      4⤵
      PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4768.exe
        5⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34997.exe
        6⤵
        
        PID:9404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41467.exe
        6⤵
        
        PID:12636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29816.exe
        6⤵
        
        PID:17204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30781.exe
        6⤵
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37689.exe
        5⤵
        
        PID:9492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        5⤵
        
        PID:13456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41166.exe
        5⤵
        
        PID:7460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62527.exe
      4⤵
      PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
        5⤵
        
        PID:14652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65530.exe
      4⤵
      PID:10824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53509.exe
      4⤵
      PID:12948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52645.exe
      4⤵
      PID:2336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51523.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51523.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe
        5⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        6⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
        7⤵
        
        PID:15232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        7⤵
        
        PID:17088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5375.exe
        6⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59034.exe
        7⤵
        
        PID:16712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        6⤵
        
        PID:13144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30553.exe
        6⤵
        
        PID:16772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53372.exe
        6⤵
        
        PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60200.exe
        5⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37405.exe
        6⤵
        
        PID:12692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7288.exe
        6⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25412.exe
        5⤵
        
        PID:9432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        5⤵
        
        PID:12964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45291.exe
        5⤵
        
        PID:17092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
      4⤵
      PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8338.exe
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6714.exe
        6⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37689.exe
        6⤵
        
        PID:9396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55203.exe
        6⤵
        
        PID:12608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35682.exe
        6⤵
        
        PID:17128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9863.exe
        6⤵
        
        PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        5⤵
        
        PID:8080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9598.exe
        5⤵
        
        PID:11092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1151.exe
        5⤵
        
        PID:13316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55712.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9210.exe
        5⤵
        
        PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        5⤵
        
        PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        5⤵
        
        PID:15260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28951.exe
      4⤵
      PID:8952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43521.exe
      4⤵
      PID:12156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26841.exe
      4⤵
      PID:15620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16149.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        5⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18090.exe
        6⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        6⤵
        
        PID:10208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        6⤵
        
        PID:13420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12577.exe
        6⤵
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30979.exe
        5⤵
        
        PID:8124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5884.exe
        6⤵
        
        PID:15028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38187.exe
        5⤵
        
        PID:10904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13019.exe
        5⤵
        
        PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12577.exe
        5⤵
        
        PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62562.exe
      4⤵
      PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2760.exe
        6⤵
        
        PID:16192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
        5⤵
        
        PID:11896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
        5⤵
        
        PID:15388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30407.exe
      4⤵
      PID:8200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29745.exe
      4⤵
      PID:11528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47608.exe
      4⤵
      PID:15272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21416.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21416.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33829.exe
      4⤵
      PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14306.exe
        5⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65370.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
        6⤵
        
        PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
        5⤵
        
        PID:9808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26038.exe
        5⤵
        
        PID:13188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
        5⤵
        
        PID:16936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12577.exe
        5⤵
        
        PID:6396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39069.exe
      4⤵
      PID:6608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17971.exe
        5⤵
        
        PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1343.exe
        5⤵
        
        PID:16872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27629.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4354.exe
      4⤵
      PID:12572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23051.exe
      4⤵
      PID:7352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63445.exe
        5⤵
        
        PID:15408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        5⤵
        
        PID:7624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55972.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
      4⤵
      PID:13332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
      4⤵
      PID:6708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15802.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15802.exe
    3⤵
    PID:7976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57913.exe
      4⤵
      PID:11332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36672.exe
      4⤵
      PID:8248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56218.exe
      4⤵
      PID:1268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61064.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61064.exe
    3⤵
    PID:10764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
    3⤵
    PID:14248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12424.exe
    3⤵
    PID:1436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41727.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41727.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29065.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64991.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10720.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63595.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
        8⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
        9⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15038.exe
        10⤵
        
        PID:14132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26038.exe
        9⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55754.exe
        9⤵
        
        PID:16916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63724.exe
        9⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46740.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22413.exe
        9⤵
        
        PID:14968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe
        8⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28858.exe
        8⤵
        
        PID:14092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36882.exe
        8⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40880.exe
        7⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50845.exe
        8⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61976.exe
        8⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30480.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
        7⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        8⤵
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13762.exe
        7⤵
        
        PID:12820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36199.exe
        7⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58120.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9708.exe
        7⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exe
        8⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56154.exe
        9⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17077.exe
        8⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41608.exe
        8⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12577.exe
        8⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29033.exe
        7⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17971.exe
        8⤵
        
        PID:11720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1343.exe
        8⤵
        
        PID:16884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60110.exe
        8⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        7⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12443.exe
        7⤵
        
        PID:12844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40206.exe
        7⤵
        
        PID:16168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44576.exe
        6⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
        7⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5951.exe
        7⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26972.exe
        7⤵
        
        PID:15728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26860.exe
        6⤵
        
        PID:9572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        6⤵
        
        PID:13072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47178.exe
        6⤵
        
        PID:14628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48224.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12448.exe
        6⤵
        Executes dropped EXE
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62225.exe
        7⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59641.exe
        8⤵
        
        PID:12892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        8⤵
        
        PID:14412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1264.exe
        7⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2583.exe
        7⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30176.exe
        7⤵
        
        PID:15740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64700.exe
        6⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41027.exe
        7⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32727.exe
        7⤵
        
        PID:14280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exe
        6⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64213.exe
        7⤵
        
        PID:16228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25552.exe
        6⤵
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24172.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2234.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        6⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30643.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35713.exe
        8⤵
        
        PID:12956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        8⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57455.exe
        7⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3507.exe
        7⤵
        
        PID:13464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18656.exe
        7⤵
        
        PID:15880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11929.exe
        6⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26305.exe
        7⤵
        
        PID:15320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2800.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3507.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8294.exe
        6⤵
        
        PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16625.exe
        5⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58437.exe
        6⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53850.exe
        7⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        7⤵
        
        PID:14708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
        6⤵
        
        PID:10444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53641.exe
        6⤵
        
        PID:13796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26313.exe
        6⤵
        
        PID:17372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15272.exe
        5⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
        5⤵
        
        PID:10436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41490.exe
        5⤵
        
        PID:15052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29771.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39091.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26045.exe
        7⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57451.exe
        8⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16217.exe
        9⤵
        
        PID:13508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33354.exe
        9⤵
        
        PID:17092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61976.exe
        8⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 708
        8⤵
        Program crash
        
        PID:14712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 708
        8⤵
        Program crash
        
        PID:14592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19879.exe
        7⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 748
        7⤵
        Program crash
        
        PID:12640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 724
        7⤵
        Program crash
        
        PID:14888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56148.exe
        6⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 636
        7⤵
        Program crash
        
        PID:1984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 636
        7⤵
        Program crash
        
        PID:10640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8124.exe
        6⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52194.exe
        6⤵
        
        PID:12224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59175.exe
        6⤵
        
        PID:15468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10865.exe
        5⤵
        
        PID:872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44410.exe
        6⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 716
        7⤵
        Program crash
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 716
        7⤵
        Program crash
        
        PID:11012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62858.exe
        6⤵
        
        PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9738.exe
        5⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21930.exe
        6⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61265.exe
        6⤵
        
        PID:12900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32976.exe
        6⤵
        
        PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7129.exe
        5⤵
        
        PID:8724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58451.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12448.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48364.exe
        6⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36813.exe
        7⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8089.exe
        7⤵
        
        PID:12264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8608.exe
        7⤵
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61409.exe
        6⤵
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45972.exe
        6⤵
        
        PID:11272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26310.exe
        6⤵
        
        PID:15656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21337.exe
        5⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27301.exe
        6⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
        7⤵
        
        PID:14468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        7⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
        6⤵
        
        PID:11772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36895.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18528.exe
        6⤵
        
        PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31751.exe
        5⤵
        
        PID:8900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        6⤵
        
        PID:14756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
        5⤵
        
        PID:12140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8789.exe
        5⤵
        
        PID:216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8099.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42957.exe
        5⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45775.exe
        6⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15297.exe
        6⤵
        
        PID:11544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
        6⤵
        
        PID:14832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32899.exe
        5⤵
        
        PID:8508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
        5⤵
        
        PID:11888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
        5⤵
        
        PID:15416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10098.exe
      4⤵
      PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44021.exe
        5⤵
        
        PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        5⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        5⤵
        
        PID:15204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42073.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58593.exe
        5⤵
        
        PID:14816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29669.exe
      4⤵
      PID:10832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64526.exe
      4⤵
      PID:4592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23589.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23589.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38925.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9049.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45889.exe
        6⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe
        7⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-186.exe
        8⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59942.exe
        8⤵
        
        PID:13356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33900.exe
        8⤵
        
        PID:17364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41663.exe
        8⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        7⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25498.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
        7⤵
        
        PID:16424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17383.exe
        6⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34115.exe
        7⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1883.exe
        7⤵
        
        PID:17048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24915.exe
        7⤵
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17408.exe
        6⤵
        
        PID:9628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31904.exe
        6⤵
        
        PID:13256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        6⤵
        
        PID:16808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15717.exe
        5⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9454.exe
        6⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
        7⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5287.exe
        7⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63014.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31100.exe
        6⤵
        
        PID:17380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32798.exe
        6⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4476.exe
        5⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18059.exe
        6⤵
        
        PID:10612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe
        6⤵
        
        PID:15540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36486.exe
        5⤵
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50457.exe
        5⤵
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45291.exe
        5⤵
        
        PID:17076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56086.exe
        5⤵
        
        PID:6548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57736.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48364.exe
        5⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44981.exe
        6⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21414.exe
        6⤵
        
        PID:12152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
        6⤵
        
        PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30682.exe
        5⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31622.exe
        6⤵
        
        PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45972.exe
        5⤵
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26310.exe
        5⤵
        
        PID:15612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54616.exe
      4⤵
      PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39121.exe
        5⤵
        
        PID:8424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
        5⤵
        
        PID:11868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
        5⤵
        
        PID:15432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51732.exe
      4⤵
      PID:7408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
      4⤵
      PID:11476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
      4⤵
      PID:15168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31861.exe
      4⤵
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10798.exe
        6⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62682.exe
        7⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16745.exe
        7⤵
        
        PID:14184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43719.exe
        6⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        6⤵
        
        PID:13504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
        6⤵
        
        PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4337.exe
        5⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7036.exe
        6⤵
        
        PID:15916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        5⤵
        
        PID:10808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25464.exe
        5⤵
        
        PID:13448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24829.exe
        5⤵
        
        PID:6492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5462.exe
      4⤵
      PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43741.exe
        5⤵
        
        PID:10272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32727.exe
        5⤵
        
        PID:14088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9040.exe
      4⤵
      PID:12880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
      4⤵
      PID:16744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7331.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7331.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
      4⤵
      PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        5⤵
        
        PID:5924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24997.exe
        6⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41027.exe
        7⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32727.exe
        7⤵
        
        PID:14232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16966.exe
        7⤵
        
        PID:8028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21353.exe
        6⤵
        
        PID:9076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        6⤵
        
        PID:13460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44674.exe
        6⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15712.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6626.exe
        6⤵
        
        PID:16324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        5⤵
        
        PID:10748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25464.exe
        5⤵
        
        PID:6328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
      4⤵
      PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63450.exe
        5⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29816.exe
        5⤵
        
        PID:17152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34865.exe
        5⤵
        
        PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
      4⤵
      PID:9328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64213.exe
        5⤵
        
        PID:16220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52516.exe
      4⤵
      PID:12924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
      4⤵
      PID:16952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24130.exe
    3⤵
    PID:2296
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 632
      4⤵
      Program crash
      PID:4836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28119.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28119.exe
    3⤵
    PID:6808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39657.exe
      4⤵
      PID:7968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32727.exe
      4⤵
      PID:12688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39525.exe
      4⤵
      PID:7276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17276.exe
    3⤵
    PID:9440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2238.exe
    3⤵
    PID:12848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51479.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51479.exe
    3⤵
    PID:16896
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62815.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62815.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10590.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10590.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44353.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4472.exe
        6⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60746.exe
        7⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41285.exe
        8⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34473.exe
        9⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9598.exe
        8⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1151.exe
        8⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54035.exe
        7⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43066.exe
        7⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47608.exe
        7⤵
        
        PID:15004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33448.exe
        6⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37405.exe
        7⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36068.exe
        7⤵
        
        PID:11204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8281.exe
        6⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64789.exe
        7⤵
        
        PID:15988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
        7⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5340.exe
        6⤵
        
        PID:11704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10481.exe
        6⤵
        
        PID:17232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46636.exe
        5⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16891.exe
        6⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46761.exe
        7⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
        8⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43793.exe
        8⤵
        
        PID:17288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2933.exe
        8⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25712.exe
        7⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23106.exe
        7⤵
        
        PID:14260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20858.exe
        7⤵
        
        PID:15756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28047.exe
        6⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62677.exe
        7⤵
        
        PID:14836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30788.exe
        6⤵
        
        PID:12828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22008.exe
        6⤵
        
        PID:212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        5⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23601.exe
        6⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
        6⤵
        
        PID:11788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36895.exe
        6⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31357.exe
        6⤵
        
        PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50746.exe
        5⤵
        
        PID:8488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36611.exe
        6⤵
        
        PID:14500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4442.exe
        5⤵
        
        PID:11556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7637.exe
        5⤵
        
        PID:15760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30517.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54249.exe
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
        6⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23601.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31925.exe
        8⤵
        
        PID:16256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24922.exe
        7⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38842.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4887.exe
        6⤵
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25799.exe
        6⤵
        
        PID:12936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38842.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62801.exe
        5⤵
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-186.exe
        6⤵
        
        PID:9296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15322.exe
        6⤵
        
        PID:12668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14119.exe
        5⤵
        
        PID:9468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52403.exe
        5⤵
        
        PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10481.exe
        5⤵
        
        PID:17308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9224.exe
      4⤵
      PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16891.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
        6⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        7⤵
        
        PID:14176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50075.exe
        7⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41747.exe
        6⤵
        
        PID:9692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        6⤵
        
        PID:15160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42437.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23879.exe
        5⤵
        
        PID:11504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56273.exe
        5⤵
        
        PID:15044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49334.exe
        5⤵
        
        PID:7788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24986.exe
      4⤵
      PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44234.exe
        5⤵
        
        PID:9592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32727.exe
        5⤵
        
        PID:14332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
      4⤵
      PID:7264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20771.exe
      4⤵
      PID:4416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26841.exe
      4⤵
      PID:15628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43371.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        5⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25251.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53450.exe
        7⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 548
        7⤵
        Program crash
        
        PID:8812
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 696
        6⤵
        Program crash
        
        PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49288.exe
        5⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18469.exe
        6⤵
        
        PID:9532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32727.exe
        6⤵
        
        PID:14296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1264.exe
        5⤵
        
        PID:8792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
        5⤵
        
        PID:13236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22008.exe
        5⤵
        
        PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56257.exe
      4⤵
      PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22283.exe
        5⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40377.exe
        6⤵
        
        PID:11952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61399.exe
        6⤵
        
        PID:15332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45282.exe
        5⤵
        
        PID:9660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26038.exe
        5⤵
        
        PID:13272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
        5⤵
        
        PID:16860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24829.exe
        5⤵
        
        PID:6156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
      4⤵
      PID:7532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17753.exe
        5⤵
        
        PID:14640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5340.exe
      4⤵
      PID:12800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10481.exe
      4⤵
      PID:17164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26354.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26354.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65131.exe
      4⤵
      PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26559.exe
        5⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45573.exe
        6⤵
        
        PID:14200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1642.exe
        6⤵
        
        PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
        5⤵
        
        PID:9816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21811.exe
        6⤵
        
        PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26038.exe
        5⤵
        
        PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
        5⤵
        
        PID:16852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9863.exe
        5⤵
        
        PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7845.exe
      4⤵
      PID:7468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe
      4⤵
      PID:8708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28858.exe
      4⤵
      PID:14168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9827.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9827.exe
    3⤵
    PID:5584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31795.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-741.exe
      4⤵
      PID:10168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54359.exe
    3⤵
    PID:7920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26113.exe
      4⤵
      PID:14396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32176.exe
      4⤵
      PID:2148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
    3⤵
    PID:2380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41490.exe
    3⤵
    PID:15192
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28427.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28427.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44929.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47835.exe
        5⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44794.exe
        6⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1234.exe
        7⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24922.exe
        7⤵
        
        PID:12716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38842.exe
        7⤵
        
        PID:15496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12863.exe
        6⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60513.exe
        7⤵
        
        PID:16296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27280.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22008.exe
        6⤵
        
        PID:16212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29936.exe
        5⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35853.exe
        6⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35909.exe
        6⤵
        
        PID:11424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
        6⤵
        
        PID:14748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44881.exe
        5⤵
        
        PID:8208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
        5⤵
        
        PID:12108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13641.exe
        5⤵
        
        PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53242.exe
      4⤵
      PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
        5⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9210.exe
        6⤵
        
        PID:8052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        6⤵
        
        PID:9860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        5⤵
        
        PID:8196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19686.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32838.exe
        5⤵
        
        PID:15744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
      4⤵
      PID:7644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62682.exe
        5⤵
        
        PID:10532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38239.exe
        5⤵
        
        PID:16248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31357.exe
        5⤵
        
        PID:5676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44925.exe
      4⤵
      PID:10452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61140.exe
      4⤵
      PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51426.exe
      4⤵
      PID:5336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20979.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20979.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7378.exe
      4⤵
      PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36097.exe
        5⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44021.exe
        6⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        6⤵
        
        PID:9612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30480.exe
        6⤵
        
        PID:15176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        5⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36803.exe
        6⤵
        
        PID:15672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62903.exe
        6⤵
        
        PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7242.exe
        5⤵
        
        PID:11536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32838.exe
        5⤵
        
        PID:15792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56278.exe
      4⤵
      PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
        5⤵
        
        PID:7652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52625.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19546.exe
      4⤵
      PID:9780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31904.exe
      4⤵
      PID:13280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
      4⤵
      PID:16724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19914.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19914.exe
    3⤵
    PID:6008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16035.exe
      4⤵
      PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
        5⤵
        
        PID:15348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
      4⤵
      PID:10016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
      4⤵
      PID:15012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16921.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16921.exe
    3⤵
    PID:7432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
    3⤵
    PID:11516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
    3⤵
    PID:15172
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
      4⤵
      PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21707.exe
        5⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40617.exe
        6⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe
        6⤵
        
        PID:15508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57999.exe
        6⤵
        
        PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        5⤵
        
        PID:8796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25498.exe
        5⤵
        
        PID:12208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41556.exe
        5⤵
        
        PID:912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2993.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5806.exe
        5⤵
        
        PID:10164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe
        5⤵
        
        PID:15516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57999.exe
        5⤵
        
        PID:7240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25576.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31904.exe
      4⤵
      PID:13292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
      4⤵
      PID:16824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28161.exe
    3⤵
    PID:5292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7077.exe
      4⤵
      PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37405.exe
        5⤵
        
        PID:12836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33738.exe
        5⤵
        
        PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20122.exe
      4⤵
      PID:9676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31904.exe
      4⤵
      PID:13196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
      4⤵
      PID:16968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28138.exe
      4⤵
      PID:5704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47455.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47455.exe
    3⤵
    PID:6900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8930.exe
      4⤵
      PID:10252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59942.exe
      4⤵
      PID:13348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33900.exe
      4⤵
      PID:17356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5454.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5454.exe
    3⤵
    PID:9460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35867.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35867.exe
    3⤵
    PID:3784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27547.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27547.exe
    3⤵
    PID:17244
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62442.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62442.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
    3⤵
    PID:5392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21167.exe
      4⤵
      PID:6272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34997.exe
        5⤵
        
        PID:2040
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 664
      4⤵
      Program crash
      PID:9160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18945.exe
    3⤵
    PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5806.exe
      4⤵
      PID:10332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe
      4⤵
      PID:15548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14119.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14119.exe
    3⤵
    PID:9428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52403.exe
    3⤵
    PID:1016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10481.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10481.exe
    3⤵
    PID:17220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27306.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27306.exe
    3⤵
    PID:8472
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42149.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42149.exe
  2⤵
  PID:5504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56517.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56517.exe
    3⤵
    PID:6564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47503.exe
      4⤵
      PID:8752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35651.exe
        5⤵
        
        PID:14244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43860.exe
      4⤵
      PID:12884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32976.exe
      4⤵
      PID:4320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22339.exe
    3⤵
    PID:8772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26375.exe
    3⤵
    PID:13224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
    3⤵
    PID:16440
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27738.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27738.exe
  2⤵
  PID:6856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27545.exe
    3⤵
    PID:13172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
    3⤵
    PID:1212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55947.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55947.exe
  2⤵
  PID:9448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1103.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1103.exe
  2⤵
  PID:13092
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27944.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27944.exe
  2⤵
  PID:16980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 2296 -ip 2296
1⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5848 -ip 5848
1⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5400 -ip 5400
1⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5392 -ip 5392
1⤵
PID:8212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5196 -ip 5196
1⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5848 -ip 5848
1⤵
PID:9612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5196 -ip 5196
1⤵
PID:11232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6328 -ip 6328
1⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 872 -ip 872
1⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 3868 -ip 3868
1⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5852 -ip 5852
1⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 872 -ip 872
1⤵
PID:12672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5852 -ip 5852
1⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6272 -ip 6272
1⤵
PID:13300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 1836 -ip 1836
1⤵
PID:13308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 1836 -ip 1836
1⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 3868 -ip 3868
1⤵
PID:14544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 6016 -ip 6016
1⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 6016 -ip 6016
1⤵
PID:16156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 11204 -ip 11204
1⤵
PID:1812

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10590.exe

Filesize
468KB

MD5
9b114cfe3cf490e66bff290ff33e847b

SHA1
73515dbd669ca3734b7587d7b251486959159f8e

SHA256
9da302ce341b971e2eea134cce714d8cad37b9c3af3abf20e1269f885d5aa6ee

SHA512
546dfd644ed88ef894b9a2d86fa10eadf5dbf0a1da66fb84eec08b78e0b2ac43b03ecca66096ad40d36a434da20a5d6c1e2bb473be721c34c41ca4555f97aa34

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10720.exe

Filesize
468KB

MD5
19e3e52f4c7f4d7da49671b4a480f3d7

SHA1
1140c2f7c3c62c489e78549d5d8d290f40e020ae

SHA256
c0afdcc58fe9cc1ad1bd32a24f8a646f5c474156a60fe63acf010ed3cf8ad308

SHA512
0e9c427d4d9ef01cdc180072e9f1b07dcd0c34995c84cba466ef977c1688d93885cde33ce2a3bb8ab6965efbd2432fd26c067e36278cffdbf699855250f932ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe

Filesize
468KB

MD5
492d4b0df6849bdb2fa6a794264cf385

SHA1
2289e8ab0e7770a9632dfa6d0161133ea0e4de54

SHA256
35744786a110e25d2343cbb19ad882b2bb50e741b623a9073e00b7a1c78efdb0

SHA512
ec51fab2c42b9cd7ae353c2443c481d77610fd6fe446f39a611561874f7d48055a64add8567222ba059cae93a5c5a2cdfbebd744aa8ae0925c55ffeb7903a27c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe

Filesize
468KB

MD5
0c0edc5350507b12359e4ecd6c07df69

SHA1
1a89e266ce1e8da96e77208930c728325e7d373e

SHA256
a0d37209279d2bea0407e826ef903b019ebc7740d39aa052a17670103f1f33d1

SHA512
cae513b7ee43bae98715497f5732ef4da7c233e30b95b1138a354173b4b1c2b54e215b82f90581f830b7d0e809c13c5e3027c4cdb4754e156804d07f15da5eac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21242.exe

Filesize
468KB

MD5
1f6c9db933b3c2701c4e758fb9e782b3

SHA1
c86adc0a3b4b2cce850cf66e56d0c8e82691f108

SHA256
2834545fe3a9d8a2759ee86f48bb7206de085ea61212530dc2dde75c3a42c106

SHA512
16c70b59cb80744f1193499c6b6f01c92a82f4adb9e1c694a712fea09430b269b115a30cb1ee6179588d3770514492adfe9151226c5fe2c6eaaf262c88e06dd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23589.exe

Filesize
468KB

MD5
d03b178add85d14c2003ff8976c277da

SHA1
082c44f981ded1178699767cb6d01b7e034626ba

SHA256
1bd7c6e71e8eac92bdfd174cb159b1ed9a893af6c4438041b4ac77e6ce73eec0

SHA512
b70d016c6aefb8b0ae9687a1dafc52bf135d892b89fe562aad7e9f0d5d5eef1f594b793cdb8d69c754909c709343d2d70e2928a846022a41af89eeaf78436e1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2531.exe

Filesize
468KB

MD5
524b417d6d64e2e0077986a80fd54a67

SHA1
60acd813eee8a85052bf578bdd2efb74e452f04a

SHA256
82eec611d6a6848a14c6e0c615a89a3f398499bd0cd56e231388f3471daa03be

SHA512
155398c4d0bcd9771bde217b26c7f79135b5f169b0fbe96c2077a66524abbbeb52ef1c6eb4a054df2145f78e163eba8913126f06b56c7873faff0b8e8e6b26eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28427.exe

Filesize
468KB

MD5
11b7c4704312a8d88283b18e362528cf

SHA1
aabfec21deaa75e95009c843dca1eb0b2a144e5a

SHA256
37b5c368767b5b5a786e706eb32100783470d7223f8708fdf3e0df6164ca4bb1

SHA512
8483fdefbc54f495b08aa3cb2b26dbbbd583fb502b64b8137fe17fb47496b10f1a71cdd9685fba31a27e5182ff5adf38fe1eca762c2327b9c1e039829175b90f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29065.exe

Filesize
468KB

MD5
2c1d21cd7626ea6f21dd27d278e0f0bf

SHA1
8b69f3a32406ec092f003d5bb8c53cb854f83e53

SHA256
bbc4c52790fce60103cefb85babe9373d861bc35b39d567c77c3e0b499fb97e0

SHA512
adfe610c35125d1ce93e98e3d4cfae3547f01fdcc0ecacd4f93028441839cfb3d95b3d9967f3d27e73aa107a442e31ebc36a54ab946e50c8f86e793781a33c0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29771.exe

Filesize
468KB

MD5
e51a50f76909a18961662cfcd6d25478

SHA1
b6e71c4d753491126d639731416709dec5bff69d

SHA256
c9353e9fe9cad9faf7910214e26d8d9e5b3323d81f19fb5210bf3afb5d04c193

SHA512
bc731428192f82ed48ea554ea1742423168fd9ffdbeef04699dcfc814dc8b3ef3b589d6377470eab9431e82cf9aede691c4296735a7e1e0ce2b8fa82706087c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3408.exe

Filesize
468KB

MD5
d334e75bef1a73b81bc682ba311ef688

SHA1
74e5db054499e6644f885c49a380c536c09017d1

SHA256
ae3ad2bb069e95855674ea1fb95d1a1ca6c8f63c35db6e6787ceef7053546df3

SHA512
eeee6f43bdceb580c351fd0f1213dedc35f9922dac4f5f12ae225bec370ef74f7fbfa6c6ef409a0f9f0144dd2f0689d8ae853c61aceae97007213554d333cfcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34218.exe

Filesize
468KB

MD5
0b9167e420ea54e14c92d79c0088f708

SHA1
a4c6fa39b9083ef7e07a919ed04c5f5d906b1476

SHA256
89f564a5edce34fef542fd7e14fcf28197cfabfb1950b953948e987ed9e4dcff

SHA512
2314a74ccf067c02d88739a9b350ba225102fef2ec38a32272554c0d8fdac40d8e60080b42717c67442cef8385e69e672ae65699ffe699152e4896553f86457d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35339.exe

Filesize
468KB

MD5
5abbd2fe684544ad58de632ff4cd070e

SHA1
f7afbd840ec3adb29a634de9c4c524ca444bade3

SHA256
0acc03c92a3d08b6d72ae3ad9aa7419aa3c3dc301017bedaf5881bb03b1025f0

SHA512
3447cfd52fe11b9b06e4888a80a782ad321b8d07e2d35bbf0c7230503fa411aeb770d585985a673450906097a49cb4fdfc6d8736ca6cc64433eff9c8c112f428

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38925.exe

Filesize
468KB

MD5
f657358e382efee92073b504f04b5872

SHA1
c3193baaf1048c0c45379011c600663d03e2866e

SHA256
52cc7948162edfba76620850e4e40bf7c7fcc6bc35ab4dc32da36289b4292d2e

SHA512
fbbf6052f9897adc7886981a933cd6028ec406ed83c99c8e7fc96dae9c86d9a60ff7f1b5f6eb563cf3012009ef8c5f26f3aa5a81fdfb319c25b079c4b5ec5130

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41727.exe

Filesize
468KB

MD5
642ade9f3b1e19808e83e666bc665aa4

SHA1
390c555546c0c75eb569fdec4438b62922203dfd

SHA256
0d17203a1083904cc5efb260b5caf75c69e87b8f07930b29c530b86e3d4be671

SHA512
52ece08f307a0d129c64befd8e93c62a69e2d9143a75dbbb298033636e0b512d5afa6468525cd6550a9736e90ab4d256513f5b361779a6491cf39b065816c164

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe

Filesize
468KB

MD5
9ca48ab808b312ecb92d72dcd968e08d

SHA1
cfd20491b884eddca1cef0363e8b8967c796031e

SHA256
486c949a385fd0e2b84e9d93ef10f1d5d0521b304aa6f0fd124d871b51e66757

SHA512
31a8f4e8ee9327a2f3ea3aecdfd9db4c7e657d37635daed08cc0d6a977074165066b6db6590c57698f55ca4912d5267213155f1e356a65964643439dc1abc355

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43371.exe

Filesize
468KB

MD5
20cb20bc48249e3baee57a7b9bc0688c

SHA1
b4bdfb1594083fe99ee33ff9b2124a73a908d45f

SHA256
0378890b0c6c13d26dd41863d73b3cb2e51b7f3bda81711c2dfab47abf9eb6c8

SHA512
9b1911c53270a309f2d8b733eedc5c59dbb4e0533a8156bdb113259f8da51e61c3e2d2d433bb094c5cec2565ab1037b56b6305fda9d5da1bcc7810bb44c9946a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45510.exe

Filesize
468KB

MD5
01648c818e8537c514092f7bf4e547e3

SHA1
d0a374e29e90655200edbb7fd405d31e892c2620

SHA256
860ac59061802befe28c4a5e960b1df696a6fe3464353d0278d2bf1d6c18671c

SHA512
e71ff8b6a8e6e11403e02461055e10c7a7d387cbc4a8388105c5f73c699ea04d827a8acaddc30b5740fa43189e452a580697d4d273363b8d8130ff74fbe3f400

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48224.exe

Filesize
468KB

MD5
616f2a83be8c6cd985beb06089260548

SHA1
5bb309fb387e809fbc4ad96f0cacd7d6efae5caa

SHA256
5433a6282f010641340336a76e95abac3549efd5f5b995669256179d89a01ad3

SHA512
a447f1fd768b2b851b19cbb19a816d3d127c19bd318273b5486c4bcb97f19296eed125a8b81f2714376ba6b719408214d0492606382d82c1a698a25f168c4c49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51523.exe

Filesize
468KB

MD5
f7d418505d443f97939cf53e9aa0102a

SHA1
0ccdc2ccbdec728220ea2b71987eeabb83f919f7

SHA256
3070c04e733b0d1aded9114bb79c326ea6a2f19dbbf84648852e0a78faa4086a

SHA512
cedfb83b9430832e50e9f3ae406a9aa4312a8f78a06862629a72e6e4f8de8cee249bcfab06d363899ac47c693167a2bf3693a58cc2cd917ec9d49fce9732aa63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53164.exe

Filesize
468KB

MD5
80e8c87a19ef071616dd6c8f85f2f4d4

SHA1
0da3016b809ae6486d360f65473479d2c42a0408

SHA256
f80acc2427c51398abcc4427cf71a1f6fd959fb0f8d45fffd6188b93a6e2c2ee

SHA512
d3535539aa6254e1f36fecfa63c639191f9a2cae77dc8bba5c500fc35e761cb209b758f4c8a6a7c242e75e12f1656a09122c69e10cf159192687e83736303b82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53569.exe

Filesize
468KB

MD5
5fab925ee485b7a4344a04624700fbff

SHA1
94be71d21594f603a542349ea7a59dfde7719d8e

SHA256
cce3511a8824ca168dce0fd9bf87a41255ba8093920af849262d086788547a22

SHA512
42ea7a8de6620f558c3c633688b708d87d69a3936fd371bff5646480b69b7e00e8cf6e8f9c9292363b83b52be5803c4c75be85fa6e401086ff5d50a621ae50f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe

Filesize
468KB

MD5
9f730eb0c0f55026d645d49b4555a744

SHA1
a75f5a5b3d44e2da130b5fedb2efb6e83bbaee88

SHA256
e5cbc3fcfcfdf33bdc1cd5006426556a8c4224ad4c9c591c2256750d2de8c7c6

SHA512
6c15f400f0faf47253eedf6fafd49d7607f81571d7034f1e53c916aab0a8530cac45ef76bf75a2c8c6159db8e72d55ffae64e3acac6d7ea6398095d3282d9eae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54124.exe

Filesize
468KB

MD5
4fc6daadf0f813f9a43f524926224a44

SHA1
85ed16c9a34b378c7f6e80c8f667d907cd001619

SHA256
eafb8e8443483420c82f3f64ca3bcb660438c969db085d7cf4ae100b5d9513c7

SHA512
72a1cdf87ec2029ba89fe15ac4c282ed3d6324ecc5b5e24d8cccf366f34a8344d419300699e3f2366a9d125a0e1f8b810d512ac09456a024aabc2ee4e79efc12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe

Filesize
468KB

MD5
848c8d2de363fad497aad1f061d7d21b

SHA1
ba571238d747592e334c2426649790da5da6922a

SHA256
71c73783a57f094d99272a901f144c68dbcc6a5d67c9422cbda3d0965949e704

SHA512
3380baf78ec4375cf9508dbb0126c7683cf03399caeb48bbb67c3b4c3415005e0e78aa038ed8632b738e5cee2ac14c7532f78c2fe5f38272e8638468793bdd33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59245.exe

Filesize
468KB

MD5
e60b39b767eb0fd61768a278e6eb9daf

SHA1
140f0e3430bdd8d56128e4772f1798200f3a6f69

SHA256
cf5945b36473fdc6d0f5cf8dbdff0498c9cfb7ea045eac7c0f92066369aa079e

SHA512
23cd0789f1cfed48b6be4737f244b31e99c773597fb76f0694a1044031f84607345af6ca3a511c504031867d1568988e13c32e5deed0df264c02b88e84dd0383

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6060.exe

Filesize
468KB

MD5
084f4fe883b72569e61eeac3da5b5294

SHA1
727873ec98f11e7cd4683043a16fe6df71257625

SHA256
bfe159a6d9c86d6fe3773a6e22c57e9057758fcde7f4595a0e8e843875e904fc

SHA512
1f39831c4a0d8ed8e50d64d07855d7b9cae187dde780396aaa445c39156887637bf47553edeccc36c481020e8e25ce745640fc3b701f409b53555f486e3000c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62815.exe

Filesize
468KB

MD5
0702efde63b11be1294f9f2e18fd0a85

SHA1
d569dbef7ab7a53f1137dff1a80422b2dcbc5aa3

SHA256
68b0f4e5328fe35e476ae3fecf358b38df23b11af7b364d9f3e370ec1590ffe2

SHA512
245925d3066f1d28f7152f70077bdde9c8a275bb338afc74a9cae1fba8e0f25bee807bbeca332bba2791bdb2fe74f6f20e14431e7f0fd1ff5b351b0ca53f672c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe

Filesize
468KB

MD5
b277e1155f0c71dff0ad3e94ebf57037

SHA1
d3f3856080d4d2ae8f43153d210141d0b432a6ae

SHA256
d28e1a9dac536b87a314a8ff227060df516dcf6ec5b9dfe00327af780ec299d8

SHA512
d825db6160a730ee92d29bea8f503429b8055b3f41a7abf27f301f390a3d8ad22eb263a4f498a064af017d295efbd2e41192a93ecc917b5bb00dc382cc4b62e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64991.exe

Filesize
468KB

MD5
5bc93cde37fefdef8b43c2946651650a

SHA1
67aad56272fffd35b7de9d65b0ee9526bc4f5e36

SHA256
6d8b1cfa9e783381387263f316f3af74a2547a3867308fcb0f64e036e0858e26

SHA512
68f02d486d5a7f2e567dca3fae3ac5a52e3c7f11c953fd322207c1d2e4233279790e6de131fe101b92b497b3ae26b5bd3ef3e147faa26484e8a7036624d4fc00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe

Filesize
468KB

MD5
87d3ea9bfa1280eaf2754ef7cbba5655

SHA1
65c03cc19a5f658e46ed916ad1ee192de0cd7b28

SHA256
9ba7c5e38e59f2c8782c84d96c87572e1a4fa8a4f2212c5b6d682b6dda2a60ef

SHA512
1becf9df8bdae9f8accebbd8045cbed973db0f81ee4a7965488ffd9c4d98d1680a10b4d5fa1f345d4c7459fab124c309f1029b5f31d0ad008390d298619e2a35

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7902.exe

Filesize
468KB

MD5
440044e4b22d52029f51b8945ed2078f

SHA1
f9e7741922f5685fefa342844f4ab9c5e009dd40

SHA256
1d0f7c67aef92bb8fbb8b4f0c713d9d84d7082b72c05f46d2e5a595911a5926c

SHA512
b1a0be9df90174d3b035f852caf4606f6b3fa36ca4f784fefd0325393e491084f2cbb67403e41abab0e9f70459a8d8c64c088269446b14bd8a0b1570fa5a7edd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads