1fee21d872e99ac46a8c581ad432bc235219eae268aadf6722cbb2799eea499e

Analysis

max time kernel
115s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 22:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0359f2ad8e1d35b83bba783644390c70N.exe
Size

468KB
MD5

0359f2ad8e1d35b83bba783644390c70
SHA1

0db84ec2ebffac69ca97b8e1cf14155bdf0f0e92
SHA256

1fee21d872e99ac46a8c581ad432bc235219eae268aadf6722cbb2799eea499e
SHA512

0f9eef72bb0859ab6330af802ed72c91dc936febb04ff8a0b6f11943b8c0656840a09734a6c5367dbf89b52f63a73374b8afe6cc18ec0133d525cbd3c90aa103
SSDEEP

3072:V3mVovIuI35vIbY1PgQ5Of8bBCmbqIpylmHe7SwvGl3wsSYXuSSlO:V3so2JvIaPZ5Ofx0mjGlgbYXuS

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4472	Unicorn-5228.exe
5068	Unicorn-26801.exe
1072	Unicorn-11019.exe
1844	Unicorn-52613.exe
444	Unicorn-41491.exe
4372	Unicorn-61357.exe
2032	Unicorn-59311.exe
1564	Unicorn-58233.exe
3192	Unicorn-864.exe
3212	Unicorn-599.exe
2056	Unicorn-28061.exe
2660	Unicorn-47927.exe
3052	Unicorn-41797.exe
3360	Unicorn-47927.exe
5100	Unicorn-32145.exe
2920	Unicorn-2400.exe
4208	Unicorn-1638.exe
4452	Unicorn-10568.exe
3100	Unicorn-37957.exe
4308	Unicorn-61907.exe
3296	Unicorn-454.exe
1776	Unicorn-37303.exe
4532	Unicorn-43433.exe
1448	Unicorn-47517.exe
4060	Unicorn-27651.exe
2336	Unicorn-16791.exe
2844	Unicorn-16791.exe
960	Unicorn-19404.exe
3988	Unicorn-9753.exe
4228	Unicorn-29354.exe
1004	Unicorn-59451.exe
3432	Unicorn-27071.exe
2228	Unicorn-983.exe
2260	Unicorn-20849.exe
1580	Unicorn-18903.exe
4428	Unicorn-3121.exe
436	Unicorn-30963.exe
1672	Unicorn-236.exe
4572	Unicorn-40307.exe
4580	Unicorn-39131.exe
2308	Unicorn-47299.exe
1680	Unicorn-29017.exe
452	Unicorn-9151.exe
3020	Unicorn-6458.exe
3456	Unicorn-14626.exe
1532	Unicorn-14626.exe
5104	Unicorn-57605.exe
4936	Unicorn-60219.exe
4880	Unicorn-547.exe
1800	Unicorn-46484.exe
3752	Unicorn-50568.exe
5096	Unicorn-8980.exe
1240	Unicorn-8715.exe
1272	Unicorn-2850.exe
4320	Unicorn-54652.exe
2924	Unicorn-41745.exe
4636	Unicorn-50.exe
1952	Unicorn-9328.exe
1096	Unicorn-48150.exe
2136	Unicorn-36355.exe
372	Unicorn-59468.exe
2288	Unicorn-11750.exe
4828	Unicorn-63552.exe
3524	Unicorn-21965.exe

Program crash 8 IoCs

pid	pid_target	Process	procid_target
5844	5292	WerFault.exe
7520	4828	WerFault.exe	157
7664	5292	WerFault.exe
4828	5428	WerFault.exe	250
9760	6060	WerFault.exe	251
10124	6072	WerFault.exe	215
15340	5380	WerFault.exe	640
16156	5380	WerFault.exe	640

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35764.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51466.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62747.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40387.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-418.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40307.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49007.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42649.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49235.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13136.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63864.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44163.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40211.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49152.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25949.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41866.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-599.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10568.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46151.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16651.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32737.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30616.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30147.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21965.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27319.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13158.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48379.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13158.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49152.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56723.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64471.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44701.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41015.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13703.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30149.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51151.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62145.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22674.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	11532	dwm.exe
Token: SeChangeNotifyPrivilege	11532	dwm.exe
Token: 33	11532	dwm.exe
Token: SeIncBasePriorityPrivilege	11532	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4296	0359f2ad8e1d35b83bba783644390c70N.exe
4472	Unicorn-5228.exe
5068	Unicorn-26801.exe
1072	Unicorn-11019.exe
1844	Unicorn-52613.exe
4372	Unicorn-61357.exe
2032	Unicorn-59311.exe
444	Unicorn-41491.exe
3212	Unicorn-599.exe
3192	Unicorn-864.exe
1564	Unicorn-58233.exe
3052	Unicorn-41797.exe
3360	Unicorn-47927.exe
2660	Unicorn-47927.exe
5100	Unicorn-32145.exe
2056	Unicorn-28061.exe
2920	Unicorn-2400.exe
4452	Unicorn-10568.exe
4308	Unicorn-61907.exe
3296	Unicorn-454.exe
3100	Unicorn-37957.exe
4532	Unicorn-43433.exe
2336	Unicorn-16791.exe
960	Unicorn-19404.exe
1776	Unicorn-37303.exe
2844	Unicorn-16791.exe
1448	Unicorn-47517.exe
4228	Unicorn-29354.exe
4060	Unicorn-27651.exe
3988	Unicorn-9753.exe
1004	Unicorn-59451.exe
3432	Unicorn-27071.exe
4292	Unicorn-47491.exe
2228	Unicorn-983.exe
2260	Unicorn-20849.exe
1580	Unicorn-18903.exe
1672	Unicorn-236.exe
4428	Unicorn-3121.exe
4572	Unicorn-40307.exe
436	Unicorn-30963.exe
4580	Unicorn-39131.exe
2308	Unicorn-47299.exe
1680	Unicorn-29017.exe
452	Unicorn-9151.exe
3020	Unicorn-6458.exe
1532	Unicorn-14626.exe
4880	Unicorn-547.exe
5104	Unicorn-57605.exe
3456	Unicorn-14626.exe
1240	Unicorn-8715.exe
4936	Unicorn-60219.exe
1272	Unicorn-2850.exe
2924	Unicorn-41745.exe
1800	Unicorn-46484.exe
4636	Unicorn-50.exe
4320	Unicorn-54652.exe
5096	Unicorn-8980.exe
3752	Unicorn-50568.exe
1096	Unicorn-48150.exe
1952	Unicorn-9328.exe
2136	Unicorn-36355.exe
372	Unicorn-59468.exe
4828	Unicorn-63552.exe
2288	Unicorn-11750.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4296 wrote to memory of 4472	4296	0359f2ad8e1d35b83bba783644390c70N.exe	91
PID 4296 wrote to memory of 4472	4296	0359f2ad8e1d35b83bba783644390c70N.exe	91
PID 4296 wrote to memory of 4472	4296	0359f2ad8e1d35b83bba783644390c70N.exe	91
PID 4472 wrote to memory of 5068	4472	Unicorn-5228.exe	93
PID 4472 wrote to memory of 5068	4472	Unicorn-5228.exe	93
PID 4472 wrote to memory of 5068	4472	Unicorn-5228.exe	93
PID 4296 wrote to memory of 1072	4296	0359f2ad8e1d35b83bba783644390c70N.exe	94
PID 4296 wrote to memory of 1072	4296	0359f2ad8e1d35b83bba783644390c70N.exe	94
PID 4296 wrote to memory of 1072	4296	0359f2ad8e1d35b83bba783644390c70N.exe	94
PID 5068 wrote to memory of 1844	5068	Unicorn-26801.exe	97
PID 5068 wrote to memory of 1844	5068	Unicorn-26801.exe	97
PID 5068 wrote to memory of 1844	5068	Unicorn-26801.exe	97
PID 1072 wrote to memory of 4372	1072	Unicorn-11019.exe	99
PID 1072 wrote to memory of 4372	1072	Unicorn-11019.exe	99
PID 1072 wrote to memory of 4372	1072	Unicorn-11019.exe	99
PID 4472 wrote to memory of 444	4472	Unicorn-5228.exe	98
PID 4472 wrote to memory of 444	4472	Unicorn-5228.exe	98
PID 4472 wrote to memory of 444	4472	Unicorn-5228.exe	98
PID 4296 wrote to memory of 2032	4296	0359f2ad8e1d35b83bba783644390c70N.exe	100
PID 4296 wrote to memory of 2032	4296	0359f2ad8e1d35b83bba783644390c70N.exe	100
PID 4296 wrote to memory of 2032	4296	0359f2ad8e1d35b83bba783644390c70N.exe	100
PID 2032 wrote to memory of 1564	2032	Unicorn-59311.exe	101
PID 2032 wrote to memory of 1564	2032	Unicorn-59311.exe	101
PID 2032 wrote to memory of 1564	2032	Unicorn-59311.exe	101
PID 1844 wrote to memory of 3192	1844	Unicorn-52613.exe	102
PID 1844 wrote to memory of 3192	1844	Unicorn-52613.exe	102
PID 1844 wrote to memory of 3192	1844	Unicorn-52613.exe	102
PID 4296 wrote to memory of 3212	4296	0359f2ad8e1d35b83bba783644390c70N.exe	103
PID 4296 wrote to memory of 3212	4296	0359f2ad8e1d35b83bba783644390c70N.exe	103
PID 4296 wrote to memory of 3212	4296	0359f2ad8e1d35b83bba783644390c70N.exe	103
PID 4372 wrote to memory of 2660	4372	Unicorn-61357.exe	105
PID 4372 wrote to memory of 2660	4372	Unicorn-61357.exe	105
PID 4372 wrote to memory of 2660	4372	Unicorn-61357.exe	105
PID 5068 wrote to memory of 2056	5068	Unicorn-26801.exe	104
PID 5068 wrote to memory of 2056	5068	Unicorn-26801.exe	104
PID 5068 wrote to memory of 2056	5068	Unicorn-26801.exe	104
PID 444 wrote to memory of 3360	444	Unicorn-41491.exe	107
PID 444 wrote to memory of 3360	444	Unicorn-41491.exe	107
PID 444 wrote to memory of 3360	444	Unicorn-41491.exe	107
PID 4472 wrote to memory of 3052	4472	Unicorn-5228.exe	106
PID 4472 wrote to memory of 3052	4472	Unicorn-5228.exe	106
PID 4472 wrote to memory of 3052	4472	Unicorn-5228.exe	106
PID 1072 wrote to memory of 5100	1072	Unicorn-11019.exe	108
PID 1072 wrote to memory of 5100	1072	Unicorn-11019.exe	108
PID 1072 wrote to memory of 5100	1072	Unicorn-11019.exe	108
PID 3212 wrote to memory of 2920	3212	Unicorn-599.exe	109
PID 3212 wrote to memory of 2920	3212	Unicorn-599.exe	109
PID 3212 wrote to memory of 2920	3212	Unicorn-599.exe	109
PID 4296 wrote to memory of 4208	4296	0359f2ad8e1d35b83bba783644390c70N.exe	110
PID 4296 wrote to memory of 4208	4296	0359f2ad8e1d35b83bba783644390c70N.exe	110
PID 4296 wrote to memory of 4208	4296	0359f2ad8e1d35b83bba783644390c70N.exe	110
PID 3192 wrote to memory of 4452	3192	Unicorn-864.exe	111
PID 3192 wrote to memory of 4452	3192	Unicorn-864.exe	111
PID 3192 wrote to memory of 4452	3192	Unicorn-864.exe	111
PID 1844 wrote to memory of 3100	1844	Unicorn-52613.exe	112
PID 1844 wrote to memory of 3100	1844	Unicorn-52613.exe	112
PID 1844 wrote to memory of 3100	1844	Unicorn-52613.exe	112
PID 1564 wrote to memory of 4308	1564	Unicorn-58233.exe	113
PID 1564 wrote to memory of 4308	1564	Unicorn-58233.exe	113
PID 1564 wrote to memory of 4308	1564	Unicorn-58233.exe	113
PID 2056 wrote to memory of 3296	2056	Unicorn-28061.exe	114
PID 2056 wrote to memory of 3296	2056	Unicorn-28061.exe	114
PID 2056 wrote to memory of 3296	2056	Unicorn-28061.exe	114
PID 5068 wrote to memory of 1776	5068	Unicorn-26801.exe	115

C:\Users\Admin\AppData\Local\Temp\0359f2ad8e1d35b83bba783644390c70N.exe
"C:\Users\Admin\AppData\Local\Temp\0359f2ad8e1d35b83bba783644390c70N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5228.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5228.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26801.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26801.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52613.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-864.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30963.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20211.exe
        8⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3272.exe
        9⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        10⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        10⤵
        
        PID:11296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:15784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55120.exe
        10⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44362.exe
        9⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7055.exe
        9⤵
        
        PID:11496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19874.exe
        9⤵
        
        PID:15564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31180.exe
        9⤵
        
        PID:17548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
        8⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35229.exe
        9⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        9⤵
        
        PID:12836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52607.exe
        9⤵
        
        PID:16948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33823.exe
        9⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33592.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        8⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19874.exe
        8⤵
        
        PID:15576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62758.exe
        7⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 472
        8⤵
        Program crash
        
        PID:5844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 504
        8⤵
        Program crash
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        7⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39313.exe
        8⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52390.exe
        8⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52991.exe
        8⤵
        
        PID:16020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54435.exe
        8⤵
        
        PID:17876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3827.exe
        7⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
        7⤵
        
        PID:14084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40837.exe
        7⤵
        
        PID:17544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42216.exe
        7⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11750.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37699.exe
        7⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30761.exe
        8⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61928.exe
        8⤵
        
        PID:12936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46796.exe
        8⤵
        
        PID:17192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34010.exe
        8⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64206.exe
        7⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44269.exe
        8⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
        8⤵
        
        PID:15872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28670.exe
        8⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33506.exe
        7⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19874.exe
        7⤵
        
        PID:15520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        6⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
        7⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        7⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        7⤵
        
        PID:15812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13703.exe
        7⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62889.exe
        6⤵
        
        PID:7680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64457.exe
        6⤵
        
        PID:11836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64411.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15350.exe
        6⤵
        
        PID:17580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-236.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6204.exe
        7⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25037.exe
        8⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 636
        9⤵
        Program crash
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33453.exe
        8⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60777.exe
        8⤵
        
        PID:14612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46841.exe
        8⤵
        
        PID:18264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25688.exe
        8⤵
        
        PID:17560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24605.exe
        7⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24897.exe
        8⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3380.exe
        8⤵
        
        PID:17952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28478.exe
        8⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54563.exe
        7⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45156.exe
        7⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26454.exe
        7⤵
        
        PID:15348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17667.exe
        7⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        6⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21311.exe
        7⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe
        8⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29944.exe
        8⤵
        
        PID:14052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-501.exe
        8⤵
        
        PID:17680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
        8⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25259.exe
        7⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58725.exe
        7⤵
        
        PID:13996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-501.exe
        7⤵
        
        PID:17612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
        7⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34194.exe
        6⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        7⤵
        
        PID:14448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe
        7⤵
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52198.exe
        6⤵
        
        PID:10960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        6⤵
        
        PID:13904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
        6⤵
        
        PID:8400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26817.exe
        6⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28327.exe
        7⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6064.exe
        8⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe
        8⤵
        
        PID:12980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33940.exe
        8⤵
        
        PID:15480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12141.exe
        8⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1933.exe
        7⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        7⤵
        
        PID:13184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52634.exe
        7⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
        7⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9613.exe
        6⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35525.exe
        7⤵
        
        PID:12252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29551.exe
        7⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-630.exe
        7⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48725.exe
        6⤵
        
        PID:10016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62452.exe
        6⤵
        
        PID:14076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57373.exe
        6⤵
        
        PID:17556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        6⤵
        
        PID:8272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28882.exe
        5⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9660.exe
        6⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44357.exe
        7⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45976.exe
        7⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4750.exe
        7⤵
        
        PID:17296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46760.exe
        7⤵
        
        PID:17860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
        6⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        6⤵
        
        PID:13120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
        6⤵
        
        PID:16184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40777.exe
        5⤵
        
        PID:6552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-418.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        6⤵
        
        PID:12840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52607.exe
        6⤵
        
        PID:16920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44163.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44203.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1754.exe
        5⤵
        
        PID:17752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23518.exe
        5⤵
        
        PID:5248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28061.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-454.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27071.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
        8⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38441.exe
        9⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35016.exe
        10⤵
        
        PID:14660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20407.exe
        9⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
        9⤵
        
        PID:12968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
        9⤵
        
        PID:17056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
        9⤵
        
        PID:15848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        8⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        9⤵
        
        PID:16864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40941.exe
        8⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41840.exe
        8⤵
        
        PID:14160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24892.exe
        8⤵
        
        PID:16044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        8⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
        7⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
        8⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        8⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62145.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44430.exe
        8⤵
        
        PID:17504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53629.exe
        7⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62504.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64223.exe
        7⤵
        
        PID:14376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8622.exe
        7⤵
        
        PID:9844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59468.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52281.exe
        7⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        8⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        8⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        8⤵
        
        PID:15792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56381.exe
        8⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9167.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3546.exe
        7⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49152.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
        7⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31760.exe
        6⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6474.exe
        7⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49007.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
        8⤵
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51840.exe
        7⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43287.exe
        7⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28670.exe
        7⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32852.exe
        6⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39641.exe
        6⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42041.exe
        6⤵
        
        PID:15308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14120.exe
        6⤵
        
        PID:7212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-983.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16127.exe
        6⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19993.exe
        7⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
        8⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38523.exe
        8⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26454.exe
        8⤵
        
        PID:17256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
        8⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51954.exe
        7⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54773.exe
        7⤵
        
        PID:13024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33079.exe
        7⤵
        
        PID:17204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34541.exe
        7⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48944.exe
        6⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38353.exe
        7⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44440.exe
        7⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        7⤵
        
        PID:15392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5535.exe
        7⤵
        
        PID:17896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58097.exe
        6⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe
        6⤵
        
        PID:11308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
        6⤵
        
        PID:14168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3469.exe
        6⤵
        
        PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4158.exe
        5⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
        6⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45151.exe
        7⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61928.exe
        7⤵
        
        PID:12920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38025.exe
        7⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63864.exe
        7⤵
        
        PID:8124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33453.exe
        6⤵
        
        PID:9016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29396.exe
        6⤵
        
        PID:13652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63403.exe
        6⤵
        
        PID:15856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48201.exe
        6⤵
        
        PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25924.exe
        5⤵
        
        PID:6828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48379.exe
        6⤵
        
        PID:11204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53288.exe
        6⤵
        
        PID:1408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53901.exe
        5⤵
        
        PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40375.exe
        5⤵
        
        PID:5380
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 464
        6⤵
        Program crash
        
        PID:15340
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 420
        6⤵
        Program crash
        
        PID:16156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        5⤵
        
        PID:17036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20685.exe
        5⤵
        
        PID:9948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37303.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29017.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48991.exe
        6⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1518.exe
        7⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6474.exe
        8⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18779.exe
        9⤵
        
        PID:13400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15519.exe
        9⤵
        
        PID:16876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27957.exe
        9⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36001.exe
        8⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
        8⤵
        
        PID:15432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        8⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
        7⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41866.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
        7⤵
        
        PID:13640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46793.exe
        7⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        6⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18535.exe
        7⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27523.exe
        8⤵
        
        PID:13592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21050.exe
        8⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4585.exe
        7⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43287.exe
        7⤵
        
        PID:13712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53366.exe
        7⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52067.exe
        6⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
        7⤵
        
        PID:12240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29551.exe
        7⤵
        
        PID:13428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31176.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
        6⤵
        
        PID:15456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9919.exe
        6⤵
        
        PID:16980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57675.exe
        6⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49930.exe
        5⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1684.exe
        6⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21327.exe
        7⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3293.exe
        7⤵
        
        PID:15632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12544.exe
        6⤵
        
        PID:10196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64974.exe
        6⤵
        
        PID:14360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-580.exe
        6⤵
        
        PID:17936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64730.exe
        6⤵
        
        PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62243.exe
        5⤵
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42157.exe
        6⤵
        
        PID:10748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15955.exe
        6⤵
        
        PID:14508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2308.exe
        5⤵
        
        PID:11108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47687.exe
        5⤵
        
        PID:14344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22864.exe
        5⤵
        
        PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10864.exe
        5⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54585.exe
        6⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        7⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1486.exe
        7⤵
        
        PID:14460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48514.exe
        7⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
        6⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
        7⤵
        
        PID:17260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4507.exe
        6⤵
        
        PID:13748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36760.exe
        6⤵
        
        PID:17396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64922.exe
        6⤵
        
        PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27319.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36013.exe
        6⤵
        
        PID:13576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62539.exe
        5⤵
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45732.exe
        5⤵
        
        PID:13472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39091.exe
        5⤵
        
        PID:17320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54040.exe
        5⤵
        
        PID:3820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28960.exe
      4⤵
      PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
        5⤵
        
        PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        5⤵
        
        PID:11352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        5⤵
        
        PID:15500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
        5⤵
        
        PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe
      4⤵
      PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49163.exe
        5⤵
        
        PID:17972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40171.exe
      4⤵
      PID:9572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53912.exe
      4⤵
      PID:14172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30809.exe
      4⤵
      PID:2556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41491.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41491.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16791.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18903.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20211.exe
        7⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54803.exe
        8⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5130.exe
        9⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4092.exe
        10⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26323.exe
        10⤵
        
        PID:14228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56281.exe
        10⤵
        
        PID:17728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
        9⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:13832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47870.exe
        8⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24807.exe
        8⤵
        
        PID:14304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23284.exe
        8⤵
        
        PID:17084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63965.exe
        8⤵
        
        PID:17788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65472.exe
        7⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
        8⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41721.exe
        9⤵
        
        PID:14332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14060.exe
        9⤵
        
        PID:17648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25259.exe
        8⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        8⤵
        
        PID:14256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
        8⤵
        
        PID:17656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
        8⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64921.exe
        7⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47969.exe
        8⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-771.exe
        8⤵
        
        PID:14044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42649.exe
        8⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52198.exe
        7⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58577.exe
        7⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62784.exe
        7⤵
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55960.exe
        6⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
        7⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 632
        8⤵
        Program crash
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33453.exe
        7⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14210.exe
        7⤵
        
        PID:13000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39806.exe
        7⤵
        
        PID:15460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46647.exe
        7⤵
        
        PID:8188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38341.exe
        6⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6230.exe
        7⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        7⤵
        
        PID:14708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24586.exe
        7⤵
        
        PID:8612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60428.exe
        6⤵
        
        PID:9632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30652.exe
        6⤵
        
        PID:9132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        6⤵
        
        PID:16668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9151.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59681.exe
        6⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64725.exe
        7⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
        8⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44440.exe
        8⤵
        
        PID:12160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46760.exe
        8⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        7⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4238.exe
        8⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38.exe
        7⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49152.exe
        7⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35764.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51466.exe
        6⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63023.exe
        7⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6095.exe
        7⤵
        
        PID:13972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38208.exe
        7⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31646.exe
        6⤵
        
        PID:8808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35260.exe
        6⤵
        
        PID:12180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
        6⤵
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25150.exe
        6⤵
        
        PID:9964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27292.exe
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
        6⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        7⤵
        
        PID:12320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3293.exe
        7⤵
        
        PID:15640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7838.exe
        7⤵
        
        PID:15672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34989.exe
        6⤵
        
        PID:10008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52503.exe
        6⤵
        
        PID:13964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
        6⤵
        
        PID:17688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44701.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5249.exe
        5⤵
        
        PID:7800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
        5⤵
        
        PID:10928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16769.exe
        5⤵
        
        PID:14176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22864.exe
        5⤵
        
        PID:3552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9753.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14626.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25255.exe
        6⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54585.exe
        7⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
        8⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44440.exe
        8⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        8⤵
        
        PID:15376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40346.exe
        8⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
        7⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28216.exe
        7⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19001.exe
        7⤵
        
        PID:16820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        7⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
        6⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        7⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54653.exe
        8⤵
        
        PID:16996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31585.exe
        7⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48523.exe
        7⤵
        
        PID:16888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55120.exe
        7⤵
        
        PID:17440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44860.exe
        6⤵
        
        PID:9360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37258.exe
        6⤵
        
        PID:14212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6219.exe
        6⤵
        
        PID:17736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2060.exe
        6⤵
        
        PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1113.exe
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40211.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30345.exe
        7⤵
        
        PID:14140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65207.exe
        7⤵
        
        PID:8120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55986.exe
        6⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44143.exe
        6⤵
        
        PID:14296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
        6⤵
        
        PID:17824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35764.exe
        6⤵
        
        PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41212.exe
        5⤵
        
        PID:8348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35821.exe
        6⤵
        
        PID:13852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29489.exe
        6⤵
        
        PID:18312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23496.exe
        5⤵
        
        PID:11452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23951.exe
        5⤵
        
        PID:13680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36295.exe
        5⤵
        
        PID:16356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2850.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10288.exe
        5⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
        6⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49235.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
        7⤵
        
        PID:14604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63377.exe
        7⤵
        
        PID:18248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17475.exe
        7⤵
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33453.exe
        6⤵
        
        PID:8492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60777.exe
        6⤵
        
        PID:14620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
        6⤵
        
        PID:7132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43079.exe
        5⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        6⤵
        
        PID:9112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        6⤵
        
        PID:11948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        6⤵
        
        PID:15424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4402.exe
        5⤵
        
        PID:8076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34082.exe
        5⤵
        
        PID:12072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10336.exe
        5⤵
        
        PID:16776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3277.exe
        5⤵
        
        PID:8008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37050.exe
      4⤵
      PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33563.exe
        5⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44269.exe
        6⤵
        
        PID:12692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
        6⤵
        
        PID:15884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20885.exe
        6⤵
        
        PID:8380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6593.exe
        5⤵
        
        PID:9540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        5⤵
        
        PID:14240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33558.exe
        5⤵
        
        PID:17116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24088.exe
        5⤵
        
        PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
      4⤵
      PID:7912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        5⤵
        
        PID:12648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33033.exe
        5⤵
        
        PID:16680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57467.exe
      4⤵
      PID:11700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19486.exe
      4⤵
      PID:14908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61536.exe
      4⤵
      PID:8308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43433.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63552.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27777.exe
        6⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
        7⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 648
        7⤵
        Program crash
        
        PID:10124
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 716
        6⤵
        Program crash
        
        PID:7520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        5⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45151.exe
        6⤵
        
        PID:8888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe
        6⤵
        
        PID:12960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44055.exe
        6⤵
        
        PID:16160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31000.exe
        6⤵
        
        PID:8768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18269.exe
        5⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
        6⤵
        
        PID:12424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        6⤵
        
        PID:17448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21050.exe
        6⤵
        
        PID:16884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15520.exe
        5⤵
        
        PID:11140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23951.exe
        5⤵
        
        PID:13496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32211.exe
        5⤵
        
        PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49083.exe
      4⤵
      PID:4804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9110.exe
        5⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17933.exe
        6⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49213.exe
        6⤵
        
        PID:13256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58856.exe
        6⤵
        
        PID:16028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
        6⤵
        
        PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49816.exe
        5⤵
        
        PID:7568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57215.exe
        5⤵
        
        PID:11200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49152.exe
        5⤵
        
        PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21481.exe
      4⤵
      PID:6256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52743.exe
        5⤵
        
        PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        5⤵
        
        PID:11728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        5⤵
        
        PID:15708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48514.exe
        5⤵
        
        PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34876.exe
      4⤵
      PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16833.exe
        5⤵
        
        PID:13416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23495.exe
        5⤵
        
        PID:16840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63453.exe
        5⤵
        
        PID:6752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
      4⤵
      PID:11268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41017.exe
      4⤵
      PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41406.exe
      4⤵
      PID:18244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29354.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29354.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57605.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41015.exe
        5⤵
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46033.exe
        6⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23169.exe
        7⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14481.exe
        7⤵
        
        PID:13288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13136.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33453.exe
        6⤵
        
        PID:8988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60777.exe
        6⤵
        
        PID:14588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46841.exe
        6⤵
        
        PID:18272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
        6⤵
        
        PID:15464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
        5⤵
        
        PID:7352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exe
        6⤵
        
        PID:9456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        6⤵
        
        PID:12432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52607.exe
        6⤵
        
        PID:16936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63864.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27948.exe
        5⤵
        
        PID:10040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28706.exe
        5⤵
        
        PID:14100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6219.exe
        5⤵
        
        PID:17604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9652.exe
        5⤵
        
        PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35923.exe
      4⤵
      PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56723.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        6⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44440.exe
        6⤵
        
        PID:12280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        6⤵
        
        PID:15384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17787.exe
        6⤵
        
        PID:17672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21393.exe
        5⤵
        
        PID:8692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
        5⤵
        
        PID:13280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19001.exe
        5⤵
        
        PID:16784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
        5⤵
        
        PID:7228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35217.exe
      4⤵
      PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13158.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-771.exe
        5⤵
        
        PID:13468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22612.exe
        5⤵
        
        PID:7944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46038.exe
      4⤵
      PID:9912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
      4⤵
      PID:13484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30147.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41015.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29121.exe
        5⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34631.exe
        6⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        7⤵
        
        PID:17776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59640.exe
        7⤵
        
        PID:17612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe
        6⤵
        
        PID:11136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
        6⤵
        
        PID:15724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22334.exe
        6⤵
        
        PID:8748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45130.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19472.exe
        5⤵
        
        PID:10536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
        5⤵
        
        PID:15488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        5⤵
        
        PID:6928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41133.exe
      4⤵
      PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30149.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9069.exe
        5⤵
        
        PID:1020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56701.exe
      4⤵
      PID:9764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39.exe
      4⤵
      PID:13044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26454.exe
      4⤵
      PID:16960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46255.exe
      4⤵
      PID:11536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44905.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44905.exe
    3⤵
    PID:5480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
      4⤵
      PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48794.exe
        5⤵
        
        PID:16108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49572.exe
      4⤵
      PID:9676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
      4⤵
      PID:14152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64092.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62651.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62651.exe
    3⤵
    PID:7780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20917.exe
      4⤵
      PID:13448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
      4⤵
      PID:16832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42649.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22532.exe
    3⤵
    PID:10920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60253.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60253.exe
    3⤵
    PID:13460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61357.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61357.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47517.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36307.exe
        7⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        8⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        8⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        8⤵
        
        PID:15584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12404.exe
        7⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24840.exe
        7⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3339.exe
        7⤵
        
        PID:15596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
        6⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        7⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        8⤵
        
        PID:12304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3293.exe
        8⤵
        
        PID:15620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16582.exe
        8⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        7⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43287.exe
        7⤵
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53464.exe
        6⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
        7⤵
        
        PID:17336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
        6⤵
        
        PID:11608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23951.exe
        6⤵
        
        PID:11892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46484.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51705.exe
        6⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
        7⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63023.exe
        8⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32737.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        8⤵
        
        PID:17420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62904.exe
        8⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25259.exe
        7⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        7⤵
        
        PID:14200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
        7⤵
        
        PID:17716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39849.exe
        7⤵
        
        PID:17852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe
        6⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        7⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48794.exe
        7⤵
        
        PID:16116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22804.exe
        7⤵
        
        PID:17416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31254.exe
        6⤵
        
        PID:12632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3915.exe
        6⤵
        
        PID:16240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12366.exe
        6⤵
        
        PID:17924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46151.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
        6⤵
        
        PID:9200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61928.exe
        6⤵
        
        PID:13012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11382.exe
        6⤵
        
        PID:15572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
        6⤵
        
        PID:8568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63578.exe
        5⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43553.exe
        6⤵
        
        PID:17124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-746.exe
        5⤵
        
        PID:10648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        5⤵
        
        PID:14656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        5⤵
        
        PID:17720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59451.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9328.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        6⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
        7⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
        8⤵
        
        PID:17272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24.exe
        8⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        7⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        7⤵
        
        PID:15448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13703.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27641.exe
        6⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64471.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25825.exe
        7⤵
        
        PID:15692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28642.exe
        7⤵
        
        PID:17736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9576.exe
        6⤵
        
        PID:10408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        6⤵
        
        PID:13696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48593.exe
        6⤵
        
        PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11995.exe
        5⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6474.exe
        6⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34347.exe
        7⤵
        
        PID:13272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64938.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50516.exe
        7⤵
        
        PID:17420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36001.exe
        6⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
        6⤵
        
        PID:15472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35764.exe
        6⤵
        
        PID:17592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12404.exe
        5⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35577.exe
        6⤵
        
        PID:17580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4793.exe
        6⤵
        
        PID:17812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24186.exe
        5⤵
        
        PID:10972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
        5⤵
        
        PID:12080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52286.exe
        5⤵
        
        PID:6312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48150.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4834.exe
        5⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9852.exe
        6⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21737.exe
        7⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53288.exe
        7⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10168.exe
        7⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
        6⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
        6⤵
        
        PID:13340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
        6⤵
        
        PID:17216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21758.exe
        6⤵
        
        PID:7564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25949.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33195.exe
        6⤵
        
        PID:10992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8939.exe
        6⤵
        
        PID:15820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49831.exe
        6⤵
        
        PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43079.exe
        5⤵
        
        PID:10104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52338.exe
        5⤵
        
        PID:13948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22754.exe
        5⤵
        
        PID:17804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
        5⤵
        
        PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
      4⤵
      PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
        5⤵
        
        PID:7696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13158.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-771.exe
        6⤵
        
        PID:15416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3754.exe
        6⤵
        
        PID:17768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32597.exe
        5⤵
        
        PID:10896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8057.exe
        5⤵
        
        PID:5252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34293.exe
      4⤵
      PID:6672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54369.exe
      4⤵
      PID:10580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53912.exe
      4⤵
      PID:13936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16791.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6458.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4834.exe
        6⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17933.exe
        7⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5737.exe
        7⤵
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        7⤵
        
        PID:15440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17787.exe
        7⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35731.exe
        6⤵
        
        PID:8824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57818.exe
        6⤵
        
        PID:12108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
        6⤵
        
        PID:13440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50532.exe
        6⤵
        
        PID:552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18509.exe
        6⤵
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23530.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45426.exe
        6⤵
        
        PID:17328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53061.exe
        6⤵
        
        PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22902.exe
        5⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4772.exe
        6⤵
        
        PID:13760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32997.exe
        6⤵
        
        PID:17512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9411.exe
        5⤵
        
        PID:10652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
        5⤵
        
        PID:14268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47708.exe
        5⤵
        
        PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54652.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4834.exe
        5⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
        6⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26843.exe
        7⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45374.exe
        7⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34106.exe
        7⤵
        
        PID:17976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        7⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29343.exe
        6⤵
        
        PID:10116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31506.exe
        6⤵
        
        PID:14092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-501.exe
        6⤵
        
        PID:17592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5614.exe
        6⤵
        
        PID:868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-536.exe
        5⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
        6⤵
        
        PID:11152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63978.exe
        6⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4330.exe
        6⤵
        
        PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23994.exe
        5⤵
        
        PID:11432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
        5⤵
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21559.exe
        5⤵
        
        PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50235.exe
      4⤵
      PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
        5⤵
        
        PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5737.exe
        5⤵
        
        PID:11028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        5⤵
        
        PID:15604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48514.exe
        5⤵
        
        PID:6568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59494.exe
      4⤵
      PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35556.exe
      4⤵
      PID:10668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58378.exe
      4⤵
      PID:14384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19404.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19404.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14626.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25255.exe
        5⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6474.exe
        6⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47564.exe
        6⤵
        
        PID:11236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43287.exe
        6⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
        6⤵
        
        PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29011.exe
        5⤵
        
        PID:7960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3957.exe
        5⤵
        
        PID:11720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
        5⤵
        
        PID:13692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30495.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9281.exe
      4⤵
      PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
        5⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13158.exe
        6⤵
        
        PID:12088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8939.exe
        6⤵
        
        PID:15648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49255.exe
        6⤵
        
        PID:17884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53577.exe
        5⤵
        
        PID:10296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60698.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51151.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43577.exe
      4⤵
      PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        5⤵
        
        PID:12236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8939.exe
        5⤵
        
        PID:15772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18720.exe
        5⤵
        
        PID:8728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3635.exe
      4⤵
      PID:9852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47565.exe
      4⤵
      PID:13036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44921.exe
      4⤵
      PID:17788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8715.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4834.exe
      4⤵
      PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
        5⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63023.exe
        6⤵
        
        PID:10060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16209.exe
        6⤵
        
        PID:14060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        6⤵
        
        PID:17636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17667.exe
        5⤵
        
        PID:10640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
        5⤵
        
        PID:14312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16759.exe
      4⤵
      PID:8092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
      4⤵
      PID:11220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
      4⤵
      PID:8224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25157.exe
      4⤵
      PID:9524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
    3⤵
    PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
      4⤵
      PID:7852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
      4⤵
      PID:11672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
      4⤵
      PID:15508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55312.exe
      4⤵
      PID:4940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34293.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34293.exe
    3⤵
    PID:908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32671.exe
      4⤵
      PID:16104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35711.exe
      4⤵
      PID:8384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54369.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54369.exe
    3⤵
    PID:10556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53912.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53912.exe
    3⤵
    PID:4660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13897.exe
    3⤵
    PID:8620
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59311.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59311.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61907.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47299.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6204.exe
        6⤵
        
        PID:732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55571.exe
        7⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        8⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        8⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        8⤵
        
        PID:13444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10319.exe
        7⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19472.exe
        7⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
        7⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
        7⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        6⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
        7⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        7⤵
        
        PID:11936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        7⤵
        
        PID:15408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46760.exe
        7⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11419.exe
        6⤵
        
        PID:9988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27144.exe
        6⤵
        
        PID:14068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40837.exe
        6⤵
        
        PID:17628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4006.exe
        6⤵
        
        PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46422.exe
        5⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
        6⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21737.exe
        7⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36375.exe
        7⤵
        
        PID:14024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26888.exe
        7⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25259.exe
        6⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        6⤵
        
        PID:10472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12753.exe
        6⤵
        
        PID:17476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36340.exe
        6⤵
        
        PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6401.exe
        5⤵
        
        PID:8312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15328.exe
        5⤵
        
        PID:11424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23951.exe
        5⤵
        
        PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22864.exe
        5⤵
        
        PID:8716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50568.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6204.exe
        5⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16293.exe
        6⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6064.exe
        7⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
        7⤵
        
        PID:14596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
        7⤵
        
        PID:17948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51544.exe
        6⤵
        
        PID:7524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62259.exe
        6⤵
        
        PID:12212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
        6⤵
        
        PID:15532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        5⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63023.exe
        6⤵
        
        PID:10136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2316.exe
        6⤵
        
        PID:14676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24202.exe
        6⤵
        
        PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35129.exe
        5⤵
        
        PID:9108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34082.exe
        5⤵
        
        PID:12204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24309.exe
        5⤵
        
        PID:16012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe
        5⤵
        
        PID:9952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12902.exe
      4⤵
      PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64995.exe
        5⤵
        
        PID:9080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        5⤵
        
        PID:11656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        5⤵
        
        PID:15556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6495.exe
        5⤵
        
        PID:15528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1549.exe
      4⤵
      PID:8080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31088.exe
      4⤵
      PID:11228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe
      4⤵
      PID:2736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27651.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27651.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8980.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20979.exe
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40387.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4990.exe
        7⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8939.exe
        7⤵
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49255.exe
        7⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
        6⤵
        
        PID:9628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        6⤵
        
        PID:10364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27222.exe
        6⤵
        
        PID:17872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50532.exe
        6⤵
        
        PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42477.exe
        5⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        6⤵
        
        PID:12868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48794.exe
        6⤵
        
        PID:16144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20666.exe
        6⤵
        
        PID:8208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6130.exe
        5⤵
        
        PID:8784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25696.exe
        5⤵
        
        PID:13956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22754.exe
        5⤵
        
        PID:17700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6977.exe
        5⤵
        
        PID:18260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30469.exe
      4⤵
      PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17933.exe
        5⤵
        
        PID:8924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        5⤵
        
        PID:12128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43287.exe
        5⤵
        
        PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26986.exe
      4⤵
      PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
        5⤵
        
        PID:16880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38041.exe
        5⤵
        
        PID:9528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48306.exe
      4⤵
      PID:10704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54493.exe
      4⤵
      PID:14668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57823.exe
      4⤵
      PID:7144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41745.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41745.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4834.exe
      4⤵
      PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56121.exe
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        6⤵
        
        PID:12860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48794.exe
        6⤵
        
        PID:16168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42649.exe
        6⤵
        
        PID:6512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55986.exe
        5⤵
        
        PID:9272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        5⤵
        
        PID:14248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33558.exe
        5⤵
        
        PID:16884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
        5⤵
        
        PID:6536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
      4⤵
      PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        5⤵
        
        PID:10864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14201.exe
        5⤵
        
        PID:13508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46333.exe
      4⤵
      PID:11008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19219.exe
      4⤵
      PID:13320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
      4⤵
      PID:7464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52016.exe
    3⤵
    PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
      4⤵
      PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        5⤵
        
        PID:12884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48794.exe
        5⤵
        
        PID:16176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27318.exe
      4⤵
      PID:10624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15327.exe
      4⤵
      PID:13604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31680.exe
      4⤵
      PID:17668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62121.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62121.exe
    3⤵
    PID:7812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27767.exe
      4⤵
      PID:10776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55426.exe
      4⤵
      PID:13364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18720.exe
      4⤵
      PID:3452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
    3⤵
    PID:10980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9906.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9906.exe
    3⤵
    PID:13768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42366.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42366.exe
    3⤵
    PID:7708
- C:\Users\Admin\AppData\Local\Temp\Unicorn-599.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-599.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20849.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10096.exe
        5⤵
        
        PID:384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9110.exe
        6⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32131.exe
        7⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38523.exe
        7⤵
        
        PID:13196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17247.exe
        7⤵
        
        PID:15828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40425.exe
        7⤵
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3250.exe
        6⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64040.exe
        6⤵
        
        PID:12196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
        6⤵
        
        PID:15368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9919.exe
        6⤵
        
        PID:16972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16450.exe
        6⤵
        
        PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34937.exe
        5⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52743.exe
        6⤵
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48524.exe
        6⤵
        
        PID:12224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        6⤵
        
        PID:15400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48514.exe
        6⤵
        
        PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-152.exe
        5⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
        6⤵
        
        PID:17288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33957.exe
        6⤵
        
        PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63927.exe
        5⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3339.exe
        5⤵
        
        PID:15748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40379.exe
        5⤵
        
        PID:7088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
      4⤵
      PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61513.exe
        5⤵
        
        PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36001.exe
        5⤵
        
        PID:11216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
        5⤵
        
        PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53464.exe
      4⤵
      PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8550.exe
        5⤵
        
        PID:16816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
        5⤵
        
        PID:8796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
      4⤵
      PID:11080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23951.exe
      4⤵
      PID:4776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3121.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3121.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59681.exe
      4⤵
      PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9494.exe
        5⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45151.exe
        6⤵
        
        PID:8704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61928.exe
        6⤵
        
        PID:12928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5160.exe
        6⤵
        
        PID:16128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13703.exe
        6⤵
        
        PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58560.exe
        5⤵
        
        PID:8216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63245.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49152.exe
        5⤵
        
        PID:10124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51466.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        5⤵
        
        PID:11344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        5⤵
        
        PID:15548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30616.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31646.exe
      4⤵
      PID:8800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49650.exe
      4⤵
      PID:12264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
      4⤵
      PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38663.exe
      4⤵
      PID:5432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60157.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60157.exe
    3⤵
    PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
      4⤵
      PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10314.exe
        5⤵
        
        PID:9736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30407.exe
        5⤵
        
        PID:14280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        5⤵
        
        PID:17644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
        5⤵
        
        PID:7076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42965.exe
      4⤵
      PID:9780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28984.exe
      4⤵
      PID:13268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
      4⤵
      PID:17064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24088.exe
      4⤵
      PID:1216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
    3⤵
    PID:7288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48379.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3895.exe
      4⤵
      PID:13884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38525.exe
    3⤵
    PID:9776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25191.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25191.exe
    3⤵
    PID:14388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31837.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31837.exe
    3⤵
    PID:17964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52096.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52096.exe
    3⤵
    PID:7340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1638.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1638.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47491.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47491.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21965.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33615.exe
        5⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27855.exe
        6⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44440.exe
        6⤵
        
        PID:12136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        6⤵
        
        PID:15740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64206.exe
        5⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
        6⤵
        
        PID:12668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9515.exe
        6⤵
        
        PID:16248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34480.exe
        6⤵
        
        PID:17588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18320.exe
        5⤵
        
        PID:11172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49152.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
        5⤵
        
        PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54782.exe
      4⤵
      PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17933.exe
        5⤵
        
        PID:8944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64793.exe
        6⤵
        
        PID:13544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38523.exe
        5⤵
        
        PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
        5⤵
        
        PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17866.exe
        5⤵
        
        PID:7224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63551.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1627.exe
      4⤵
      PID:11040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
      4⤵
      PID:14236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49956.exe
      4⤵
      PID:17692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29125.exe
    3⤵
    PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56557.exe
      4⤵
      PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60999.exe
        5⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        6⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        6⤵
        
        PID:12848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52607.exe
        6⤵
        
        PID:16928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22448.exe
        6⤵
        
        PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18766.exe
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58560.exe
        5⤵
        
        PID:14416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4088.exe
        5⤵
        
        PID:17508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23313.exe
        5⤵
        
        PID:6396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50994.exe
      4⤵
      PID:7332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41233.exe
        5⤵
        
        PID:10332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53926.exe
        5⤵
        
        PID:14488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22420.exe
        5⤵
        
        PID:17436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61745.exe
      4⤵
      PID:10340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
      4⤵
      PID:14480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17290.exe
      4⤵
      PID:2640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9970.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9970.exe
    3⤵
    PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
      4⤵
      PID:8956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38523.exe
      4⤵
      PID:13204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
      4⤵
      PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13782.exe
      4⤵
      PID:2200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57932.exe
    3⤵
    PID:8496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3844.exe
    3⤵
    PID:11276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3339.exe
    3⤵
    PID:15732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38625.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38625.exe
    3⤵
    PID:17724
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40307.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40307.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51195.exe
    3⤵
    PID:6996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34631.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe
      4⤵
      PID:11648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
      4⤵
      PID:15804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
      4⤵
      PID:684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29920.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29920.exe
    3⤵
    PID:8992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16672.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16672.exe
    3⤵
    PID:10592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
    3⤵
    PID:1420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18396.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18396.exe
    3⤵
    PID:4980
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8686.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8686.exe
  2⤵
  PID:5304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
    3⤵
    PID:1140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64715.exe
      4⤵
      PID:11044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32291.exe
      4⤵
      PID:14208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25259.exe
    3⤵
    PID:9424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58725.exe
    3⤵
    PID:14004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-501.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-501.exe
    3⤵
    PID:17432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54239.exe
    3⤵
    PID:5728
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6310.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6310.exe
  2⤵
  PID:7752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7014.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7014.exe
    3⤵
    PID:17012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2847.exe
    3⤵
    PID:7264
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
  2⤵
  PID:10940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64454.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64454.exe
  2⤵
  PID:13732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5292 -ip 5292
1⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4828 -ip 4828
1⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5292 -ip 5292
1⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 372 -p 5428 -ip 5428
1⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 6060 -ip 6060
1⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6072 -ip 6072
1⤵
PID:11768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5380 -ip 5380
1⤵
PID:14788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5380 -ip 5380
1⤵
PID:15996

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:11532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe

Filesize
468KB

MD5
72c95df13ff4b14e8219149f0eef6638

SHA1
1543d09d5d2a3bb42851b0c098948b55a145634a

SHA256
df8778f78a4380f7f2ff56c63c2d2f4a3a9662e7bea5886d2138667aa1b2e75c

SHA512
a4babe9939a3c20891f5b5b1335778d50f9af5f4e9548765bcd9c82a25a312e53597c0177f6efc18ecdaf9ed5da3e4304c806c4ccbe540112ab857ec0c5b3848

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe

Filesize
468KB

MD5
5f26830bd06b048bc89f90fdb516cfe4

SHA1
ec0db412711491a0ffbff2154dc3ccca26cc048a

SHA256
fb067a87226ed8ca1a76d7acb46bdc0ee2c58f32b45d04abf7be93cf070f886b

SHA512
bd29800db378b0e01f840660cd320b24ec31f3fe22f505516cc6c14f193c4cdc33bae259f4f7c716e9351dbee12416c3ea7253484b68c2516f8f20da1f569815

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13158.exe

Filesize
468KB

MD5
1909ec456632240bdcbef5178335b676

SHA1
6cf9bc3deb26373bb96ad1064686bd504fe6b62e

SHA256
aced3852c4d5fdcd3539c32ecde15d75b70c36ad27635797cb3adec047c502e6

SHA512
a30cbf3854073fcbfb3a1b3b247b94a2de0151472d42ab06eb545ca54becbe18c6a3fe9dbdb5599f6bf7bd35bd42820f3df40a7fa9ce7eeb9e7fa1b177cdcadd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1638.exe

Filesize
468KB

MD5
7470fb37d3723d233390dbe5a38c4ac1

SHA1
b868729b0f67e51994cf34a650ed583c3dea3e45

SHA256
8e6950ec53f13c20f70ceec95b893c4673ac976b8203221e38cb055b88446f19

SHA512
04d5f5938b8efff31ed45c5fde54406a5907fbfe9e14592073e449b161aa8390703720502feb256a134c7b43f95956665c6c79a26cee842b8dbab08d019079a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16791.exe

Filesize
468KB

MD5
4806947dee648ab597715648ef2c256e

SHA1
826790f8a1122d19322ba0e88fe05e2045f26285

SHA256
81b0fa23361046091346957f61d771fa444f03f0c12b6141b0fbaba0db91703d

SHA512
b8cd9b8d12f3512f9e685a4d0f1ddeedb421adc86f03afe8ee8307c4adca9c94a1f28809914c770639421a252a82a1ffa062f0a3a2006be848098dad93958bf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19404.exe

Filesize
468KB

MD5
7827604afd18479407f9398f5c9bbb14

SHA1
d48df5acce7be73d18f11251cc5e1406b6f8410c

SHA256
9fdbff317ce342d4ece0dfaccd51b8755cbc1536fdc2c79bb54f7c38b8ef311e

SHA512
cfb8101d04ed8e8982e559b11bc89732560ca14d2a7d2dac9954e7fb291b1025aa388b6c5879bc86bcd6bb3bb8ed052ae3a1d2a55fe84daab4a414db14cf59cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe

Filesize
468KB

MD5
42a367cb13aa48f5992b6e691de365db

SHA1
a9e0a5485eba208d942bc948928af929648fd5ef

SHA256
41f1309a485627d8768433ed7853a659186fa2b6b35e44133f5870790e20c211

SHA512
a8730b76a022124a4ab99f3a407e29d662b49226faafb2d81eb3ab8bf614bb324ad0471d5212bb0338293c5196d4ed191b9d8c0fd335ed88f61604ac18c798f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26801.exe

Filesize
468KB

MD5
b1b01e6ec45328afcbb3e8ecf98c2bfd

SHA1
6f9fdc95ae84b4038b838be04ab070b75b451e47

SHA256
f40fe67a4c32e077000ee43a6ebe4ada5487c8e3606a5e9f1e1ef95fa15d296c

SHA512
b4f35c39e78baceb9a705320698916b880a0ebd1d5e2ce760c5f8ac676c03c8a23178e399fad897e752004de99e73a8ef87ce2c50c234838fba1feae045e1331

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27071.exe

Filesize
468KB

MD5
50f2cfcdb594e5ebc6b6885a2afb0870

SHA1
f7977bacac56ac960f289469027cdd1492fe937c

SHA256
2d87cfaf75be4b1d3579ac165beb0adba64a6ebfdbf252a7ec4556cc0122d3ac

SHA512
f318a7a8f395360408c282c54fe7e236edede018176e0d2bac573fa67cecd0934c1b00f67a21d35b8589566b027b3dd33ec91b285cbcd76f88a099895548498e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27651.exe

Filesize
468KB

MD5
eea665783d8da01e118cd1130bd27188

SHA1
e750e821b4759608d6a9bb28cdf44b92a677271a

SHA256
3a59edf2497057d1a19f4bd056144db9461c208e1d40db3a9268868d0422b6f0

SHA512
69a0fdc5427e456d3a7edc99429d9b73793ad61ca6e6eabd6956cb76f67208dd0ad48dbc0f871cffa07d587a182836800f936baceb693f44c83774ee1968809d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28061.exe

Filesize
468KB

MD5
ff0f45f477a561b22bec5c9a1e0ffa31

SHA1
4a01f91bc6aaa2755e146f23174530ef15c728c0

SHA256
b0e9d8acc3e6ff03311def9dff814e3395b70bce6bc09ff58412fdda1fa9ad33

SHA512
5256391f4088bee1cbc5a7201b7a8137cc9d0e653aabd2b28fab3fc53845a613706cb0cd1aaea806d4dde91c73c7ff6695a1f4bd38470187d83edb703ffdcbd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29354.exe

Filesize
468KB

MD5
16d9362cd86d1de40ba70fdee99b6da2

SHA1
db16b974d402504ba8c167c3aa95e93bfdb3435f

SHA256
b7d623be826540fc8f346f8ca1569f39ce15bada35e7c9168f6396506b36b002

SHA512
3a40f75c8811857cca5ea2bda9917f4bf1cdea9ba2d2a85feb0b161d7ca3038ef7f18a885112e1c103ffd8c6e19ce7e003489df6b78acdafa785bdee996d09c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe

Filesize
468KB

MD5
bb741c526b5897f8ffc42a09289b803c

SHA1
352575257658b2efd23169c72fcbb6625660d67a

SHA256
afc41659cff599633ba1c250780246929ebbd87e1614df67773f6534c4cc0812

SHA512
873acacf10f0b9aa2e557212ea8a2583eac3608305e414a514a25ac437530914f8d4ec84d073513ef3a3a68c46bdcce1919310ffd92ba177b5f7e81817ec18ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37303.exe

Filesize
468KB

MD5
97110e8b08f011f0061a0ab843a1f073

SHA1
a6110d727c473380ea23ed05b690fc84b8804c45

SHA256
add9391bf1bf8c917eccf993d81c06a765082590db5b8c81dde688f55ba8fc9e

SHA512
69a892758a13681297f4ecf28e227155d9120786d4ff232f02157e1f4c11fcbc3288c27e77326b01dc118cb58b42ee7063d8f3fecd96cf66636b201d78788bc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe

Filesize
468KB

MD5
0c2fce295c029b365ebeac9fce9012fd

SHA1
ad30370d2a19bdb2588a2a4ef40167b56861f95f

SHA256
835c6072bb17a53657d8293185a08815fd6230dc4c5c12365b3dc6bf1b48abd7

SHA512
70379ed057d314c590d3b01e57545075d1a6fff535f042a4d145784e7025d93c05999bb78a094d1a3b5d4d002ac17bf642ce923a71fd425ba4a7e591d74cd8fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41491.exe

Filesize
468KB

MD5
6fb60e89c0e266d225ecd3d96607ea86

SHA1
ab87f3995101ba0b50bed48f47252d21b1def0d7

SHA256
a93afbd9f1ace49043a3968c44af0ebda6d00b03a7e7e24e94a1799d62c3d402

SHA512
926ac262841a0073244e6f2b862f69fe95abb48cf4e7c6745d21a0d472e5d48e06cfff5a6487ec7b427fa3a2ef1d9ae1bfdf1cc0cd27de46c90b218afdcea91d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe

Filesize
468KB

MD5
c68c122047046be602bba92585a7c572

SHA1
57c2cc7c7f433670d67eac3ecf9960206f23d3a6

SHA256
57aa93396a9221bd2b78c384cd4e338448aa8e54a49e441f35cbda466e24d591

SHA512
5874e74da565e3082b01a7ecd4070b7261ff22a9c27e06053c0d36b6db47eb691bec0032beb0c5a2a1266b223b48b51156c570e528836307ae027a30d449b8b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43433.exe

Filesize
468KB

MD5
d8bc6ef8a4bd2598dcab0ae381e0e702

SHA1
3e594c47253641bd85aeaac62021b6ac1b29cac5

SHA256
fc6bc277fe7b94275e6205f1e9c86a2a615f218f330685e2baded16cf6578557

SHA512
354386251bcc97f3fb783d3ac2d18ba615706e129c5cb1d617483003ce18b54b8dd5f419ad3f46312e9eb87e3ee639750f9ade0c69f0e450f2a7419b89233a09

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-454.exe

Filesize
468KB

MD5
641edf6b82698b4365c977b7c81267ea

SHA1
03ebc69689c93e804fbd337d143b68b9bea61420

SHA256
a87803f96e0f560cf2265be83525167d6bd91b4456f6dca17413ac9b7e5a2c2b

SHA512
f460d9585d301176eb84812625182463ea1d308afa264350adbb18f1477b4f653c0330e3fbb5fbb6139431007ce9b5f5ea7d7a3034615bbcaec78fe7a6f1bdd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47517.exe

Filesize
468KB

MD5
e53fd1119f52cb14e3c7a6379acfab10

SHA1
a4f0a960f4989a78668584c266cf35d339dabd7a

SHA256
0841dab0badf522444e9d8c394e960add1b80bb4d9e808710bf2e4f7170ef93e

SHA512
4cb9678ac0857151975ba6b186bc86ae104cf81cdb6d13c5a21d055f0e62049e9fe7c71856dafb45d1cadffdca8d2585c740218742edf1c2af1645cd43ef82c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe

Filesize
468KB

MD5
658f6d99cae01c637a32415f9aace2bf

SHA1
c7376907e0ca3908fcc1560be0fbbce0229bdf69

SHA256
283ae13ea6672fd6d9ec4046f688a4589ab51d113f4032e01e0bda9ea5c054c4

SHA512
3def2be7f9b0ba60b3c4993030f679be977291f117159aa247c1dd8a227e36d20851829edec42b2eab108d2adef0cf6a8e0d624a83c9faede7e033be97dad0bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5228.exe

Filesize
468KB

MD5
2c426fdc4fc9cf721b43c8a387818157

SHA1
82dae8073854fc305dd4c55643f7ae9eae12968c

SHA256
e39f9d8cd369e36e2c7070484064c7e6e2d13ff110bc263610967913ff55e671

SHA512
afa5be24943ff39e64736be5d8160ade2e685ca562b05acc90a07e7a97aad58042f77dd6d68e15e3b1b3f884b2144d8b45863fd78970781ab11fc1e382e9d2e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52613.exe

Filesize
468KB

MD5
bd4d89f7f1f174b969e657405261cd2e

SHA1
dcaf47ca08e120f5e708b708e21b538d3fd67a5c

SHA256
08ca85e1039680dc49a5f09ad3b89fd54761a5cd0c3a035e8a88814cf5eb3017

SHA512
4eb1cac03e008743fd6e2337b39546b8af191cebd8815914b6b9a6590853610e0b9099890d5205373cf6cc32ec8f44d56e6df76cf123bfc85f3d84ac280d62cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe

Filesize
468KB

MD5
492e98e500cf8d923aaf56bdc56a17d1

SHA1
9a2374933762a7361f5db36dd4448f0b3a14cb71

SHA256
a8a33e25fc3b65b014c7201bf6a1cd7548719e3fde49b1c00cc72f9352e136b6

SHA512
662abb06ef2a811cf31fc52b4240750727da8da6baaba49d39fa02267a1320c2cf105c3749501376b61997d840baf758ece266cbc21ce54a1318dee3dc84a304

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59311.exe

Filesize
468KB

MD5
b939a9832b43bf07d848dfa039349912

SHA1
9d3238922d4201517f1c133a49c9cdf545f05001

SHA256
b681cf6647614358d68a0b5f55e51b0f1690b45f51514fe40b2c3045258b15be

SHA512
41c5708879e861a6227afd0f40529aa560c919536b4de6d47035e567c4c086a591a93c113aee73553960e9cf2236fce1022962288deb2bfae054c4d75109a37a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59451.exe

Filesize
468KB

MD5
11b8ea55a39698bee0a175b9517dedfd

SHA1
4ac51aa9860147e1799242f70e753b9f86914731

SHA256
5a4cea8d9b71812aa19055896c7fcca36fbf486747ef6a1bb948b1ca2ba6faae

SHA512
d54c2bfb0abb0343dfdcb62b13e5119076406024ec34d426376605f89d5c2aa65947f8b716285a8b7a66d7a8e16e9fad480feef89ad08fea66331fe0c401ca82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-599.exe

Filesize
468KB

MD5
a61af3f6a08ada07752e72403e7eaf98

SHA1
59aff0c947ea907266d9d58a1a3a3becfef32993

SHA256
ffedc628864f599441ee72943a4ef635a0918b8244385ae7f3e8510e19f4f381

SHA512
be82943bd7f0c7ffc4b661390c7d04613a77f648e93b18775c4cc470189aaf5c3216b11824e3c05d04d9d05982389c4d6552193ed2898267c1ab89c7d7143283

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61357.exe

Filesize
468KB

MD5
fd42ea41a741bda093cf05902a060c95

SHA1
0b4ea4a9d3d43dc34d745d3be9ad86c7c243f7b0

SHA256
14026ae46712fa03c1c7e80f4287656ea9096d39ad8ae0419702513a140dffa2

SHA512
4cfcd4c26a30f681b46ed23f1a45d3b07f304110bc7deab5f42cc3bce2e9c50bddf06c8cc7f27e2d9a11db51b646aed8fb1b8df069f3b848eeebdca6017571a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61907.exe

Filesize
468KB

MD5
6ed2b36a8a936a8e4c58001995afef2d

SHA1
e86132484bf3872c7f43dc82cc4e94d3f9713b80

SHA256
9acdb536bcc017120fcaedb69d30be1a523f0c902928e053dd7a11c9eb42680e

SHA512
06ddd252fec78ff30c15a0eaf57501a315d27cd0852c1ff8e0c715bea4679a4641811939bf8fdd75d144977fdee8e76b7fb2df5d83ab5f107a1ed439a162a547

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64206.exe

Filesize
468KB

MD5
82c652a3d05c9901fabcde86d109cf8f

SHA1
0b2e750895001c73a0c2f2c77236eae44534e364

SHA256
8348ea99895f2f935986f855c9b2e7121e56354b882e14d61097f50cf5ee4c0f

SHA512
db6358d453aa0da780f52f9f5228295f6c42ed8ab2ffded9d58dbd69d159f80a8a0cb7461cacfcab17149b206a47fc67215fa17afc230fd8509d146f397aceb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-864.exe

Filesize
468KB

MD5
d381d7c8477bf28e6fee7c0e68915f5c

SHA1
36908e2302da8c8740ddbed2abe677775087b351

SHA256
c5888b76b8c8b216939934d3ab01fd7cd216c05dee35f0f64ba047ee00cb6e34

SHA512
09fc867cdec7a47e7497142c7b93217242c84a644845d2708c4c51dfdeffcc0bc20a5426831da08d0290dbadcfc23567269f4ddfc7a4820fc97d30e672ecfa02

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9753.exe

Filesize
468KB

MD5
198d8eb3437e1fe66d05325a192dfa05

SHA1
9fcc12d90312401de412f00e0b942c310755bcd5

SHA256
047a4b283d1c20fc823782ba368548752d33a91d3bed6d681add99f0eb3297b2

SHA512
7466ad082b7e6221a9f0022f71172c23fe7581dd799fb4d95da3484dcdd9c6e9f9c1ae83b595f0ca5d8434feb17102f1c24e2f0076e725e877dc59468b28e401

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-983.exe

Filesize
468KB

MD5
7511f5a4f4d19917f59df06fbc0643c1

SHA1
0ae3e1c56dca6d6804aaab702b865a779a8a70bd

SHA256
141295e2ea5a5592c2a89ce5404dc761fbf6dd2e36851f4a4fd7c85f7ea3dc6c

SHA512
2503f73d4f70d87d0208c1d9468f970e81e54d3475ef274f447a828143d2708138efceecad71f7caeba68a567c26522e7200ef4a9595ddf7c7b93f49542f4fa2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads