4286e9150109ca182508d5a716b5096907d341f5b50b4d10688536cc55069e9b

Analysis

max time kernel
120s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 00:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d13654a4b829e442e7be4675bad1ebd0N.exe
Size

468KB
MD5

d13654a4b829e442e7be4675bad1ebd0
SHA1

147e2b681d27ec11bb210ddfb42df6c2d3270edb
SHA256

4286e9150109ca182508d5a716b5096907d341f5b50b4d10688536cc55069e9b
SHA512

52d2de3c3eed8a8c63fbfe1cc92b64c51098fa830b0c53e7549c482a546ef2a048e4299d936cf4a874f52a8e059dfcc836094bd87b5d3b300759a846a48f5b15
SSDEEP

3072:dbXIogZv+PW8U2aYwPzivffC/MC7AZ4pmhdHgZVr/umgpyEOozaYo:dbYoh3U2oPevffPEVfumMnOoz

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
728	Unicorn-54315.exe
516	Unicorn-27382.exe
404	Unicorn-37474.exe
4252	Unicorn-13045.exe
976	Unicorn-40927.exe
708	Unicorn-60793.exe
2904	Unicorn-25228.exe
552	Unicorn-49145.exe
2324	Unicorn-8662.exe
4944	Unicorn-22908.exe
2240	Unicorn-22908.exe
3900	Unicorn-63094.exe
3180	Unicorn-31335.exe
4956	Unicorn-11734.exe
3752	Unicorn-2828.exe
4720	Unicorn-56176.exe
2656	Unicorn-46960.exe
4972	Unicorn-61661.exe
3416	Unicorn-10674.exe
4172	Unicorn-33398.exe
4544	Unicorn-33398.exe
4748	Unicorn-38669.exe
4372	Unicorn-60450.exe
1340	Unicorn-13304.exe
1952	Unicorn-61820.exe
4756	Unicorn-61820.exe
3452	Unicorn-16604.exe
5072	Unicorn-28005.exe
2568	Unicorn-28005.exe
2232	Unicorn-47606.exe
1652	Unicorn-38941.exe
2884	Unicorn-33532.exe
1060	Unicorn-47709.exe
1132	Unicorn-9598.exe
2228	Unicorn-56972.exe
3844	Unicorn-40569.exe
320	Unicorn-21244.exe
2208	Unicorn-61491.exe
3000	Unicorn-11881.exe
4260	Unicorn-39926.exe
4848	Unicorn-38128.exe
944	Unicorn-11272.exe
4596	Unicorn-26377.exe
4552	Unicorn-60390.exe
1584	Unicorn-57334.exe
2528	Unicorn-45689.exe
368	Unicorn-36208.exe
2092	Unicorn-36473.exe
4432	Unicorn-11007.exe
3864	Unicorn-17148.exe
648	Unicorn-19679.exe
4412	Unicorn-39545.exe
3408	Unicorn-20220.exe
4228	Unicorn-14089.exe
1588	Unicorn-354.exe
2876	Unicorn-54262.exe
4216	Unicorn-3503.exe
4240	Unicorn-55305.exe
4768	Unicorn-2073.exe
4440	Unicorn-51964.exe
1968	Unicorn-604.exe
1812	Unicorn-20470.exe
3916	Unicorn-2694.exe
836	Unicorn-11681.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
7096	5784	WerFault.exe	195
15728	13560	WerFault.exe	647
16080	14520	WerFault.exe	693
14712	14880	WerFault.exe	706

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53295.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20870.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43421.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58605.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-711.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16587.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41062.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17217.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59973.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65097.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5615.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36753.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24898.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64040.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36473.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3007.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62009.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25064.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8975.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2652.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16243.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26155.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39001.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9272.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46682.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58970.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39001.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25163.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10204.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d13654a4b829e442e7be4675bad1ebd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33088.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31335.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1547.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14816	dwm.exe
Token: SeChangeNotifyPrivilege	14816	dwm.exe
Token: 33	14816	dwm.exe
Token: SeIncBasePriorityPrivilege	14816	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3344	d13654a4b829e442e7be4675bad1ebd0N.exe
728	Unicorn-54315.exe
516	Unicorn-27382.exe
404	Unicorn-37474.exe
708	Unicorn-60793.exe
976	Unicorn-40927.exe
4252	Unicorn-13045.exe
2904	Unicorn-25228.exe
552	Unicorn-49145.exe
2324	Unicorn-8662.exe
4944	Unicorn-22908.exe
2240	Unicorn-22908.exe
4956	Unicorn-11734.exe
3900	Unicorn-63094.exe
3180	Unicorn-31335.exe
3752	Unicorn-2828.exe
4720	Unicorn-56176.exe
2656	Unicorn-46960.exe
4972	Unicorn-61661.exe
3416	Unicorn-10674.exe
4544	Unicorn-33398.exe
4172	Unicorn-33398.exe
4756	Unicorn-61820.exe
4748	Unicorn-38669.exe
1652	Unicorn-38941.exe
1340	Unicorn-13304.exe
3452	Unicorn-16604.exe
4372	Unicorn-60450.exe
2232	Unicorn-47606.exe
1952	Unicorn-61820.exe
2568	Unicorn-28005.exe
5072	Unicorn-28005.exe
2884	Unicorn-33532.exe
1060	Unicorn-47709.exe
1132	Unicorn-9598.exe
2228	Unicorn-56972.exe
3844	Unicorn-40569.exe
2208	Unicorn-61491.exe
320	Unicorn-21244.exe
3000	Unicorn-11881.exe
4260	Unicorn-39926.exe
4848	Unicorn-38128.exe
944	Unicorn-11272.exe
4596	Unicorn-26377.exe
4552	Unicorn-60390.exe
1584	Unicorn-57334.exe
2528	Unicorn-45689.exe
368	Unicorn-36208.exe
2092	Unicorn-36473.exe
3864	Unicorn-17148.exe
4432	Unicorn-11007.exe
648	Unicorn-19679.exe
4768	Unicorn-2073.exe
1588	Unicorn-354.exe
4228	Unicorn-14089.exe
4412	Unicorn-39545.exe
2876	Unicorn-54262.exe
3408	Unicorn-20220.exe
4240	Unicorn-55305.exe
4216	Unicorn-3503.exe
4440	Unicorn-51964.exe
1968	Unicorn-604.exe
3916	Unicorn-2694.exe
1812	Unicorn-20470.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3344 wrote to memory of 728	3344	d13654a4b829e442e7be4675bad1ebd0N.exe	89
PID 3344 wrote to memory of 728	3344	d13654a4b829e442e7be4675bad1ebd0N.exe	89
PID 3344 wrote to memory of 728	3344	d13654a4b829e442e7be4675bad1ebd0N.exe	89
PID 728 wrote to memory of 516	728	Unicorn-54315.exe	92
PID 728 wrote to memory of 516	728	Unicorn-54315.exe	92
PID 728 wrote to memory of 516	728	Unicorn-54315.exe	92
PID 3344 wrote to memory of 404	3344	d13654a4b829e442e7be4675bad1ebd0N.exe	93
PID 3344 wrote to memory of 404	3344	d13654a4b829e442e7be4675bad1ebd0N.exe	93
PID 3344 wrote to memory of 404	3344	d13654a4b829e442e7be4675bad1ebd0N.exe	93
PID 516 wrote to memory of 4252	516	Unicorn-27382.exe	95
PID 516 wrote to memory of 4252	516	Unicorn-27382.exe	95
PID 516 wrote to memory of 4252	516	Unicorn-27382.exe	95
PID 404 wrote to memory of 708	404	Unicorn-37474.exe	96
PID 404 wrote to memory of 708	404	Unicorn-37474.exe	96
PID 404 wrote to memory of 708	404	Unicorn-37474.exe	96
PID 728 wrote to memory of 976	728	Unicorn-54315.exe	97
PID 728 wrote to memory of 976	728	Unicorn-54315.exe	97
PID 728 wrote to memory of 976	728	Unicorn-54315.exe	97
PID 3344 wrote to memory of 2904	3344	d13654a4b829e442e7be4675bad1ebd0N.exe	98
PID 3344 wrote to memory of 2904	3344	d13654a4b829e442e7be4675bad1ebd0N.exe	98
PID 3344 wrote to memory of 2904	3344	d13654a4b829e442e7be4675bad1ebd0N.exe	98
PID 708 wrote to memory of 552	708	Unicorn-60793.exe	101
PID 708 wrote to memory of 552	708	Unicorn-60793.exe	101
PID 708 wrote to memory of 552	708	Unicorn-60793.exe	101
PID 404 wrote to memory of 2324	404	Unicorn-37474.exe	102
PID 404 wrote to memory of 2324	404	Unicorn-37474.exe	102
PID 404 wrote to memory of 2324	404	Unicorn-37474.exe	102
PID 4252 wrote to memory of 2240	4252	Unicorn-13045.exe	104
PID 4252 wrote to memory of 2240	4252	Unicorn-13045.exe	104
PID 4252 wrote to memory of 2240	4252	Unicorn-13045.exe	104
PID 976 wrote to memory of 4944	976	Unicorn-40927.exe	103
PID 976 wrote to memory of 4944	976	Unicorn-40927.exe	103
PID 976 wrote to memory of 4944	976	Unicorn-40927.exe	103
PID 2904 wrote to memory of 3900	2904	Unicorn-25228.exe	105
PID 2904 wrote to memory of 3900	2904	Unicorn-25228.exe	105
PID 2904 wrote to memory of 3900	2904	Unicorn-25228.exe	105
PID 3344 wrote to memory of 3180	3344	d13654a4b829e442e7be4675bad1ebd0N.exe	107
PID 3344 wrote to memory of 3180	3344	d13654a4b829e442e7be4675bad1ebd0N.exe	107
PID 3344 wrote to memory of 3180	3344	d13654a4b829e442e7be4675bad1ebd0N.exe	107
PID 516 wrote to memory of 4956	516	Unicorn-27382.exe	106
PID 516 wrote to memory of 4956	516	Unicorn-27382.exe	106
PID 516 wrote to memory of 4956	516	Unicorn-27382.exe	106
PID 728 wrote to memory of 3752	728	Unicorn-54315.exe	108
PID 728 wrote to memory of 3752	728	Unicorn-54315.exe	108
PID 728 wrote to memory of 3752	728	Unicorn-54315.exe	108
PID 552 wrote to memory of 4720	552	Unicorn-49145.exe	109
PID 552 wrote to memory of 4720	552	Unicorn-49145.exe	109
PID 552 wrote to memory of 4720	552	Unicorn-49145.exe	109
PID 2324 wrote to memory of 2656	2324	Unicorn-8662.exe	110
PID 2324 wrote to memory of 2656	2324	Unicorn-8662.exe	110
PID 2324 wrote to memory of 2656	2324	Unicorn-8662.exe	110
PID 708 wrote to memory of 4972	708	Unicorn-60793.exe	111
PID 708 wrote to memory of 4972	708	Unicorn-60793.exe	111
PID 708 wrote to memory of 4972	708	Unicorn-60793.exe	111
PID 404 wrote to memory of 3416	404	Unicorn-37474.exe	112
PID 404 wrote to memory of 3416	404	Unicorn-37474.exe	112
PID 404 wrote to memory of 3416	404	Unicorn-37474.exe	112
PID 4956 wrote to memory of 4544	4956	Unicorn-11734.exe	114
PID 4956 wrote to memory of 4544	4956	Unicorn-11734.exe	114
PID 4956 wrote to memory of 4544	4956	Unicorn-11734.exe	114
PID 4944 wrote to memory of 4172	4944	Unicorn-22908.exe	113
PID 4944 wrote to memory of 4172	4944	Unicorn-22908.exe	113
PID 4944 wrote to memory of 4172	4944	Unicorn-22908.exe	113
PID 516 wrote to memory of 4748	516	Unicorn-27382.exe	115

C:\Users\Admin\AppData\Local\Temp\d13654a4b829e442e7be4675bad1ebd0N.exe
"C:\Users\Admin\AppData\Local\Temp\d13654a4b829e442e7be4675bad1ebd0N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3344
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13045.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22908.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25573.exe
        7⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10750.exe
        8⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45873.exe
        9⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31650.exe
        10⤵
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36821.exe
        10⤵
        
        PID:16888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        9⤵
        
        PID:11644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4676.exe
        9⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41058.exe
        8⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6337.exe
        8⤵
        
        PID:12684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48459.exe
        8⤵
        
        PID:15972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        7⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26155.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
        8⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38131.exe
        7⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65097.exe
        7⤵
        
        PID:13552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5457.exe
        7⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57977.exe
        7⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12798.exe
        8⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38824.exe
        9⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20052.exe
        10⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        9⤵
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56422.exe
        9⤵
        
        PID:17008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
        8⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        8⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38246.exe
        8⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29576.exe
        7⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13076.exe
        8⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17601.exe
        8⤵
        
        PID:13480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33980.exe
        8⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18238.exe
        7⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48916.exe
        7⤵
        
        PID:14544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1137.exe
        7⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48560.exe
        6⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6267.exe
        7⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        8⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
        8⤵
        
        PID:17288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21602.exe
        7⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
        7⤵
        
        PID:12580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19039.exe
        7⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49177.exe
        6⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        7⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45369.exe
        7⤵
        
        PID:12648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25064.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32537.exe
        6⤵
        
        PID:8652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57135.exe
        6⤵
        
        PID:13648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24935.exe
        6⤵
        
        PID:13060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4990.exe
        6⤵
        
        PID:16420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28005.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17148.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46963.exe
        7⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48252.exe
        8⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39086.exe
        9⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46601.exe
        9⤵
        
        PID:13368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59080.exe
        9⤵
        
        PID:15384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32194.exe
        8⤵
        
        PID:15448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29502.exe
        7⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11381.exe
        8⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33980.exe
        8⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64927.exe
        7⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10970.exe
        7⤵
        
        PID:15380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46304.exe
        6⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58283.exe
        7⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
        8⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1307.exe
        8⤵
        
        PID:14576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
        8⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58895.exe
        7⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30211.exe
        7⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53579.exe
        7⤵
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35368.exe
        6⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6635.exe
        7⤵
        
        PID:16916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38776.exe
        6⤵
        
        PID:13352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14089.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40819.exe
        6⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28325.exe
        7⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53990.exe
        8⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61753.exe
        8⤵
        
        PID:13756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
        8⤵
        
        PID:16688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21602.exe
        7⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
        7⤵
        
        PID:13600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64069.exe
        7⤵
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe
        6⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19362.exe
        7⤵
        
        PID:14820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33879.exe
        6⤵
        
        PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
        5⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57637.exe
        6⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
        7⤵
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        7⤵
        
        PID:15964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
        6⤵
        
        PID:11612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-711.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40515.exe
        5⤵
        
        PID:8600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43099.exe
        5⤵
        
        PID:13176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
        5⤵
        
        PID:15184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11734.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33398.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39926.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54012.exe
        7⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8368.exe
        8⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13076.exe
        9⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17601.exe
        9⤵
        
        PID:13468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
        9⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        8⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57581.exe
        8⤵
        
        PID:14552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28660.exe
        8⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        7⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
        8⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22620.exe
        8⤵
        
        PID:13148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
        8⤵
        
        PID:13584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
        7⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48916.exe
        7⤵
        
        PID:14520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14520 -s 464
        8⤵
        Program crash
        
        PID:16080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60935.exe
        7⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2652.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40875.exe
        7⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32561.exe
        8⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58139.exe
        8⤵
        
        PID:12808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19291.exe
        8⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24840.exe
        7⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6278.exe
        7⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50415.exe
        7⤵
        
        PID:16376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57869.exe
        6⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54184.exe
        7⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36753.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57032.exe
        7⤵
        
        PID:14452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12958.exe
        6⤵
        
        PID:9096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33555.exe
        6⤵
        
        PID:13124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28628.exe
        6⤵
        
        PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35580.exe
        6⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
        7⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        8⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59235.exe
        9⤵
        
        PID:16896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58139.exe
        8⤵
        
        PID:12820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29781.exe
        8⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57899.exe
        7⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10827.exe
        7⤵
        
        PID:13544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45461.exe
        6⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64639.exe
        7⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42897.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25940.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17548.exe
        6⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30283.exe
        6⤵
        
        PID:15040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4335.exe
        6⤵
        
        PID:17428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53002.exe
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19633.exe
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56875.exe
        7⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3866.exe
        7⤵
        
        PID:13488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53436.exe
        7⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59666.exe
        6⤵
        
        PID:10456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52737.exe
        6⤵
        
        PID:14872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29536.exe
        6⤵
        
        PID:17436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31129.exe
        5⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9398.exe
        6⤵
        
        PID:10572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46997.exe
        6⤵
        
        PID:15652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        6⤵
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37332.exe
        5⤵
        
        PID:11400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8975.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:18004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38669.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57334.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63906.exe
        6⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6654.exe
        7⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32561.exe
        8⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56687.exe
        9⤵
        
        PID:16940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51394.exe
        8⤵
        
        PID:12620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47757.exe
        8⤵
        
        PID:16964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54799.exe
        7⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57581.exe
        7⤵
        
        PID:14536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51439.exe
        7⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37393.exe
        6⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53990.exe
        7⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61753.exe
        7⤵
        
        PID:13748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        6⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56687.exe
        7⤵
        
        PID:17124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
        6⤵
        
        PID:13700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
        6⤵
        
        PID:14968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11415.exe
        5⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28325.exe
        6⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        7⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39191.exe
        7⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31880.exe
        6⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27970.exe
        7⤵
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52927.exe
        6⤵
        
        PID:13392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32351.exe
        6⤵
        
        PID:13460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25263.exe
        5⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-548.exe
        6⤵
        
        PID:11744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        6⤵
        
        PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37145.exe
        5⤵
        
        PID:11416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25163.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36208.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63906.exe
        5⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51877.exe
        6⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56613.exe
        7⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49245.exe
        7⤵
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
        7⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8599.exe
        6⤵
        
        PID:9064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36356.exe
        6⤵
        
        PID:13164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64620.exe
        6⤵
        
        PID:116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64018.exe
        5⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24107.exe
        6⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29495.exe
        7⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21839.exe
        7⤵
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40671.exe
        6⤵
        
        PID:11800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19012.exe
        6⤵
        
        PID:15292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3739.exe
        5⤵
        
        PID:9168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49937.exe
        5⤵
        
        PID:13596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19820.exe
        5⤵
        
        PID:16624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50202.exe
      4⤵
      PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
        5⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12199.exe
        6⤵
        
        PID:9656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36999.exe
        6⤵
        
        PID:13516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63242.exe
        6⤵
        
        PID:17000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
        5⤵
        
        PID:10352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52737.exe
        5⤵
        
        PID:14516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
      4⤵
      PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5665.exe
        5⤵
        
        PID:10532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        5⤵
        
        PID:14776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12269.exe
        5⤵
        
        PID:16520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24485.exe
      4⤵
      PID:10516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17015.exe
      4⤵
      PID:3636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40927.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40927.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22908.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33398.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36473.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        7⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52898.exe
        8⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58139.exe
        8⤵
        
        PID:12836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3038.exe
        8⤵
        
        PID:15340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18238.exe
        7⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8740.exe
        8⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50557.exe
        8⤵
        
        PID:16952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33005.exe
        7⤵
        
        PID:13528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25163.exe
        7⤵
        
        PID:15940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26978.exe
        6⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58283.exe
        7⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42489.exe
        8⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22731.exe
        9⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44271.exe
        8⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31880.exe
        7⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9537.exe
        8⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52927.exe
        7⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9823.exe
        7⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55705.exe
        6⤵
        
        PID:7276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
        6⤵
        
        PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19679.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21494.exe
        6⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19633.exe
        7⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64162.exe
        8⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1586.exe
        8⤵
        
        PID:14456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
        8⤵
        
        PID:17320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21602.exe
        7⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53978.exe
        8⤵
        
        PID:16452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
        7⤵
        
        PID:13640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30658.exe
        7⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34956.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47190.exe
        7⤵
        
        PID:13592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
        6⤵
        
        PID:11624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57971.exe
        6⤵
        
        PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13708.exe
        5⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
        6⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42489.exe
        7⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25314.exe
        7⤵
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52743.exe
        6⤵
        
        PID:11484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58215.exe
        6⤵
        
        PID:16024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
        6⤵
        
        PID:15968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59420.exe
        5⤵
        
        PID:8144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
        6⤵
        
        PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18623.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1137.exe
        5⤵
        
        PID:6424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16604.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19446.exe
        6⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40875.exe
        7⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1840.exe
        8⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-504.exe
        9⤵
        
        PID:11048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33980.exe
        9⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        8⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41482.exe
        7⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe
        7⤵
        
        PID:15128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61778.exe
        7⤵
        
        PID:13560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7471.exe
        6⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32561.exe
        7⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65201.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15680.exe
        8⤵
        
        PID:17916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7730.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24104.exe
        6⤵
        
        PID:9944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
        6⤵
        
        PID:13404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe
        6⤵
        
        PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35670.exe
        5⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61355.exe
        6⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
        7⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54162.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13560 -s 472
        8⤵
        Program crash
        
        PID:15728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31987.exe
        7⤵
        
        PID:17172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9352.exe
        6⤵
        
        PID:10548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52737.exe
        6⤵
        
        PID:14804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1604.exe
        6⤵
        
        PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4926.exe
        5⤵
        
        PID:7668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48424.exe
        6⤵
        
        PID:10924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39191.exe
        6⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17634.exe
        6⤵
        
        PID:18264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7198.exe
        5⤵
        
        PID:10976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26521.exe
        5⤵
        
        PID:5812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35580.exe
        5⤵
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25515.exe
        6⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        7⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58139.exe
        7⤵
        
        PID:12844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24161.exe
        7⤵
        
        PID:15948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57752.exe
        6⤵
        
        PID:8948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-134.exe
        6⤵
        
        PID:13720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30658.exe
        6⤵
        
        PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61542.exe
        5⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27822.exe
        6⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44215.exe
        7⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34132.exe
        7⤵
        
        PID:18132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18744.exe
        6⤵
        
        PID:12476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48236.exe
        6⤵
        
        PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        5⤵
        
        PID:8976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17822.exe
        5⤵
        
        PID:12952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34934.exe
      4⤵
      PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61355.exe
        5⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52398.exe
        6⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43188.exe
        7⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14579.exe
        7⤵
        
        PID:18048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
        6⤵
        
        PID:14308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29536.exe
        6⤵
        
        PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27793.exe
        5⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20052.exe
        6⤵
        
        PID:800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-134.exe
        5⤵
        
        PID:13712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
        5⤵
        
        PID:16380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22463.exe
      4⤵
      PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27129.exe
        5⤵
        
        PID:10312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9197.exe
        5⤵
        
        PID:16424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49469.exe
      4⤵
      PID:10500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24294.exe
      4⤵
      PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49929.exe
      4⤵
      PID:13396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2828.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2828.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20220.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37628.exe
        6⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
        7⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
        8⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53320.exe
        9⤵
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58139.exe
        8⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63824.exe
        8⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16148.exe
        7⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33995.exe
        8⤵
        
        PID:15552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
        7⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52936.exe
        7⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47513.exe
        6⤵
        
        PID:9552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
        6⤵
        
        PID:7768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26619.exe
        6⤵
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53222.exe
        5⤵
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
        6⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55414.exe
        7⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        7⤵
        
        PID:15440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47816.exe
        7⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4619.exe
        6⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36436.exe
        7⤵
        
        PID:15504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33280.exe
        6⤵
        
        PID:15880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21992.exe
        6⤵
        
        PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30486.exe
        5⤵
        
        PID:8416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9914.exe
        5⤵
        
        PID:12760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36886.exe
        5⤵
        
        PID:16736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28079.exe
      4⤵
      PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        5⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32561.exe
        6⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54788.exe
        6⤵
        
        PID:14836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50888.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4503.exe
        5⤵
        
        PID:9980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
        5⤵
        
        PID:15112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
        5⤵
        
        PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15605.exe
      4⤵
      PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        5⤵
        
        PID:8292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35362.exe
        6⤵
        
        PID:7984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52936.exe
        6⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55436.exe
        5⤵
        
        PID:11972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22108.exe
        5⤵
        
        PID:15952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32537.exe
      4⤵
      PID:8644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57135.exe
      4⤵
      PID:13092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5475.exe
      4⤵
      PID:15824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65407.exe
      4⤵
      PID:6332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47606.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47606.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54262.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
        5⤵
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38676.exe
        6⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30923.exe
        7⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7451.exe
        6⤵
        
        PID:13264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
        6⤵
        
        PID:17492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1592.exe
        5⤵
        
        PID:8624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48070.exe
        5⤵
        
        PID:14480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4335.exe
        5⤵
        
        PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2521.exe
      4⤵
      PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
        5⤵
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42489.exe
        6⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6635.exe
        7⤵
        
        PID:17144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        6⤵
        
        PID:12948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52743.exe
        5⤵
        
        PID:11500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
        5⤵
        
        PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53555.exe
      4⤵
      PID:8136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
      4⤵
      PID:1004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33894.exe
      4⤵
      PID:18156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2073.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2073.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
      4⤵
      PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
        5⤵
        
        PID:8708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33070.exe
        6⤵
        
        PID:14984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55209.exe
        6⤵
        
        PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45970.exe
        5⤵
        
        PID:13012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35338.exe
      4⤵
      PID:8472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29414.exe
      4⤵
      PID:15648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53766.exe
    3⤵
    PID:5968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32683.exe
      4⤵
      PID:7396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        5⤵
        
        PID:10260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        5⤵
        
        PID:14380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20074.exe
        5⤵
        
        PID:17648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26123.exe
      4⤵
      PID:10580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55982.exe
      4⤵
      PID:15804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33496.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33496.exe
    3⤵
    PID:8048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65379.exe
      4⤵
      PID:16456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53943.exe
    3⤵
    PID:10664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2929.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2929.exe
    3⤵
    PID:15516
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37474.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37474.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60793.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49145.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33532.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51964.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22387.exe
        8⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        9⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        10⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        10⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42800.exe
        10⤵
        
        PID:15656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65224.exe
        10⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        9⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45845.exe
        8⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39214.exe
        9⤵
        
        PID:15144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
        9⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50370.exe
        8⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31208.exe
        8⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17288.exe
        7⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52898.exe
        8⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52114.exe
        8⤵
        
        PID:13224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49781.exe
        8⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20620.exe
        7⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35912.exe
        8⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-664.exe
        7⤵
        
        PID:13332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57051.exe
        7⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-604.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1428.exe
        7⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51708.exe
        8⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22620.exe
        8⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        8⤵
        
        PID:14056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10204.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17548.exe
        7⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16798.exe
        7⤵
        
        PID:13676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
        7⤵
        
        PID:1164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23218.exe
        6⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12580.exe
        7⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5039.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59973.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36892.exe
        6⤵
        
        PID:8996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        6⤵
        
        PID:13048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8779.exe
        6⤵
        
        PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47709.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59382.exe
        7⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28325.exe
        8⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39417.exe
        9⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15514.exe
        9⤵
        
        PID:15344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
        9⤵
        
        PID:17260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55815.exe
        8⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50415.exe
        8⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47513.exe
        7⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
        7⤵
        
        PID:12252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50945.exe
        7⤵
        
        PID:1352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21009.exe
        6⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54399.exe
        7⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        8⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50117.exe
        8⤵
        
        PID:15744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8328.exe
        7⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38204.exe
        7⤵
        
        PID:16236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35647.exe
        7⤵
        
        PID:12312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64010.exe
        6⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
        7⤵
        
        PID:12544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12202.exe
        6⤵
        
        PID:12720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43869.exe
        6⤵
        
        PID:6672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2694.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
        6⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17198.exe
        7⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45352.exe
        8⤵
        
        PID:10804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        8⤵
        
        PID:14724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22108.exe
        8⤵
        
        PID:15924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35281.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33565.exe
        7⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26481.exe
        7⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57609.exe
        6⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10561.exe
        7⤵
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38201.exe
        6⤵
        
        PID:11916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11232.exe
        6⤵
        
        PID:13336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63242.exe
        6⤵
        
        PID:17020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
        5⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        6⤵
        
        PID:8440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60932.exe
        6⤵
        
        PID:12904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17820.exe
        5⤵
        
        PID:9840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        5⤵
        
        PID:13344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9999.exe
        5⤵
        
        PID:16468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61661.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40569.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50166.exe
        6⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20133.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        8⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58139.exe
        8⤵
        
        PID:12796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29781.exe
        8⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6885.exe
        7⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27970.exe
        8⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41497.exe
        7⤵
        
        PID:15016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28660.exe
        7⤵
        
        PID:13008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31886.exe
        6⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13076.exe
        7⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17601.exe
        7⤵
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59107.exe
        7⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
        6⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9537.exe
        7⤵
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12143.exe
        6⤵
        
        PID:13416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27488.exe
        6⤵
        
        PID:18072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51209.exe
        5⤵
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27888.exe
        6⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
        7⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20002.exe
        8⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        8⤵
        
        PID:15272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
        7⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33280.exe
        7⤵
        
        PID:15852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44271.exe
        7⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12594.exe
        6⤵
        
        PID:7524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36077.exe
        6⤵
        
        PID:13240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33894.exe
        6⤵
        
        PID:18164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23052.exe
        5⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
        6⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24098.exe
        7⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        7⤵
        
        PID:14612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
        7⤵
        
        PID:17396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
        6⤵
        
        PID:11516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49608.exe
        6⤵
        
        PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        5⤵
        
        PID:7288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45528.exe
        5⤵
        
        PID:12988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4466.exe
        5⤵
        
        PID:18288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61491.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe
        5⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32683.exe
        6⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        7⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        7⤵
        
        PID:15264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44271.exe
        6⤵
        
        PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
        5⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3438.exe
        6⤵
        
        PID:16752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
        5⤵
        
        PID:12328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39550.exe
        5⤵
        
        PID:6372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46876.exe
      4⤵
      PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53163.exe
        5⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30204.exe
        6⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30606.exe
        6⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53844.exe
        7⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16440.exe
        6⤵
        
        PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41224.exe
        5⤵
        
        PID:9076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36356.exe
        5⤵
        
        PID:13140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32351.exe
        5⤵
        
        PID:14524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12863.exe
      4⤵
      PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54184.exe
        5⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        6⤵
        
        PID:10936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        6⤵
        
        PID:15292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
        6⤵
        
        PID:17312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        5⤵
        
        PID:10288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26615.exe
        5⤵
        
        PID:17896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53295.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34086.exe
      4⤵
      PID:13112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5615.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:17884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8662.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8662.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46960.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9598.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11681.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16243.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38676.exe
        8⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54509.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62703.exe
        8⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51388.exe
        7⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36077.exe
        7⤵
        
        PID:13248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44488.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25774.exe
        7⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47216.exe
        8⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33454.exe
        8⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40346.exe
        7⤵
        
        PID:11548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50415.exe
        7⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62009.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        6⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53901.exe
        6⤵
        
        PID:16504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61795.exe
        5⤵
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43132.exe
        6⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        7⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42489.exe
        8⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
        8⤵
        
        PID:17304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14431.exe
        7⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36139.exe
        8⤵
        
        PID:13400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        7⤵
        
        PID:15460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-238.exe
        7⤵
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39819.exe
        6⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29508.exe
        6⤵
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11121.exe
        6⤵
        
        PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48945.exe
        6⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        6⤵
        
        PID:11636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59580.exe
        6⤵
        
        PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60825.exe
        5⤵
        
        PID:8800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14440.exe
        6⤵
        
        PID:18144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56905.exe
        5⤵
        
        PID:12980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6927.exe
        5⤵
        
        PID:16764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16124.exe
        5⤵
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64040.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8365.exe
        7⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63144.exe
        8⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45639.exe
        8⤵
        
        PID:17872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58139.exe
        7⤵
        
        PID:12824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30658.exe
        7⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        6⤵
        
        PID:9908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
        6⤵
        
        PID:14880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14880 -s 464
        7⤵
        Program crash
        
        PID:14712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-238.exe
        6⤵
        
        PID:13324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47206.exe
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25774.exe
        6⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1843.exe
        7⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40346.exe
        6⤵
        
        PID:11540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23730.exe
        6⤵
        
        PID:16176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35281.exe
        6⤵
        
        PID:17804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47347.exe
        5⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24339.exe
        5⤵
        
        PID:13684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1137.exe
        5⤵
        
        PID:5528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13958.exe
      4⤵
      PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13822.exe
        5⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
        6⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33978.exe
        7⤵
        
        PID:212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
        6⤵
        
        PID:14400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
        6⤵
        
        PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        5⤵
        
        PID:9880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18754.exe
        6⤵
        
        PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57581.exe
        5⤵
        
        PID:14560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        5⤵
        
        PID:16776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15218.exe
      4⤵
      PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26341.exe
        5⤵
        
        PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59705.exe
        5⤵
        
        PID:13016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8903.exe
        5⤵
        
        PID:7368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52539.exe
      4⤵
      PID:12708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2161.exe
      4⤵
      PID:4788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10674.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21244.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20089.exe
        5⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64040.exe
        6⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        7⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        8⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        8⤵
        
        PID:15104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42800.exe
        8⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31551.exe
        8⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        7⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        7⤵
        
        PID:15168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
        7⤵
        
        PID:17444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41482.exe
        6⤵
        
        PID:10052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48916.exe
        6⤵
        
        PID:14528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24416.exe
        6⤵
        
        PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61321.exe
        5⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-292.exe
        6⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        7⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        7⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59580.exe
        7⤵
        
        PID:1112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1547.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36671.exe
        5⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6635.exe
        6⤵
        
        PID:16924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36077.exe
        5⤵
        
        PID:13256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
        5⤵
        
        PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34265.exe
      4⤵
      PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64040.exe
        5⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-673.exe
        6⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45352.exe
        7⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12829.exe
        7⤵
        
        PID:12932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53960.exe
        7⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        6⤵
        
        PID:10624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39020.exe
        6⤵
        
        PID:14028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50275.exe
        5⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56633.exe
        5⤵
        
        PID:12908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64620.exe
        5⤵
        
        PID:15432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43199.exe
      4⤵
      PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12199.exe
        5⤵
        
        PID:9644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36663.exe
        6⤵
        
        PID:13424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43090.exe
        6⤵
        
        PID:17484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54686.exe
        5⤵
        
        PID:11008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58970.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53666.exe
      4⤵
      PID:9180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43415.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe
      4⤵
      PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25774.exe
        5⤵
        
        PID:7832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24098.exe
        6⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59235.exe
        7⤵
        
        PID:17116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12442.exe
        6⤵
        
        PID:14348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
        6⤵
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52743.exe
        5⤵
        
        PID:11492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50415.exe
        5⤵
        
        PID:13604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47347.exe
      4⤵
      PID:9960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65097.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45643.exe
      4⤵
      PID:5248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25875.exe
    3⤵
    PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10791.exe
      4⤵
      PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25774.exe
        5⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        6⤵
        
        PID:10844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        6⤵
        
        PID:12864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
        6⤵
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        5⤵
        
        PID:10416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44914.exe
        5⤵
        
        PID:4936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48274.exe
      4⤵
      PID:7800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-312.exe
      4⤵
      PID:12628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44863.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15409.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15409.exe
    3⤵
    PID:6164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14219.exe
      4⤵
      PID:8920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6635.exe
        5⤵
        
        PID:16908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56735.exe
      4⤵
      PID:14492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
      4⤵
      PID:15412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52524.exe
    3⤵
    PID:8660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48073.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48073.exe
    3⤵
    PID:12664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
    3⤵
    PID:18276
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25228.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25228.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63094.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63094.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60450.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39545.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exe
        6⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45995.exe
        7⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15271.exe
        8⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41654.exe
        8⤵
        
        PID:14796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe
        8⤵
        
        PID:15980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8602.exe
        7⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52737.exe
        7⤵
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56038.exe
        6⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42489.exe
        7⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        7⤵
        
        PID:14860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
        7⤵
        
        PID:17268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28166.exe
        6⤵
        
        PID:10348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        6⤵
        
        PID:15640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46167.exe
        6⤵
        
        PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4950.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-292.exe
        6⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42804.exe
        7⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        7⤵
        
        PID:15092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22108.exe
        7⤵
        
        PID:15940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48093.exe
        7⤵
        
        PID:16800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47515.exe
        6⤵
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16190.exe
        5⤵
        
        PID:9200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63129.exe
        5⤵
        
        PID:12364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33879.exe
        5⤵
        
        PID:5668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55305.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29055.exe
        5⤵
        
        PID:5784
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 632
        6⤵
        Program crash
        
        PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45795.exe
        5⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
        6⤵
        
        PID:9056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62735.exe
        6⤵
        
        PID:13656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8903.exe
        6⤵
        
        PID:12628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7364.exe
        5⤵
        
        PID:11020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61864.exe
        5⤵
        
        PID:15248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
        5⤵
        
        PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22281.exe
      4⤵
      PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32683.exe
        5⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        6⤵
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39191.exe
        6⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
        6⤵
        
        PID:15320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        5⤵
        
        PID:10524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26481.exe
        5⤵
        
        PID:5844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41631.exe
      4⤵
      PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24898.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47892.exe
      4⤵
      PID:12264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1137.exe
      4⤵
      PID:14964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28005.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28005.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44256.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        5⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38676.exe
        6⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22731.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
        6⤵
        
        PID:13036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39738.exe
        6⤵
        
        PID:15852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
        6⤵
        
        PID:15272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50275.exe
        5⤵
        
        PID:8548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54452.exe
        6⤵
        
        PID:14384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9935.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6337.exe
        5⤵
        
        PID:12672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43661.exe
        5⤵
        
        PID:17160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9740.exe
      4⤵
      PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52898.exe
        5⤵
        
        PID:8260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
        5⤵
        
        PID:12996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24104.exe
      4⤵
      PID:9920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24339.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
      4⤵
      PID:3128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3503.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3503.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36258.exe
      4⤵
      PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58283.exe
        5⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12199.exe
        6⤵
        
        PID:9592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16476.exe
        6⤵
        
        PID:13292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19786.exe
        6⤵
        
        PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
        5⤵
        
        PID:10360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52737.exe
        5⤵
        
        PID:14876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56728.exe
      4⤵
      PID:7544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11172.exe
        5⤵
        
        PID:11568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9995.exe
        5⤵
        
        PID:16148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1359.exe
        5⤵
        
        PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40133.exe
      4⤵
      PID:11384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38256.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38256.exe
    3⤵
    PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17198.exe
      4⤵
      PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
        5⤵
        
        PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62735.exe
        5⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27705.exe
        5⤵
        
        PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59166.exe
      4⤵
      PID:11028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
      4⤵
      PID:16228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3007.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3007.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25855.exe
    3⤵
    PID:11896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51811.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51811.exe
    3⤵
    PID:4916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31335.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31335.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13304.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21858.exe
      4⤵
      PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
        5⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-292.exe
        6⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        7⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        7⤵
        
        PID:15368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35147.exe
        7⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        6⤵
        
        PID:10596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38770.exe
        6⤵
        
        PID:15900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49298.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53978.exe
        6⤵
        
        PID:16488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44569.exe
        5⤵
        
        PID:14784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59196.exe
      4⤵
      PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
        5⤵
        
        PID:9724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1307.exe
        5⤵
        
        PID:14604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46706.exe
        5⤵
        
        PID:16848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12958.exe
      4⤵
      PID:8224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-84.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-84.exe
      4⤵
      PID:10800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19569.exe
      4⤵
      PID:3188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35199.exe
      4⤵
      PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
        5⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49279.exe
        6⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57000.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33088.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:18036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1586.exe
        6⤵
        
        PID:12888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49778.exe
        6⤵
        
        PID:16664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21602.exe
        5⤵
        
        PID:8724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
        5⤵
        
        PID:13620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53579.exe
        5⤵
        
        PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11528.exe
      4⤵
      PID:7644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        5⤵
        
        PID:10792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        5⤵
        
        PID:14888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38016.exe
        5⤵
        
        PID:17360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63798.exe
      4⤵
      PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39146.exe
      4⤵
      PID:15868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22484.exe
      4⤵
      PID:6592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7564.exe
    3⤵
    PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32683.exe
      4⤵
      PID:7420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        5⤵
        
        PID:10904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        5⤵
        
        PID:14672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1547.exe
      4⤵
      PID:10424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
      4⤵
      PID:6544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57542.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57542.exe
    3⤵
    PID:8248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10876.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10876.exe
    3⤵
    PID:12300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45143.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45143.exe
    3⤵
    PID:12992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45689.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45689.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2287.exe
      4⤵
      PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12077.exe
        5⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
        6⤵
        
        PID:9740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60336.exe
        6⤵
        
        PID:13324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58895.exe
        5⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21638.exe
        5⤵
        
        PID:13180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45795.exe
      4⤵
      PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39417.exe
        5⤵
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64334.exe
        6⤵
        
        PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15514.exe
        5⤵
        
        PID:15336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
        5⤵
        
        PID:17924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42116.exe
      4⤵
      PID:8216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32430.exe
      4⤵
      PID:15324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6397.exe
      4⤵
      PID:16788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39266.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39266.exe
    3⤵
    PID:5376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63016.exe
      4⤵
      PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        5⤵
        
        PID:8332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58139.exe
        5⤵
        
        PID:12792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35147.exe
        5⤵
        
        PID:5628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21602.exe
      4⤵
      PID:8992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
      4⤵
      PID:13628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
      4⤵
      PID:4960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12216.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12216.exe
    3⤵
    PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9508.exe
      4⤵
      PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24098.exe
        5⤵
        
        PID:9848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        5⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
        5⤵
        
        PID:17276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52743.exe
      4⤵
      PID:11852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2786.exe
      4⤵
      PID:4832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7457.exe
    3⤵
    PID:8632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3537.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3537.exe
    3⤵
    PID:12656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44554.exe
    3⤵
    PID:18060
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11007.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11007.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55536.exe
    3⤵
    PID:5456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
      4⤵
      PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        5⤵
        
        PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56032.exe
        5⤵
        
        PID:12600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19574.exe
        5⤵
        
        PID:16868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41058.exe
      4⤵
      PID:8668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31385.exe
      4⤵
      PID:13132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
      4⤵
      PID:6912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47513.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47513.exe
    3⤵
    PID:9544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
      4⤵
      PID:2760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
    3⤵
    PID:13276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50945.exe
    3⤵
    PID:2692
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57769.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57769.exe
  2⤵
  PID:5736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2789.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2789.exe
    3⤵
    PID:7484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54108.exe
      4⤵
      PID:6564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3381.exe
    3⤵
    PID:11368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19039.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19039.exe
    3⤵
    PID:4852
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1463.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1463.exe
  2⤵
  PID:7576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
    3⤵
    PID:10872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
    3⤵
    PID:14908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
    3⤵
    PID:5092
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51683.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51683.exe
  2⤵
  PID:10504
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42379.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42379.exe
  2⤵
  PID:868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5784 -ip 5784
1⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6312 -ip 6312
1⤵
PID:15620

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:15372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 15336 -ip 15336
1⤵
PID:15796

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10674.exe

Filesize
468KB

MD5
8de75cb5789102191a0728dddeb1ffea

SHA1
df75583ebedd120d17f7ce2d16cbfa42cd4c1fd1

SHA256
7e447ed90f1dcc2ed517645f620719ee7ce69ee381ce3375dd83b7cffbcc7455

SHA512
6595de49f05839493596813bff3129ae40a2d9007aab19f00028c14eca5841235aef293033dccd7697239e5d663b9cf05213420c82597e9513bfb5578ecef82d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11734.exe

Filesize
468KB

MD5
0f1ee21f3f7ecaf817bde3f33b60e198

SHA1
e01644f284248a95fa051d86439bbbbeeea8b5b5

SHA256
346235e1c0513db4884bec09acc4a12d4a4da21e74fc536bc9bd95b97de2696a

SHA512
64e34f40f59bbdedd46f1534d404b4881a0c305ad5f8188429b4eab36b5bfa4d148b238042f363d5d4e4f612042e1be919e5cdac704c496c2ca2651886d11d2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13045.exe

Filesize
468KB

MD5
3946da63c3fe756cbfb0590ead17a6bf

SHA1
5289f5ec82eb458ff603bf35cddf63877bc93518

SHA256
de4befe592180c21951511e8a0d7903e95736ee7c02ad0a4c920e81c8565a9c1

SHA512
05afd8acf8a7e820acd635ab42bef5db9a024b1a026860ec58734f6270a6ae6f907acc5c8124311949e4e40aacdc674eba41c8e549458386dc8d1182437ad48e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13304.exe

Filesize
468KB

MD5
ff674c327bdb9569b26a211fed948aad

SHA1
14df0e876b286bae14819e020ec51b968c2bce31

SHA256
c8c1e77546c14c713718186087e974cf79524098639cfb3e86540cee095e18d8

SHA512
1962990c5155cb6d7a7d860e9289abc8c3aa2bd9ad4db7002795daecd7d6613352b94f9784617b17c933beef1e626a0b98948a69ed7a246e76f443694cf7cafb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16604.exe

Filesize
468KB

MD5
b4e247b56bf0aaf8dc2f0ec24ee633ba

SHA1
af0a368db0d647f93cc42d9cb3c6d16b95e633f3

SHA256
b37c5587aceccd16dfcf475764bbe633a8636104814c9b95c6fc05121369e64c

SHA512
415ab6c2ccd4ade214a4c409f635e52bcf576ec890035e4b0eecfc6efb58375ca8925f169e7881a7642a099767920aeaddd586f3fc72595e78782b59de8a0d57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22908.exe

Filesize
468KB

MD5
d2e41c0c9844d02cb500fc0e6d359a26

SHA1
795c0c60ab8c470b6969d8f4eef81f5c10c0bd6c

SHA256
64b7928465e93994a3ddbec1583155df36fad18d63261a9528a4b810eb398453

SHA512
03dd7c3202d5b72c434b6bbd7099e3b956314feb2b254448d9dfcec0917d53f198dd277e6f06563cf9bc7432c175fb9929979f61865a36725f5a0258c63f51e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25228.exe

Filesize
468KB

MD5
35637672b44db1f319e99fcbec92a679

SHA1
2579a41128aba868ce3ee2280a02599a52e8b7fb

SHA256
4ab40c89479e46bbbccc1a0696126a68a0eb7f40d47d4a94df4314ecdde001c5

SHA512
481ace6e8e0d0ee551316495330de44453cccdc703341969531da83c08d6bb8909b876a51432621232435f55de9cf68d08381857f4cf31adee56ae2022c5f66d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe

Filesize
468KB

MD5
186f63d502b8edf01750e4ac68bb1467

SHA1
9762e14126ed48a3c14f9929c57b9e6d75cf5ba9

SHA256
7b4ef432d0707a6ecfe59066d9138acb9ecab1a373655a1b9944ab11dbd08470

SHA512
7d2b4b83ecfd9902bcb521431cf2831941fc086fa1cdf2f7854a3653043e1974e4f22d0763e3a07af8f79f33ad5ba126fad8f2606eb4a458bd933f8ef705b3c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28005.exe

Filesize
468KB

MD5
8cdb09cad0bad4a0b2d03d2a7d1a5a3c

SHA1
ec066323871804c15ce80703c1acd0bf3cb3b07a

SHA256
6274ee10665170f24967ec59cb5d25bd845a0a097b8250f83d58f2aec66e0a15

SHA512
81a23490692a8986ed6b3cb48ae419eb92ff01e88c963442b52514cd54bf320d27c8cf14733e5c7abbcbd52bc9e3491b95bbac69c6f7a1461d284c03fdf87679

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2828.exe

Filesize
468KB

MD5
421eea0a962403b856241b57ee4311ee

SHA1
60b239fa79c67938e7c9caca84a0a9f0fcc1cfb9

SHA256
1d46f17958c14d09201f5a3ccba0381ca48bc7277c61276a1dec45aba9c0efc0

SHA512
c2c70d146ce0cb09b8440a6c71556069428b3c5d8e3de2d140baea56358730204686d78489ae8ec0d6163cc910f7d386c07aac1c958b4d5c57b33deefa2ee925

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31335.exe

Filesize
468KB

MD5
a318bac4c136642b8c5ecfe24ad36409

SHA1
7990f2492061d7f2f572b0918ffb2a9ba1ee048f

SHA256
ea77256083af236e10c08864fead1f844e948c0ebc6ca815f0597eedf6ff59f4

SHA512
57041e864b79700670d94b1fc528db4b1566558c3cc156dfa70a9809c2fb139985e766ebada591e65d4c89503d67eb44cc8e4ea5020b09c14cf019200c6a4051

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33398.exe

Filesize
468KB

MD5
812eba5d25a63c18c9fbf93d312b04d8

SHA1
7f0194bc1695384f60bc48656b733bede8e28012

SHA256
0f68fe61dd67c7e64c20eacc3fd52bc04600fb2c15ab5a10d27c653a5783e895

SHA512
7211c55a2bff79ab0a3875731ce098d78f863748c7d817064d60e21a4e31d0476c92b39b8e40635cdc12ed349d2c5a8b8c03d9b8b7ab7effea5da479b2d630c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33532.exe

Filesize
468KB

MD5
f262ad1de90f0550aa9402b7d8cc1ff3

SHA1
53f95cf7917ad12f8ac35826b421e883fb1c5521

SHA256
3e700d19b27757d7d8f40767467421ff6cbbabf870ef1805a079ce05945c661b

SHA512
1e92dc0cfa53ae38d34caa7e0759d26d52645b262b511aa812aa078eb642c393b5a73a6f046e69ed01c4b032c3ccc1bdbeacda6306d8f62f9a51502e2bc70120

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37474.exe

Filesize
468KB

MD5
34b0ecfeba6a8db5cc6489539b9e8daf

SHA1
be29a88ff29959742aed46121820a7e647f7d63c

SHA256
544ceedb94aa2ed821dd39c4181c253965cf3d6bea3dd09ff6274ad43c549d0f

SHA512
a6463afb05b361d118eb3d5c6ce019ff12bac57dbd118654517655832b09924cffe0ee0fd91762b1f700428a0bf33063c6189f489628f22e86fc04f877746ba5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38669.exe

Filesize
468KB

MD5
e7096b2e8e930083c935c1a4becc1e8c

SHA1
7af2fbb0236cb96c4cd69c893e9dbb62cfe13791

SHA256
cfaefb19a2398e7bbff6330de03405e5d49a16a4133c6298b1b54d3bd67d7c8a

SHA512
bef6bdcfe762c60d46d1ed213774d91b089c445c8c6750ca67337a8184960b2db02853adeafa12ee4167d306a2b55912d823ad0c0b44494cbad9b9d41d272de8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe

Filesize
468KB

MD5
0e547aa9d9bd4dc9702cfa3a8bb5ad82

SHA1
9255150b3748ef0fb45a5ea3dd849660f18857ee

SHA256
45a168cd13d3ccbb358f300394ec298dec94ddb4d999fe37cc4690e3b6266049

SHA512
2c5dbcf89ed658f5cd4c1373e3ebe75b9b5e018d7276cc1ebedfccc568778f3f6937239e98f2ac619a5119c7c76e42757093fdf5fd02174c93f25b84d037d32e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40927.exe

Filesize
468KB

MD5
c0bda019416b226b2892a1cbf884e520

SHA1
8500b0036ccef330cf7be51f2f2faee880fe239b

SHA256
e6256091fe1f80e76ad3a41d61cb626d3807c44d95d87bf95288f86f66c94b69

SHA512
8d445fa5f752e2c66f3dd8acc0f20683de5b3b1ad6bb5a9965d6e03819a877530b668276566b827648131f348ac135c7bbae75c7cf5cf30808ce7249ed219c10

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46960.exe

Filesize
468KB

MD5
4b362dca3a82fd9f483df21508b78178

SHA1
02ad3757d3273596681797d04ce93bc932066bea

SHA256
0c8d725e8bbc053cdef8dd76e02cdef59c5e6d6111526a9a6d0bc319c85b1c47

SHA512
a75be8b1f234ac83c30c14fa1f517ce519ed443e98bb01b28a62ec242c51a9dee156ff6038d13c5cecf90452ebcefece17f90556a27c41a85000178ccb11a656

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47606.exe

Filesize
468KB

MD5
56d43bbd31438de04a938c0661cb1745

SHA1
7036ba855d18fa34856a624e15b88cfdbf5e2ca7

SHA256
57854b179f447967faae403d3a78d8fb1441ab64a737f066023b265c80fce935

SHA512
ba3380615999b4d0569d56697b452a5f74f5ac248fbf3834819390e0e24a0b6cd1f1896eefd4a7164909a99db6065e873829870a4b6dbfd52a0c28b104536153

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47709.exe

Filesize
468KB

MD5
4a5b4e6bb717e41d274d5765f8c8526f

SHA1
c8dbacdcb84ca63dca55a68fef86fc4e0c83b261

SHA256
8fd26194e5e8ea4857c92910f031bbe514491351f972c9ef7d358ee9ff4e7ed4

SHA512
20ea87701b5e6f5526e97e783b59e0bedd266d5385feeb7e9e15f6bb26a6f361b7f6277de21a40121f4b9a3bad7dc2f3656829e4700767660f7060be74aaebc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49145.exe

Filesize
468KB

MD5
c278edae41fdbbfafde5411f281e7878

SHA1
554ecefda7f3fe91b7a11be6eb271b85f78784d8

SHA256
b645d72c59a7d0b2825a89a021b9a135d8c29349bbbf14215d26704601f64124

SHA512
8ac5937002e548bcd85a9d9538648ae9f00fe803ca783d8a02f00a3c83bf08e42bb9e86977a30b107d729f0dd8d05931b1a5feaf6efa8b270e0e475be0ad7918

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe

Filesize
468KB

MD5
62b8e967ba96b5da94dd6e0afea3668a

SHA1
f02ccef44333b9a63b8c7d6f35b0060f9f6e8c1c

SHA256
904020791112d2174cdb4bc287e3af7282acb4d7192b34b72ee09c5038f2e83f

SHA512
37883f80a420cf6d4bd052d860b5cd6536cacbd9506db8702e4febefd6ac40611bd3eab328ec3b4a57445a023b265d2a411a0d642c64840d0c0bfe0cc0d23f5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe

Filesize
468KB

MD5
688ae9a6f1353b1e91d8854abbaf4a59

SHA1
226bd8ec76f0b93f1f6896334d681fdd62d400c0

SHA256
30f92d0a8508f58ec0e86415015dc39d742bd650416f53765c1c15e56232cae6

SHA512
9dadc7672b8b389876162d11330808a97543e5dea976004a8f86e7665a1bb4c0d53c3f4a8793a39e47c38cc38499a93f3e5c135bec8b80225f04509ae19955d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60450.exe

Filesize
468KB

MD5
342b76815495d8b49859cd57a991af77

SHA1
4e2d19d792cf093bc15e7782ffa2ea9808ae0b43

SHA256
f10c88e13a28f50dc7177e446eb732e097a8d5f2a976e0ece9d9fe8a63f603d1

SHA512
d1a84248c832d104781700bab8d7bc5a6973761522b480e52bd1d11d12edd10e352ee6bf35f5710ba9df2888f60133fa05e16380648b7d81040c164aa64ab217

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60793.exe

Filesize
468KB

MD5
1f030c92663325ffea71ebbd1258a5d3

SHA1
44e2aeebb7057ec7d6adbe8e25e5263ee4f4d6dd

SHA256
5042814419db5adb17e95bd764f376d7db1291e408dcc4ffb0ec75155ed8ac8f

SHA512
7bf15063a57a03a6128cfb8f4d06158284e4cffd7484b9d1abae4dbb3faa2ed90a8b4a85b2c72671bb866a7b29b5ac65e673ff113cdc29ee7d447cccfa5ba991

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61217.exe

Filesize
468KB

MD5
656ad18992e60ed3de57e0c89d014042

SHA1
d07c1864a931bdbf7ea61ebf3695beae11979bfa

SHA256
8f49183e56e5be3fb6221aacd3edc0ef0aba00d05e823f13f2a111cee8e3c1b8

SHA512
b28304a36380864c63fb6c350782a37c8c73d92aa4481b74dd5c7ab73efa87123e2165d3e9762e85227f6b140e37d98cd3cdd8dc8fed0b0e9ee064fdcc97ac1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61661.exe

Filesize
468KB

MD5
dc72b04810dc5b4bd63f0b1797493836

SHA1
1a0d25a64a7375278cf5577b860d9bf0252eb446

SHA256
de48331da92fb8bc2cba5d9f708e5e6b83f72b0a51635d55480dc3d4bb216b9a

SHA512
771a393e776dd5f94ec79ef7aa525daa98cbfd45ebb03567d9c524b5a25d6d8c2b8c681612f61364ece3eab8f68ceea1da82204389ee3f5be68d3b4cccd1c4f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe

Filesize
468KB

MD5
0c616237bb4763a7f622b312b58f9eed

SHA1
53709544799f7c0cd16fd45130dcb7d4591e5a76

SHA256
fb9634499a5adf04c914f19cefb450b0d364f42b443ad974a01c5505e7ba2b15

SHA512
be9bd36ed0b080ad1c738bc9548ea6153c3edbece49993ef94141e0f52dd17683fd44b99c6e00d782791f5698234d584304f0494eebbbe26e75ec3b11cccb7d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63094.exe

Filesize
468KB

MD5
4daa39e7aa026923f61862732fb9d7fb

SHA1
c58edad09d3833e810e9cf64930de576c2293b0a

SHA256
874e1fb090fd575caa1c69cddc523ebb3bb7fb8dd5e8ba05be4319154eb90cb3

SHA512
de3e815633b8da5da5772603faaa30f8734d4bb72f80271d7791328561d2a48a7064a96cf5bf9daadeb5c3befdd24cc755b3cbf7592ad50465414dec93a086a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8662.exe

Filesize
468KB

MD5
2217911319eef55b0c93c7e766ca00a0

SHA1
f8d0c6536fcf725c1f4b7213dc2d20abe55ca098

SHA256
6c31945f13d3b8e8cd7053e9f4d5c111d5dff2bcb62fa941dade71a46b292bf8

SHA512
1680f3748415cab226785a91f88647938bd1844da974c7e104405892d3270b22fc48800c6317b7c7eeb568aba67e10b4528f81633d9ea103d2d9655ca7224327

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9598.exe

Filesize
468KB

MD5
50ffde2170522187b8ef827d3378bda2

SHA1
e2d5ade3d36ea683502cc79d7c57fb518bfe95e0

SHA256
3b099733ccf0c7b341917d4ec0d1899e9dc14b7e083538afafddf0fd15b0d0f4

SHA512
4bf92628c342a8f4d46f38851a6a43b1be88a0993b17a47a8dcd79e593626a719ecd449f4725a3be90b6aebd9b6caf287106c71ef86edf1eaaaa16bb3bddea97

Download Submit
memory/320-239-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/368-306-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/404-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/516-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/552-56-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/648-320-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/708-40-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/728-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/756-386-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/836-384-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/944-261-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/968-396-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/976-36-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1060-213-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1132-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1340-153-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1532-459-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1576-414-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1584-278-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1588-322-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1652-197-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1812-362-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1824-385-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1952-178-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1968-361-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2036-445-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2092-314-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2208-240-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2228-225-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2232-195-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2268-395-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2324-63-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2528-280-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2568-190-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2656-113-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2876-323-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2884-205-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2904-43-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2912-415-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3000-245-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3168-456-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3180-92-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3344-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3408-327-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3416-128-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3452-183-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3752-94-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3840-416-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3844-235-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3864-316-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3900-85-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3916-363-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3956-410-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4172-140-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4204-430-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4216-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4228-321-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4240-325-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4252-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4260-251-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4324-455-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4372-152-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4412-317-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4432-315-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4440-360-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4544-141-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4552-272-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4556-432-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4596-265-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4668-454-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4676-431-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4720-107-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4748-151-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4756-179-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4768-326-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4848-256-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4944-72-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4956-93-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4972-121-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5084-409-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5172-468-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5216-477-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5264-506-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5268-500-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5300-507-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5356-521-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5376-508-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5392-526-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5404-541-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5440-522-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5456-523-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5504-524-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5520-525-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5568-544-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5592-545-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5600-546-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/12620-2562-0x00007FF85B730000-0x00007FF85B789000-memory.dmp

Filesize
356KB

Download
memory/13336-2788-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15092-2510-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15824-2750-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads