d8a5fe18746626959511f58e52a98a3c60224527d3b5ad3556fc75b0386aaa87

Analysis

max time kernel
118s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 08:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d8a5fe18746626959511f58e52a98a3c60224527d3b5ad3556fc75b0386aaa87N.exe
Size

468KB
MD5

cc54eef39d161c5781bab6d734440880
SHA1

5a8cec620a77a224b14284f9a6dbfda32e69175c
SHA256

d8a5fe18746626959511f58e52a98a3c60224527d3b5ad3556fc75b0386aaa87
SHA512

38fda6adc2e73f1f54b8c9b0a5d9e348944edbf98b4ec2acc28d4839a7a2ebb77133eef17f870bbc0216ea65c094f4580caa27e002c7d593d23f25ab343ebda7
SSDEEP

3072:EYgiogIyb45BtbYtPzqjQf8/ECObZnpgnmHhQEhrHsBM0VEWHdED:EY1ok4BtiP+jQfhpVbHsu8EWH

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4344	Unicorn-36378.exe
1680	Unicorn-53586.exe
2164	Unicorn-25552.exe
1452	Unicorn-48018.exe
4516	Unicorn-48018.exe
2560	Unicorn-14368.exe
3232	Unicorn-57810.exe
3388	Unicorn-60026.exe
2504	Unicorn-15656.exe
1252	Unicorn-43882.exe
3360	Unicorn-43882.exe
1212	Unicorn-24208.exe
2828	Unicorn-44074.exe
1808	Unicorn-37944.exe
4128	Unicorn-43809.exe
3780	Unicorn-37354.exe
4272	Unicorn-9320.exe
3524	Unicorn-9834.exe
316	Unicorn-26040.exe
3436	Unicorn-54074.exe
4248	Unicorn-46098.exe
1824	Unicorn-15271.exe
2772	Unicorn-18313.exe
2032	Unicorn-29762.exe
1420	Unicorn-11225.exe
516	Unicorn-11225.exe
4164	Unicorn-56897.exe
3728	Unicorn-2295.exe
2672	Unicorn-56897.exe
2272	Unicorn-5095.exe
4920	Unicorn-11225.exe
1576	Unicorn-10898.exe
4592	Unicorn-19896.exe
1068	Unicorn-48122.exe
3692	Unicorn-56128.exe
1004	Unicorn-13057.exe
1696	Unicorn-4816.exe
3600	Unicorn-59435.exe
640	Unicorn-5273.exe
668	Unicorn-59627.exe
3720	Unicorn-56704.exe
5052	Unicorn-13633.exe
4964	Unicorn-57961.exe
4156	Unicorn-784.exe
1536	Unicorn-61682.exe
3204	Unicorn-29010.exe
3128	Unicorn-20842.exe
2784	Unicorn-4505.exe
3620	Unicorn-50177.exe
3352	Unicorn-29202.exe
2892	Unicorn-21034.exe
4792	Unicorn-53136.exe
2896	Unicorn-62066.exe
4916	Unicorn-12865.exe
3596	Unicorn-16631.exe
4376	Unicorn-2896.exe
4404	Unicorn-63529.exe
2324	Unicorn-43929.exe
1640	Unicorn-38328.exe
4704	Unicorn-7961.exe
844	Unicorn-42449.exe
2276	Unicorn-24106.exe
4984	Unicorn-59008.exe
4432	Unicorn-17666.exe

Program crash 10 IoCs

pid	pid_target	Process	procid_target
5712	3204	WerFault.exe	134
5624	3352	WerFault.exe	138
9420	9012	WerFault.exe	409
388	6996	WerFault.exe	268
14344	6852	WerFault.exe	259
14848	6968	WerFault.exe	265
14836	6996	WerFault.exe	268
14828	7004	WerFault.exe	269
2116	6860	WerFault.exe	260
14940	6968	WerFault.exe	265

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46289.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44917.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42146.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23482.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21034.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62194.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46434.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48018.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14368.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17912.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4948.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36451.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52152.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53346.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23512.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16287.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51473.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47954.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56151.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28986.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20114.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26154.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57435.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44779.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13751.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54114.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42593.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57899.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10142.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29763.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-563.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41296.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38139.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28279.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43022.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63470.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54872.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4120	dwm.exe
Token: SeChangeNotifyPrivilege	4120	dwm.exe
Token: 33	4120	dwm.exe
Token: SeIncBasePriorityPrivilege	4120	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2184	d8a5fe18746626959511f58e52a98a3c60224527d3b5ad3556fc75b0386aaa87N.exe
4344	Unicorn-36378.exe
1680	Unicorn-53586.exe
2164	Unicorn-25552.exe
1452	Unicorn-48018.exe
4516	Unicorn-48018.exe
2560	Unicorn-14368.exe
3232	Unicorn-57810.exe
3388	Unicorn-60026.exe
1252	Unicorn-43882.exe
2504	Unicorn-15656.exe
1808	Unicorn-37944.exe
4128	Unicorn-43809.exe
2828	Unicorn-44074.exe
1212	Unicorn-24208.exe
3360	Unicorn-43882.exe
3780	Unicorn-37354.exe
4272	Unicorn-9320.exe
3524	Unicorn-9834.exe
316	Unicorn-26040.exe
1824	Unicorn-15271.exe
3436	Unicorn-54074.exe
4248	Unicorn-46098.exe
2772	Unicorn-18313.exe
3728	Unicorn-2295.exe
2032	Unicorn-29762.exe
516	Unicorn-11225.exe
2272	Unicorn-5095.exe
1420	Unicorn-11225.exe
4920	Unicorn-11225.exe
4164	Unicorn-56897.exe
2672	Unicorn-56897.exe
1576	Unicorn-10898.exe
4592	Unicorn-19896.exe
1068	Unicorn-48122.exe
3692	Unicorn-56128.exe
1004	Unicorn-13057.exe
1696	Unicorn-4816.exe
3600	Unicorn-59435.exe
640	Unicorn-5273.exe
668	Unicorn-59627.exe
3720	Unicorn-56704.exe
5052	Unicorn-13633.exe
4156	Unicorn-784.exe
1536	Unicorn-61682.exe
3352	Unicorn-29202.exe
2892	Unicorn-21034.exe
3128	Unicorn-20842.exe
3204	Unicorn-29010.exe
3620	Unicorn-50177.exe
4964	Unicorn-57961.exe
2784	Unicorn-4505.exe
4376	Unicorn-2896.exe
4792	Unicorn-53136.exe
4404	Unicorn-63529.exe
4916	Unicorn-12865.exe
3596	Unicorn-16631.exe
2324	Unicorn-43929.exe
1640	Unicorn-38328.exe
2896	Unicorn-62066.exe
844	Unicorn-42449.exe
4704	Unicorn-7961.exe
4432	Unicorn-17666.exe
2276	Unicorn-24106.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 4344	2184	d8a5fe18746626959511f58e52a98a3c60224527d3b5ad3556fc75b0386aaa87N.exe	84
PID 2184 wrote to memory of 4344	2184	d8a5fe18746626959511f58e52a98a3c60224527d3b5ad3556fc75b0386aaa87N.exe	84
PID 2184 wrote to memory of 4344	2184	d8a5fe18746626959511f58e52a98a3c60224527d3b5ad3556fc75b0386aaa87N.exe	84
PID 4344 wrote to memory of 1680	4344	Unicorn-36378.exe	87
PID 4344 wrote to memory of 1680	4344	Unicorn-36378.exe	87
PID 4344 wrote to memory of 1680	4344	Unicorn-36378.exe	87
PID 2184 wrote to memory of 2164	2184	d8a5fe18746626959511f58e52a98a3c60224527d3b5ad3556fc75b0386aaa87N.exe	88
PID 2184 wrote to memory of 2164	2184	d8a5fe18746626959511f58e52a98a3c60224527d3b5ad3556fc75b0386aaa87N.exe	88
PID 2184 wrote to memory of 2164	2184	d8a5fe18746626959511f58e52a98a3c60224527d3b5ad3556fc75b0386aaa87N.exe	88
PID 1680 wrote to memory of 1452	1680	Unicorn-53586.exe	92
PID 1680 wrote to memory of 1452	1680	Unicorn-53586.exe	92
PID 1680 wrote to memory of 1452	1680	Unicorn-53586.exe	92
PID 2164 wrote to memory of 4516	2164	Unicorn-25552.exe	93
PID 2164 wrote to memory of 4516	2164	Unicorn-25552.exe	93
PID 2164 wrote to memory of 4516	2164	Unicorn-25552.exe	93
PID 2184 wrote to memory of 2560	2184	d8a5fe18746626959511f58e52a98a3c60224527d3b5ad3556fc75b0386aaa87N.exe	95
PID 2184 wrote to memory of 2560	2184	d8a5fe18746626959511f58e52a98a3c60224527d3b5ad3556fc75b0386aaa87N.exe	95
PID 2184 wrote to memory of 2560	2184	d8a5fe18746626959511f58e52a98a3c60224527d3b5ad3556fc75b0386aaa87N.exe	95
PID 4344 wrote to memory of 3232	4344	Unicorn-36378.exe	94
PID 4344 wrote to memory of 3232	4344	Unicorn-36378.exe	94
PID 4344 wrote to memory of 3232	4344	Unicorn-36378.exe	94
PID 1452 wrote to memory of 3388	1452	Unicorn-48018.exe	96
PID 1452 wrote to memory of 3388	1452	Unicorn-48018.exe	96
PID 1452 wrote to memory of 3388	1452	Unicorn-48018.exe	96
PID 1680 wrote to memory of 2504	1680	Unicorn-53586.exe	97
PID 1680 wrote to memory of 2504	1680	Unicorn-53586.exe	97
PID 1680 wrote to memory of 2504	1680	Unicorn-53586.exe	97
PID 4516 wrote to memory of 3360	4516	Unicorn-48018.exe	99
PID 4516 wrote to memory of 3360	4516	Unicorn-48018.exe	99
PID 4516 wrote to memory of 3360	4516	Unicorn-48018.exe	99
PID 3232 wrote to memory of 1252	3232	Unicorn-57810.exe	98
PID 3232 wrote to memory of 1252	3232	Unicorn-57810.exe	98
PID 3232 wrote to memory of 1252	3232	Unicorn-57810.exe	98
PID 2560 wrote to memory of 2828	2560	Unicorn-14368.exe	100
PID 2560 wrote to memory of 2828	2560	Unicorn-14368.exe	100
PID 2560 wrote to memory of 2828	2560	Unicorn-14368.exe	100
PID 2164 wrote to memory of 1212	2164	Unicorn-25552.exe	101
PID 2164 wrote to memory of 1212	2164	Unicorn-25552.exe	101
PID 2164 wrote to memory of 1212	2164	Unicorn-25552.exe	101
PID 4344 wrote to memory of 1808	4344	Unicorn-36378.exe	103
PID 4344 wrote to memory of 1808	4344	Unicorn-36378.exe	103
PID 4344 wrote to memory of 1808	4344	Unicorn-36378.exe	103
PID 2184 wrote to memory of 4128	2184	d8a5fe18746626959511f58e52a98a3c60224527d3b5ad3556fc75b0386aaa87N.exe	102
PID 2184 wrote to memory of 4128	2184	d8a5fe18746626959511f58e52a98a3c60224527d3b5ad3556fc75b0386aaa87N.exe	102
PID 2184 wrote to memory of 4128	2184	d8a5fe18746626959511f58e52a98a3c60224527d3b5ad3556fc75b0386aaa87N.exe	102
PID 1252 wrote to memory of 3780	1252	Unicorn-43882.exe	104
PID 1252 wrote to memory of 3780	1252	Unicorn-43882.exe	104
PID 1252 wrote to memory of 3780	1252	Unicorn-43882.exe	104
PID 3232 wrote to memory of 4272	3232	Unicorn-57810.exe	105
PID 3232 wrote to memory of 4272	3232	Unicorn-57810.exe	105
PID 3232 wrote to memory of 4272	3232	Unicorn-57810.exe	105
PID 3388 wrote to memory of 3524	3388	Unicorn-60026.exe	106
PID 3388 wrote to memory of 3524	3388	Unicorn-60026.exe	106
PID 3388 wrote to memory of 3524	3388	Unicorn-60026.exe	106
PID 1452 wrote to memory of 316	1452	Unicorn-48018.exe	107
PID 1452 wrote to memory of 316	1452	Unicorn-48018.exe	107
PID 1452 wrote to memory of 316	1452	Unicorn-48018.exe	107
PID 2504 wrote to memory of 3436	2504	Unicorn-15656.exe	108
PID 2504 wrote to memory of 3436	2504	Unicorn-15656.exe	108
PID 2504 wrote to memory of 3436	2504	Unicorn-15656.exe	108
PID 1680 wrote to memory of 1824	1680	Unicorn-53586.exe	109
PID 1680 wrote to memory of 1824	1680	Unicorn-53586.exe	109
PID 1680 wrote to memory of 1824	1680	Unicorn-53586.exe	109
PID 1808 wrote to memory of 4248	1808	Unicorn-37944.exe	110

C:\Users\Admin\AppData\Local\Temp\d8a5fe18746626959511f58e52a98a3c60224527d3b5ad3556fc75b0386aaa87N.exe
"C:\Users\Admin\AppData\Local\Temp\d8a5fe18746626959511f58e52a98a3c60224527d3b5ad3556fc75b0386aaa87N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36378.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36378.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53586.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53586.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48018.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60026.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9834.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59627.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23634.exe
        8⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40057.exe
        9⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62002.exe
        10⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15640.exe
        10⤵
        
        PID:11952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60899.exe
        10⤵
        
        PID:15032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
        10⤵
        
        PID:18328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12535.exe
        9⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1312.exe
        9⤵
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
        9⤵
        
        PID:15716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        9⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40057.exe
        8⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65266.exe
        9⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55713.exe
        10⤵
        
        PID:12692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26026.exe
        10⤵
        
        PID:16704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39659.exe
        10⤵
        
        PID:18132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        9⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63199.exe
        9⤵
        
        PID:16296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18783.exe
        8⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43113.exe
        8⤵
        
        PID:11960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28986.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5112.exe
        7⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54010.exe
        8⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18962.exe
        9⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 636
        9⤵
        Program crash
        
        PID:388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 636
        9⤵
        Program crash
        
        PID:14836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50601.exe
        8⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21766.exe
        8⤵
        
        PID:14112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        8⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9832.exe
        7⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51662.exe
        8⤵
        
        PID:18012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37768.exe
        7⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40883.exe
        7⤵
        
        PID:15112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4798.exe
        7⤵
        
        PID:7288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57961.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        7⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22290.exe
        8⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30586.exe
        9⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63972.exe
        9⤵
        
        PID:13428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21890.exe
        9⤵
        
        PID:17136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
        9⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16864.exe
        8⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52152.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58020.exe
        8⤵
        
        PID:15612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3308.exe
        8⤵
        
        PID:14848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40449.exe
        7⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22906.exe
        8⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57911.exe
        8⤵
        
        PID:14596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
        8⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64336.exe
        7⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46481.exe
        7⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57435.exe
        7⤵
        
        PID:17180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43477.exe
        7⤵
        
        PID:18312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        6⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54010.exe
        7⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48666.exe
        8⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 596
        8⤵
        Program crash
        
        PID:14828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
        7⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20614.exe
        7⤵
        
        PID:14264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13581.exe
        7⤵
        
        PID:18212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1167.exe
        6⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24192.exe
        7⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
        7⤵
        
        PID:16880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6109.exe
        7⤵
        
        PID:6708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21233.exe
        6⤵
        
        PID:672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
        6⤵
        
        PID:15068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17201.exe
        6⤵
        
        PID:8176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59435.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22482.exe
        7⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
        8⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47412.exe
        9⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23687.exe
        8⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        8⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        8⤵
        
        PID:14908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1508.exe
        8⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
        7⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1561.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28857.exe
        8⤵
        
        PID:12596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56758.exe
        8⤵
        
        PID:15972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21471.exe
        7⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33705.exe
        7⤵
        
        PID:13024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49355.exe
        7⤵
        
        PID:15576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
        7⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61905.exe
        6⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13169.exe
        7⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56834.exe
        8⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 664
        8⤵
        Program crash
        
        PID:14848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 664
        8⤵
        Program crash
        
        PID:14940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50601.exe
        7⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
        7⤵
        
        PID:13628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-210.exe
        7⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64896.exe
        6⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31093.exe
        7⤵
        
        PID:15416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60214.exe
        7⤵
        
        PID:18172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22152.exe
        6⤵
        
        PID:9808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9370.exe
        6⤵
        
        PID:13416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2555.exe
        6⤵
        
        PID:17044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20871.exe
        6⤵
        
        PID:14908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34196.exe
        6⤵
        
        PID:18164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64593.exe
        6⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13273.exe
        7⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
        8⤵
        
        PID:16612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58000.exe
        7⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63470.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43554.exe
        6⤵
        
        PID:10660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
        6⤵
        
        PID:13800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16347.exe
        6⤵
        
        PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7608.exe
        5⤵
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18323.exe
        6⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50601.exe
        6⤵
        
        PID:9628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20614.exe
        6⤵
        
        PID:14032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27362.exe
        6⤵
        
        PID:392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
        6⤵
        
        PID:7492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62096.exe
        5⤵
        
        PID:6816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        6⤵
        
        PID:9432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46484.exe
        6⤵
        
        PID:388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47546.exe
        6⤵
        
        PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62489.exe
        5⤵
        
        PID:9796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
        5⤵
        
        PID:13368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        5⤵
        
        PID:16852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44813.exe
        5⤵
        
        PID:17964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15656.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54074.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62066.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2393.exe
        7⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12777.exe
        8⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21162.exe
        9⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 404
        10⤵
        Program crash
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48401.exe
        9⤵
        
        PID:12644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56758.exe
        9⤵
        
        PID:15964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44794.exe
        8⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63556.exe
        9⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42593.exe
        8⤵
        
        PID:12612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62623.exe
        8⤵
        
        PID:16036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3008.exe
        7⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13791.exe
        7⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43595.exe
        7⤵
        
        PID:17084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1508.exe
        7⤵
        
        PID:16312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49601.exe
        6⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6890.exe
        7⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26833.exe
        7⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9949.exe
        7⤵
        
        PID:15236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38014.exe
        7⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18871.exe
        6⤵
        
        PID:7860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63201.exe
        6⤵
        
        PID:11416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
        6⤵
        
        PID:15464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26013.exe
        6⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43929.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24594.exe
        6⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5953.exe
        7⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32594.exe
        8⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19480.exe
        8⤵
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49275.exe
        8⤵
        
        PID:15588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        7⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37248.exe
        7⤵
        
        PID:11984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61087.exe
        7⤵
        
        PID:15344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17115.exe
        7⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11176.exe
        6⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28474.exe
        7⤵
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3808.exe
        6⤵
        
        PID:9436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe
        6⤵
        
        PID:13964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34454.exe
        6⤵
        
        PID:16700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
        6⤵
        
        PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18515.exe
        6⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40171.exe
        7⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34579.exe
        7⤵
        
        PID:13568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12138.exe
        7⤵
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37497.exe
        6⤵
        
        PID:10748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3422.exe
        6⤵
        
        PID:13772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30801.exe
        6⤵
        
        PID:17980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10569.exe
        5⤵
        
        PID:7672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47120.exe
        5⤵
        
        PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35787.exe
        5⤵
        
        PID:13872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20964.exe
        5⤵
        
        PID:16588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15271.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13057.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8921.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9129.exe
        7⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13377.exe
        8⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
        8⤵
        
        PID:13036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
        8⤵
        
        PID:16872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63862.exe
        8⤵
        
        PID:14888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61929.exe
        7⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        7⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        7⤵
        
        PID:15456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5612.exe
        7⤵
        
        PID:8696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        6⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24426.exe
        7⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37621.exe
        8⤵
        
        PID:13960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26306.exe
        8⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24770.exe
        7⤵
        
        PID:15248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37241.exe
        7⤵
        
        PID:18364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51456.exe
        6⤵
        
        PID:9020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43113.exe
        6⤵
        
        PID:11788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28986.exe
        6⤵
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62359.exe
        6⤵
        
        PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51817.exe
        5⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-577.exe
        6⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22786.exe
        7⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9952.exe
        7⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28986.exe
        7⤵
        
        PID:15352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58340.exe
        7⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13968.exe
        6⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52241.exe
        6⤵
        
        PID:12316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61166.exe
        6⤵
        
        PID:15540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5182.exe
        6⤵
        
        PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21639.exe
        5⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26154.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46289.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
        6⤵
        
        PID:16012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54621.exe
        6⤵
        
        PID:18068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62666.exe
        5⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41272.exe
        5⤵
        
        PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12451.exe
        5⤵
        
        PID:15036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4816.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-561.exe
        5⤵
        
        PID:3748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-385.exe
        6⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17882.exe
        7⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47220.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23953.exe
        7⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64547.exe
        7⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34340.exe
        7⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50746.exe
        6⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        6⤵
        
        PID:11568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30636.exe
        6⤵
        
        PID:14396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5612.exe
        6⤵
        
        PID:8548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13344.exe
        5⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28103.exe
        6⤵
        
        PID:18404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62033.exe
        5⤵
        
        PID:9556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62512.exe
        5⤵
        
        PID:13252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40899.exe
        5⤵
        
        PID:17168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55151.exe
        5⤵
        
        PID:9408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24687.exe
      4⤵
      PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51785.exe
      4⤵
      PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21203.exe
        5⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56154.exe
        6⤵
        
        PID:10532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59171.exe
        6⤵
        
        PID:16048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44341.exe
        6⤵
        
        PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        5⤵
        
        PID:10896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11974.exe
        5⤵
        
        PID:14468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17314.exe
        5⤵
        
        PID:5612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64162.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
        5⤵
        
        PID:12484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43022.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33985.exe
        5⤵
        
        PID:8524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23680.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9075.exe
      4⤵
      PID:13744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63836.exe
      4⤵
      PID:14344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40846.exe
      4⤵
      PID:16560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57810.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57810.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43882.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37354.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10898.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7961.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48553.exe
        8⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42770.exe
        9⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29848.exe
        9⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        9⤵
        
        PID:15176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47059.exe
        9⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59328.exe
        8⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9114.exe
        9⤵
        
        PID:18288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        8⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49731.exe
        8⤵
        
        PID:15272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63511.exe
        8⤵
        
        PID:18092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30680.exe
        7⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
        8⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29848.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        8⤵
        
        PID:15160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46483.exe
        8⤵
        
        PID:18036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59328.exe
        7⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40171.exe
        8⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53115.exe
        8⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        8⤵
        
        PID:17356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        7⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21970.exe
        7⤵
        
        PID:15084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42449.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25554.exe
        7⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        8⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52610.exe
        9⤵
        
        PID:12440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38139.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:17108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50601.exe
        8⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63099.exe
        8⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14458.exe
        8⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7305.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35805.exe
        8⤵
        
        PID:16836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36451.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59521.exe
        7⤵
        
        PID:12808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54872.exe
        7⤵
        
        PID:16188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9993.exe
        7⤵
        
        PID:18108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3191.exe
        6⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62194.exe
        7⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5346.exe
        7⤵
        
        PID:13676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13306.exe
        7⤵
        
        PID:7276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32521.exe
        6⤵
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59521.exe
        6⤵
        
        PID:12792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54872.exe
        6⤵
        
        PID:16180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39012.exe
        6⤵
        
        PID:18344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19896.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24106.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9793.exe
        7⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11367.exe
        8⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
        8⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47318.exe
        8⤵
        
        PID:14936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62359.exe
        8⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47954.exe
        7⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51162.exe
        8⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35539.exe
        8⤵
        
        PID:15448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8220.exe
        8⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
        7⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
        7⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54422.exe
        7⤵
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40088.exe
        6⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2090.exe
        7⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45843.exe
        8⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52923.exe
        8⤵
        
        PID:15600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14085.exe
        8⤵
        
        PID:16524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe
        7⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
        7⤵
        
        PID:13688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43381.exe
        7⤵
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8736.exe
        6⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30955.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54948.exe
        7⤵
        
        PID:15056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36451.exe
        7⤵
        
        PID:14892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46953.exe
        6⤵
        
        PID:11124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57419.exe
        6⤵
        
        PID:15264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13690.exe
        6⤵
        
        PID:16528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59008.exe
        5⤵
        Executes dropped EXE
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57899.exe
        6⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10450.exe
        7⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2936.exe
        7⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
        7⤵
        
        PID:13852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29100.exe
        7⤵
        
        PID:14832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6376.exe
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46227.exe
        7⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
        7⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57692.exe
        7⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61264.exe
        6⤵
        
        PID:11072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
        6⤵
        
        PID:15204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30225.exe
        6⤵
        
        PID:7332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16456.exe
        5⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40570.exe
        6⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        6⤵
        
        PID:12836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63199.exe
        6⤵
        
        PID:16304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17314.exe
        6⤵
        
        PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
        5⤵
        
        PID:8648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40688.exe
        5⤵
        
        PID:11940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22500.exe
        5⤵
        
        PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
        5⤵
        
        PID:18184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9320.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17666.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57899.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11088.exe
        8⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23687.exe
        8⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17350.exe
        8⤵
        
        PID:13604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        8⤵
        
        PID:17076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62359.exe
        8⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56314.exe
        7⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3409.exe
        8⤵
        
        PID:12592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38139.exe
        8⤵
        
        PID:17064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64057.exe
        7⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28690.exe
        7⤵
        
        PID:13864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14266.exe
        7⤵
        
        PID:18060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56337.exe
        6⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5162.exe
        7⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5222.exe
        8⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61753.exe
        7⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        7⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54350.exe
        7⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19063.exe
        6⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        6⤵
        
        PID:11616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40494.exe
        6⤵
        
        PID:15632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45276.exe
        6⤵
        
        PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6160.exe
        5⤵
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57707.exe
        6⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54010.exe
        7⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51650.exe
        8⤵
        
        PID:11768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 636
        8⤵
        Program crash
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39417.exe
        7⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20614.exe
        7⤵
        
        PID:14248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47954.exe
        6⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8017.exe
        7⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3530.exe
        7⤵
        
        PID:15384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41356.exe
        7⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44322.exe
        6⤵
        
        PID:10320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45027.exe
        6⤵
        
        PID:13644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
        6⤵
        
        PID:18380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63336.exe
        5⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15058.exe
        6⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        7⤵
        
        PID:16732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60705.exe
        6⤵
        
        PID:11064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        6⤵
        
        PID:15092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-515.exe
        6⤵
        
        PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16568.exe
        5⤵
        
        PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27400.exe
        5⤵
        
        PID:11680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5435.exe
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16241.exe
        5⤵
        
        PID:18028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56128.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26218.exe
        5⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3929.exe
        6⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
        7⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29848.exe
        7⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        7⤵
        
        PID:15184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62505.exe
        6⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30200.exe
        6⤵
        
        PID:11672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58291.exe
        6⤵
        
        PID:14988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
        6⤵
        
        PID:7480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4010.exe
        6⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6187.exe
        7⤵
        
        PID:708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26968.exe
        6⤵
        
        PID:10788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5917.exe
        6⤵
        
        PID:14400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60288.exe
        5⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14739.exe
        6⤵
        
        PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        5⤵
        
        PID:11624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40494.exe
        5⤵
        
        PID:14392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63319.exe
        5⤵
        
        PID:18296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26145.exe
      4⤵
      PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
        5⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15058.exe
        6⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18298.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41486.exe
        7⤵
        
        PID:15376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60705.exe
        6⤵
        
        PID:10860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        6⤵
        
        PID:15168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52046.exe
        6⤵
        
        PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62313.exe
        5⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51162.exe
        6⤵
        
        PID:11720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41486.exe
        6⤵
        
        PID:15332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63587.exe
        6⤵
        
        PID:8512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57336.exe
        5⤵
        
        PID:11352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        5⤵
        
        PID:15472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5612.exe
        5⤵
        
        PID:8552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46961.exe
      4⤵
      PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15992.exe
        5⤵
        
        PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
        5⤵
        
        PID:11696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-730.exe
        5⤵
        
        PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38661.exe
        5⤵
        
        PID:17996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
      4⤵
      PID:8364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6249.exe
      4⤵
      PID:11464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25474.exe
      4⤵
      PID:15656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11866.exe
      4⤵
      PID:8488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46098.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5273.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8921.exe
        6⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47147.exe
        7⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2282.exe
        8⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60305.exe
        8⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37059.exe
        8⤵
        
        PID:13592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27756.exe
        8⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33643.exe
        8⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55577.exe
        7⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13497.exe
        8⤵
        
        PID:12944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46500.exe
        8⤵
        
        PID:17204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37689.exe
        7⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
        7⤵
        
        PID:13388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25482.exe
        7⤵
        
        PID:752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe
        6⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62002.exe
        7⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15640.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60899.exe
        7⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59432.exe
        6⤵
        
        PID:8924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43113.exe
        6⤵
        
        PID:11972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28986.exe
        6⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50517.exe
        6⤵
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32657.exe
        5⤵
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8745.exe
        6⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
        7⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65104.exe
        8⤵
        
        PID:17232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26306.exe
        8⤵
        
        PID:16220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29848.exe
        7⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        7⤵
        
        PID:15192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50554.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58370.exe
        7⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44947.exe
        7⤵
        
        PID:15336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53006.exe
        7⤵
        
        PID:18280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        6⤵
        
        PID:11560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58291.exe
        6⤵
        
        PID:14428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12813.exe
        6⤵
        
        PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22023.exe
        5⤵
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40570.exe
        6⤵
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        6⤵
        
        PID:12844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63199.exe
        6⤵
        
        PID:16288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        6⤵
        
        PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54114.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2345.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50724.exe
        6⤵
        
        PID:15400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42316.exe
        6⤵
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33392.exe
        5⤵
        
        PID:12424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16356.exe
        5⤵
        
        PID:16408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49956.exe
        5⤵
        
        PID:18192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-784.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55019.exe
        5⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29114.exe
        6⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31250.exe
        7⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43600.exe
        7⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
        7⤵
        
        PID:15392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5612.exe
        7⤵
        
        PID:8724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21088.exe
        6⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        7⤵
        
        PID:13064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54948.exe
        7⤵
        
        PID:14992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        6⤵
        
        PID:11544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58291.exe
        6⤵
        
        PID:15744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38386.exe
        6⤵
        
        PID:8496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18000.exe
        5⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14872.exe
        6⤵
        
        PID:12584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58507.exe
        6⤵
        
        PID:16648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
        5⤵
        
        PID:9612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5640.exe
        5⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57435.exe
        5⤵
        
        PID:17304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
      4⤵
      PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58561.exe
        5⤵
        
        PID:7432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25333.exe
        6⤵
        
        PID:17128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36451.exe
        6⤵
        
        PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23687.exe
        5⤵
        
        PID:10028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5146.exe
        5⤵
        
        PID:13584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44141.exe
        5⤵
        
        PID:8448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
      4⤵
      PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35698.exe
        5⤵
        
        PID:12496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4891.exe
        5⤵
        
        PID:15028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33793.exe
        5⤵
        
        PID:9400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13487.exe
      4⤵
      PID:9816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58372.exe
      4⤵
      PID:13408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19620.exe
      4⤵
      PID:14904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
      4⤵
      PID:8760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20842.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55019.exe
        5⤵
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
        6⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40555.exe
        7⤵
        
        PID:12820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43406.exe
        7⤵
        
        PID:16172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57997.exe
        7⤵
        
        PID:18052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23687.exe
        6⤵
        
        PID:9280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17734.exe
        6⤵
        
        PID:13888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19474.exe
        6⤵
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39538.exe
        6⤵
        
        PID:10956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9120.exe
        5⤵
        
        PID:7180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24181.exe
        6⤵
        
        PID:16820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46434.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47318.exe
        5⤵
        
        PID:15644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54959.exe
        5⤵
        
        PID:18084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55465.exe
      4⤵
      PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9962.exe
        5⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64322.exe
        6⤵
        
        PID:10604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42643.exe
        6⤵
        
        PID:14512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28474.exe
        6⤵
        
        PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64441.exe
        5⤵
        
        PID:9264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62432.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58700.exe
        5⤵
        
        PID:16888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44746.exe
        5⤵
        
        PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9832.exe
      4⤵
      PID:6084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16279.exe
      4⤵
      PID:10000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56151.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55727.exe
      4⤵
      PID:8576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53136.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53136.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65434.exe
      4⤵
      PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3008.exe
        5⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30970.exe
        6⤵
        
        PID:9968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23323.exe
        6⤵
        
        PID:13556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21890.exe
        6⤵
        
        PID:16516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
        6⤵
        
        PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
        5⤵
        
        PID:9604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11949.exe
        5⤵
        
        PID:14016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32534.exe
        5⤵
        
        PID:16868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26205.exe
        5⤵
        
        PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3008.exe
      4⤵
      PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52563.exe
        5⤵
        
        PID:10068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26307.exe
        5⤵
        
        PID:14368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61147.exe
        5⤵
        
        PID:16500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
      4⤵
      PID:9564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
      4⤵
      PID:14724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34181.exe
      4⤵
      PID:5908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59953.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59953.exe
    3⤵
    PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36522.exe
      4⤵
      PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1871.exe
        5⤵
        
        PID:392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20114.exe
        5⤵
        
        PID:5656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56273.exe
      4⤵
      PID:9284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62432.exe
      4⤵
      PID:12284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58700.exe
      4⤵
      PID:16860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55197.exe
      4⤵
      PID:18044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14385.exe
    3⤵
    PID:7524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58088.exe
      4⤵
      PID:17012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60022.exe
      4⤵
      PID:9244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65424.exe
    3⤵
    PID:10012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
    3⤵
    PID:13540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62492.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62492.exe
    3⤵
    PID:17228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50934.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50934.exe
    3⤵
    PID:7348
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25552.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25552.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48018.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43882.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11225.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13633.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23634.exe
        7⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16722.exe
        8⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42578.exe
        9⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23953.exe
        9⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6986.exe
        9⤵
        
        PID:13836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1475.exe
        9⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54337.exe
        8⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3516.exe
        9⤵
        
        PID:17088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35709.exe
        9⤵
        
        PID:18140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        8⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30636.exe
        8⤵
        
        PID:15708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54813.exe
        8⤵
        
        PID:18116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        7⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64130.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50812.exe
        8⤵
        
        PID:14452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20114.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2639.exe
        7⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46743.exe
        8⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17648.exe
        7⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37538.exe
        7⤵
        
        PID:15560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52886.exe
        7⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54697.exe
        6⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63322.exe
        7⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62194.exe
        8⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5346.exe
        8⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29100.exe
        8⤵
        
        PID:17024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8947.exe
        8⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16864.exe
        7⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43274.exe
        7⤵
        
        PID:13096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57435.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38085.exe
        7⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16743.exe
        6⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8209.exe
        7⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59830.exe
        7⤵
        
        PID:15992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39851.exe
        7⤵
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19656.exe
        6⤵
        
        PID:9592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62512.exe
        6⤵
        
        PID:13308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40899.exe
        6⤵
        
        PID:17152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19127.exe
        5⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17682.exe
        6⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13330.exe
        7⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46748.exe
        8⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51473.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31490.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13968.exe
        6⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8903.exe
        6⤵
        
        PID:10784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
        6⤵
        
        PID:15224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21085.exe
        6⤵
        
        PID:18424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5304.exe
        5⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37498.exe
        6⤵
        
        PID:8916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55521.exe
        6⤵
        
        PID:12540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
        6⤵
        
        PID:16400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63286.exe
        6⤵
        
        PID:10888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65376.exe
        5⤵
        
        PID:8376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8504.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9023.exe
        5⤵
        
        PID:13436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        5⤵
        
        PID:17008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44379.exe
        5⤵
        
        PID:4652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56897.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4505.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16426.exe
        6⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54010.exe
        7⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
        8⤵
        
        PID:13244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50601.exe
        7⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20614.exe
        7⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29149.exe
        7⤵
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47954.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44514.exe
        6⤵
        
        PID:10472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22818.exe
        6⤵
        
        PID:18244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16.exe
        5⤵
        
        PID:5592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
        6⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59034.exe
        7⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46484.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60187.exe
        7⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
        6⤵
        
        PID:9676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20614.exe
        6⤵
        
        PID:14040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27362.exe
        6⤵
        
        PID:14828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16155.exe
        6⤵
        
        PID:6580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
        5⤵
        
        PID:7644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58370.exe
        6⤵
        
        PID:11376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50231.exe
        6⤵
        
        PID:15568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9643.exe
        6⤵
        
        PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53346.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35410.exe
        5⤵
        
        PID:13724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22676.exe
        5⤵
        
        PID:18372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16631.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        5⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27010.exe
        6⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42136.exe
        6⤵
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
        6⤵
        
        PID:11784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1227.exe
        6⤵
        
        PID:16316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
        6⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
        5⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36907.exe
        6⤵
        
        PID:10564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35539.exe
        6⤵
        
        PID:15252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8412.exe
        6⤵
        
        PID:10904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
        5⤵
        
        PID:10556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53579.exe
        5⤵
        
        PID:14492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16347.exe
        5⤵
        
        PID:6780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19616.exe
      4⤵
      PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
        5⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14737.exe
        6⤵
        
        PID:10264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34091.exe
        6⤵
        
        PID:13456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33601.exe
        6⤵
        
        PID:17988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9568.exe
        5⤵
        
        PID:9488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40616.exe
        5⤵
        
        PID:12688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21284.exe
        5⤵
        
        PID:15976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50169.exe
      4⤵
      PID:6292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16809.exe
      4⤵
      PID:10912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36418.exe
      4⤵
      PID:15124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43469.exe
      4⤵
      PID:1488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29762.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61682.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33338.exe
        6⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9552.exe
        7⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57224.exe
        7⤵
        
        PID:11928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29939.exe
        7⤵
        
        PID:15648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
        6⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47986.exe
        7⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58980.exe
        7⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18962.exe
        7⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43362.exe
        6⤵
        
        PID:10768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28882.exe
        6⤵
        
        PID:13580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53462.exe
        6⤵
        
        PID:1112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55081.exe
        5⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54010.exe
        6⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47986.exe
        7⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 640
        7⤵
        Program crash
        
        PID:14344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50601.exe
        6⤵
        
        PID:9528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21766.exe
        6⤵
        
        PID:14120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9139.exe
        6⤵
        
        PID:568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61689.exe
        5⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54379.exe
        6⤵
        
        PID:8984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23512.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55222.exe
        6⤵
        
        PID:15428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14085.exe
        6⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65354.exe
        5⤵
        
        PID:8196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40224.exe
        5⤵
        
        PID:13112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
        5⤵
        
        PID:15732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31716.exe
        5⤵
        
        PID:18148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50177.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34336.exe
        6⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39019.exe
        7⤵
        
        PID:11936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44947.exe
        7⤵
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
        6⤵
        
        PID:9652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11949.exe
        6⤵
        
        PID:14024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1508.exe
        6⤵
        
        PID:6472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3008.exe
        5⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46484.exe
        6⤵
        
        PID:15104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        6⤵
        
        PID:18272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        5⤵
        
        PID:9340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53003.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29917.exe
        5⤵
        
        PID:18236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52969.exe
      4⤵
      PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62386.exe
        5⤵
        
        PID:8204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41296.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19778.exe
        5⤵
        
        PID:16844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15791.exe
      4⤵
      PID:8940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17912.exe
      4⤵
      PID:11964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12786.exe
      4⤵
      PID:16284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4466.exe
      4⤵
      PID:17956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12865.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        5⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45650.exe
        6⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40882.exe
        7⤵
        
        PID:11060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
        6⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20614.exe
        6⤵
        
        PID:14008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27805.exe
        6⤵
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
        5⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
        6⤵
        
        PID:17360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
        6⤵
        
        PID:780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16287.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
        5⤵
        
        PID:13400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        5⤵
        
        PID:16268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43897.exe
      4⤵
      PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
        5⤵
        
        PID:10424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-541.exe
        5⤵
        
        PID:15720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53922.exe
      4⤵
      PID:8908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42821.exe
        5⤵
        
        PID:17276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33392.exe
      4⤵
      PID:12332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16356.exe
      4⤵
      PID:212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63529.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55019.exe
      4⤵
      PID:520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20946.exe
        5⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62194.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29365.exe
        7⤵
        
        PID:17120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44262.exe
        7⤵
        
        PID:11012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49465.exe
        6⤵
        
        PID:12980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58507.exe
        6⤵
        
        PID:16656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14277.exe
        6⤵
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44794.exe
        5⤵
        
        PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45608.exe
        5⤵
        
        PID:12628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62623.exe
        5⤵
        
        PID:16028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31185.exe
        5⤵
        
        PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26168.exe
      4⤵
      PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44779.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49743.exe
        5⤵
        
        PID:14476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11946.exe
        5⤵
        
        PID:6108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
      4⤵
      PID:9684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11949.exe
      4⤵
      PID:14272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44871.exe
      4⤵
      PID:4060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10951.exe
    3⤵
    PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18515.exe
      4⤵
      PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36451.exe
        5⤵
        
        PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2552.exe
      4⤵
      PID:9844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12170.exe
      4⤵
      PID:13444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27756.exe
      4⤵
      PID:16968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9139.exe
      4⤵
      PID:5696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50906.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50906.exe
    3⤵
    PID:7664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61250.exe
      4⤵
      PID:12572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43022.exe
      4⤵
      PID:16224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45211.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45211.exe
    3⤵
    PID:10164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14410.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14410.exe
    3⤵
    PID:13736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5325.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5325.exe
    3⤵
    PID:18020
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14368.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14368.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44074.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44074.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11225.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3352
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 716
        6⤵
        Program crash
        
        PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38033.exe
        5⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30762.exe
        6⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49138.exe
        7⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29763.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57421.exe
        7⤵
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50705.exe
        6⤵
        
        PID:9148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45995.exe
        6⤵
        
        PID:13912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17963.exe
        6⤵
        
        PID:17392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
        5⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25333.exe
        6⤵
        
        PID:17248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63201.exe
        5⤵
        
        PID:11336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
        5⤵
        
        PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46445.exe
        5⤵
        
        PID:10952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2896.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10561.exe
        5⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11367.exe
        6⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27445.exe
        7⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64629.exe
        7⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
        6⤵
        
        PID:11056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47318.exe
        6⤵
        
        PID:14956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-548.exe
        6⤵
        
        PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7305.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5719.exe
        5⤵
        
        PID:11588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5435.exe
        5⤵
        
        PID:15020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4482.exe
        5⤵
        
        PID:17340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49185.exe
      4⤵
      PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
        5⤵
        
        PID:7120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        6⤵
        
        PID:12788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46500.exe
        6⤵
        
        PID:17188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29848.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        5⤵
        
        PID:15152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65001.exe
      4⤵
      PID:7500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59138.exe
        5⤵
        
        PID:11644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35539.exe
        5⤵
        
        PID:15440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63477.exe
        5⤵
        
        PID:8444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59521.exe
      4⤵
      PID:12800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54872.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41980.exe
      4⤵
      PID:8016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56897.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29010.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3204
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 636
        5⤵
        Program crash
        
        PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43705.exe
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30466.exe
        5⤵
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1810.exe
        6⤵
        
        PID:8964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55521.exe
        6⤵
        
        PID:12556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
        6⤵
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63478.exe
        6⤵
        
        PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50601.exe
        5⤵
        
        PID:9620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20614.exe
        5⤵
        
        PID:14288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38085.exe
        5⤵
        
        PID:6308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16655.exe
      4⤵
      PID:7544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29553.exe
      4⤵
      PID:10056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34258.exe
      4⤵
      PID:13508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2555.exe
      4⤵
      PID:17220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14816.exe
    3⤵
    PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16914.exe
      4⤵
      PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15058.exe
        5⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51842.exe
        6⤵
        
        PID:11484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4891.exe
        6⤵
        
        PID:16392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29848.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        5⤵
        
        PID:15144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45401.exe
      4⤵
      PID:7948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42821.exe
        5⤵
        
        PID:17052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
      4⤵
      PID:11536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58291.exe
      4⤵
      PID:15212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18839.exe
    3⤵
    PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44779.exe
      4⤵
      PID:10872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34091.exe
      4⤵
      PID:13184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33985.exe
      4⤵
      PID:4552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32120.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32120.exe
    3⤵
    PID:9048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34978.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34978.exe
    3⤵
    PID:11796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
    3⤵
    PID:15368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40461.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40461.exe
    3⤵
    PID:18004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43809.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43809.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11225.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
      4⤵
      PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55315.exe
        5⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15089.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
        7⤵
        
        PID:16600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58000.exe
        6⤵
        
        PID:10460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3614.exe
        6⤵
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
        5⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46853.exe
        6⤵
        
        PID:15604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2818.exe
        6⤵
        
        PID:6632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47481.exe
        5⤵
        
        PID:10180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10142.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31524.exe
        5⤵
        
        PID:18100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13471.exe
      4⤵
      PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14737.exe
        5⤵
        
        PID:10288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52732.exe
        5⤵
        
        PID:14616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61147.exe
        5⤵
        
        PID:6112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57321.exe
      4⤵
      PID:9040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33392.exe
      4⤵
      PID:12432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16356.exe
      4⤵
      PID:16416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41980.exe
      4⤵
      PID:8728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8951.exe
    3⤵
    PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47147.exe
      4⤵
      PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43449.exe
        5⤵
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58593.exe
        5⤵
        
        PID:12388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        5⤵
        
        PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9139.exe
        5⤵
        
        PID:14840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45785.exe
      4⤵
      PID:8224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
      4⤵
      PID:11496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
      4⤵
      PID:14968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43677.exe
      4⤵
      PID:18304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19336.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19336.exe
    3⤵
    PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5977.exe
      4⤵
      PID:8812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12433.exe
      4⤵
      PID:11748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60899.exe
      4⤵
      PID:1876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45449.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45449.exe
    3⤵
    PID:8976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17912.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17912.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:11820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29517.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29517.exe
    3⤵
    PID:4588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8924.exe
    3⤵
    PID:18076
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2295.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2295.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31226.exe
      4⤵
      PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13737.exe
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6953.exe
        6⤵
        
        PID:10384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50895.exe
        6⤵
        
        PID:14820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
        6⤵
        
        PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44794.exe
        5⤵
        
        PID:7620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42593.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62623.exe
        5⤵
        
        PID:15984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
        5⤵
        
        PID:7440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40449.exe
      4⤵
      PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9937.exe
        5⤵
        
        PID:9056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3530.exe
        5⤵
        
        PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63094.exe
        5⤵
        
        PID:17972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55889.exe
      4⤵
      PID:10692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28882.exe
      4⤵
      PID:13632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9139.exe
      4⤵
      PID:5460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43897.exe
    3⤵
    PID:5728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62194.exe
      4⤵
      PID:9004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20985.exe
      4⤵
      PID:12248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
      4⤵
      PID:15388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
      4⤵
      PID:18352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-720.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-720.exe
    3⤵
    PID:8892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34447.exe
    3⤵
    PID:11812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35886.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35886.exe
    3⤵
    PID:15316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18353.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18353.exe
    3⤵
    PID:9136
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38328.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38328.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10561.exe
    3⤵
    PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54010.exe
      4⤵
      PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40171.exe
        5⤵
        
        PID:9184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
      4⤵
      PID:9572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65312.exe
      4⤵
      PID:12304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
      4⤵
      PID:17144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
    3⤵
    PID:4144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43362.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43362.exe
    3⤵
    PID:10732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28690.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28690.exe
    3⤵
    PID:12972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54422.exe
    3⤵
    PID:8604
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42146.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42146.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32978.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32978.exe
    3⤵
    PID:7736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27637.exe
      4⤵
      PID:16628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36451.exe
      4⤵
      PID:1708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43600.exe
    3⤵
    PID:11360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
    3⤵
    PID:1728
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45615.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45615.exe
  2⤵
  PID:8304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:13840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14085.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14085.exe
    3⤵
    PID:8644
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
  2⤵
  PID:11512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65372.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65372.exe
  2⤵
  PID:15680
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21278.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21278.exe
  2⤵
  PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3352 -ip 3352
1⤵
PID:3432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 3204 -ip 3204
1⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 9012 -ip 9012
1⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6996 -ip 6996
1⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6852 -ip 6852
1⤵
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 7004 -ip 7004
1⤵
PID:14352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6996 -ip 6996
1⤵
PID:14640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 6968 -ip 6968
1⤵
PID:14716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6980 -ip 6980
1⤵
PID:14960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 6980 -ip 6980
1⤵
PID:14988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6088 -ip 6088
1⤵
PID:15036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 6088 -ip 6088
1⤵
PID:14864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 6988 -ip 6988
1⤵
PID:15580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6988 -ip 6988
1⤵
PID:16220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 6860 -ip 6860
1⤵
PID:16512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 6860 -ip 6860
1⤵
PID:16964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 6968 -ip 6968
1⤵
PID:17376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 7004 -ip 7004
1⤵
PID:15260

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10898.exe

Filesize
468KB

MD5
2d0eedf51691160b7858317789f3f51e

SHA1
adfaf22944ac928148d0e11b8f3c97ab49fb63f3

SHA256
2d92a2aa5f79c1530f75db6f45e17adfb73791c459e061b85dda06b4153436ad

SHA512
648b55f83e4e38aedb51204585a871c4dae943e4db2ce834709bb8a74b74b46d6c0660618cde017f12ef294277ed89f60d7a817604838dc8dfedd73ef8dc716d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11225.exe

Filesize
468KB

MD5
fe59b80344d11582b5f9248e84bf74b2

SHA1
a791f221cc90d157986a3b9fca289028c078d99d

SHA256
08d555e412f84f9beb28a10adefd91e66c66c2faea468dcb59784f0b09301e72

SHA512
14049c07b28bd02f95311d4ffa7eef05758d4e6266a39eb71bbf60db7d469ca8c07b1883a3016f1842b068bbee62cad04b296a5101de169946766634dee7abd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14368.exe

Filesize
468KB

MD5
d3d04bcb9db5a83dfab1d8ff5c2b5a00

SHA1
11d2d884ac24c64cec55c9d7dca5c1b1d4a03cc2

SHA256
4420b0a5d0759835bc98d221a294835363dfb45c61d87ce8cf834773f92f32f4

SHA512
9c7d5004cc867955ced7694955097f229d106b1c7cfff2cd07ae3cf1cd0f388ce1a135f23dadf4e17cb190f939ecca762d23fd22588404b691980ce9fad81771

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15271.exe

Filesize
468KB

MD5
f33d119a7b2641c8e8e848bda629e487

SHA1
754d94d083d50ee6e76454ea8811b799d4632c48

SHA256
bd46c1029c0f632df19c00ab79d251a0414c3ef6b0dfd4537fe226c32023c8eb

SHA512
0ec931172010b924ca3e88a4848f78dff3013c907276ec3609f3f186f26c51d170c871c4a43ca0a412ebaf27c1e65320276bfed9f3dfd56a6f5bf50fe1c19ce1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15656.exe

Filesize
468KB

MD5
f990cfeb4d5dfe1ca18fe12b0f363c70

SHA1
b3e4375f4bde98ce803de7669d8838305644ec5c

SHA256
8fd214347c9d87d8ce139d177792efe40d7abd05c4db6bf5520360e132965a9b

SHA512
6895ff411b073786a00ca40fb53b38b480154501909b99fe0bc4fc947f54f10eaa0dbdebc79623e63dd80ed67187c20a8a0df04ac60cecc0fb5f32dd91f21adf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe

Filesize
468KB

MD5
28dc92c69df179817452550262c724f5

SHA1
1f6091912025198b51550fbecb034c13251c2140

SHA256
128204f680aa0227da3a30224125a6737b0c07dbe49597b452a7c05037792b67

SHA512
805ec1f230e734881745d8df60f639b25062077cf16fe6e39ea1a38192e2327475783e00f029ed24137716904bf238b61d56edd21ea231281dfe917d3f0a1601

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19896.exe

Filesize
468KB

MD5
c36aea5db8dd948cefe49bfc798e25e2

SHA1
cdd98cb10d99653d4935fe113b7d3172ef7a7a23

SHA256
467ed285c64e92077add0739773a78e5a9fba1de147fd9caadcae2120842f4a7

SHA512
a183d0d6833c8403b05b1f0d2691657b6c302c70b920eb03711d251cb5b8774b1c671c0bda2f8b359a84a604054ec827fd4b5cbda29b17e6147492ed6ed05eea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2295.exe

Filesize
468KB

MD5
9615d805a8788def5583fdeb464c6f6e

SHA1
8e5328d84816d1424bc88ebbc27d69ea88e200f8

SHA256
6f54722dee12c8569d025bebdd4a96d14ca29baa094ab70ab47e4ce4979db336

SHA512
bb336eae07858a12e3d6d68bea10ea5dafb58f03d7fee176b613bb39ba85476b2cf5b871a8dfbb9a26380737290b864f6492eb69205054ae81061d0cc3a89003

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe

Filesize
468KB

MD5
0be51a68364510cc0006e768b47ac49f

SHA1
7c3b0d70f2647624f1b8ee291caca01f7397db5b

SHA256
702a764e437711822dd809b2addaee7bddf4b02c65fb30099bdee1109db25f62

SHA512
6a2595ad75bbcc9e66d3727c66663e553a7f3dc9a410afb2ac5b3639af16d387a47954afb13f5bc98670dfe7a4d936f5b149d0b82544cce93630e0497b0b6bc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25552.exe

Filesize
468KB

MD5
18d279912ba0aec7a6409253a4f5760c

SHA1
138b2b8f5340edd38ccd267176aaf59d6b08929a

SHA256
ee9e046854701b2f334c31fa8d930acf1c5100cbf8d56e57210935334b88069a

SHA512
89bb83b059c5e9e663f8c57b6830da5c0c9bf5fe876eec7ee09708f4adcbdfd7f4e7eb01e951ba631d241eaa692ce76eb019e0320158d5f5dfed6bcab86b94a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe

Filesize
468KB

MD5
6555ab645ddf25337a35c798c8f93651

SHA1
873dc126ee317d3fd0720320e62bbe766484bd1f

SHA256
36d3b60d4304dcff40ccf3768a769b700e8ff6a84b459138c291d6a423d9afc2

SHA512
bb4aa24247208d3c90585d6526e152ad3c50734447ad263e496258862a5b7fe533195c9c2dfcfba2d4d52e72fc57db218f2cba06b0446229571c123420327fa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29762.exe

Filesize
468KB

MD5
1c90ae8dd73b0ceb5217d8a7f7bb72b2

SHA1
bafbb70ef63d65838fe3a8f97cea9fec1e7660e4

SHA256
a7c06187312f9f0a3b599edcd91aabba1b2b72de1e11bab481148d95cce1c7d1

SHA512
c972a7a9918764e667ceacb6d270b68a21b2691c69a4aa839e0b381083caaf1b59493a1a1a20bb75b867c769b688e463230127422a193f77797ec885ef48408f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32594.exe

Filesize
468KB

MD5
207efe0b7a159e2ab70fc3127db6b772

SHA1
568ffedd8f5bce63a9485dc72bff963815807e22

SHA256
8544f02a30f3d6e9d70c873de1160c2441375f55c0b853be4899d778d95fecc8

SHA512
806e8fe864e6ef684b95cad8817f76a606230d3c0bdb57d3d9eadb54db24bf6eff6f08f00aff75d32f8b7d3fc1bc92d7b466fec88c4815828c05ee5fd2552d9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36378.exe

Filesize
468KB

MD5
a71d1937541635dc30f6705b9f9e60a6

SHA1
aaaffc5d6f665f3a306a6d542074eda2b0f09a05

SHA256
20fbf692e2318ba6c87728e1035b26b068002b05f6873d30f7a11a93697cc6dd

SHA512
abdf33f3fd474fc6c47f7333e5ce9b1596ed8be5b38c8220c3bdc59b2480d852141e41d50bd4186cb0f8d5a852d6908e82db3e5bf9dd372153f9d5e89d40b30f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37354.exe

Filesize
468KB

MD5
437a4ed8bec4f946bc8fce003d9cc55a

SHA1
318ff17b2af8572105f158c1e9e4304a60a05417

SHA256
2d3cc83cda08a279935e6d065ae4300f110938bfb8638974513ffd528f6c824e

SHA512
e88ab84c90789bbc8e55eef9772d0e47823cfb79374570c11cc09c6063b678151f92c2fe9431d200919919350a8b8c19d3d3fab69b9d2c3b9cffc767b05dc882

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe

Filesize
468KB

MD5
394cfaed1235aee12459e18207d3b504

SHA1
3717526dff508d2ab411c8eb45289e5913fe1f7f

SHA256
daeb24ed1a0f0eb8e796d570807b18d2b518141a391b4136e41b908663692390

SHA512
41c7836339f423a9a500d91a4e6230169f9e30808fce784e3173988c423618bdd138cb8537d52e30e7f0241380c8690481f50d1af9cc7d86ad8c4ccd3c570854

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe

Filesize
468KB

MD5
e92f9b4b034903bbf0256ccf3b51e157

SHA1
f02f6d8b2cc2a52dcce1dbe1766a71b174832117

SHA256
b1cdde2f6687bcc4c70b4cdfd6dbab086b4cb821988939f570dfd2a45c69a0dc

SHA512
cd1688bdd6b27921bc58a29ee4c95d7358df4d3eb9d6f094e7a1af2cbf3e9f547b4d1180ec3b1b482cca3ec107f049e452ca816797ba0d321b0e90e09d32197b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41296.exe

Filesize
468KB

MD5
648ac7a7614d41c551b6df5668f5b74e

SHA1
7eb2f706cf0553424dbc915c9bc69b4afcb85bc9

SHA256
6e4ed7bbec438d83942d23dff12a74d5aac2c194e4494176cdf46d7260006958

SHA512
afae090294520ed8fb0ce906449e5f4248a21110ec338e660d661be4ad1ee28686d422d9944e15f9c965e6ad7c18463b1082a9d637b8fd95d3331ca6dc23e0b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43809.exe

Filesize
468KB

MD5
788ba8832d6d250e8bc84dda08634b96

SHA1
70adcd8f660a3f140fb54fce9ff99eaade940c96

SHA256
1ecdaec310d4cec2e68df67c778995ce7c7a1d8fcd2fc4123dc7540f573b2266

SHA512
473306e9a2241948529f87b0a4fe1621933cb297c1f4f12c889a3d1b96859e9ccaf646a51b88360ac5ac720c36e3b515a34632f859f039253064512b41772401

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43882.exe

Filesize
468KB

MD5
548d470ebf10f10eb99c0e9bc6ac460e

SHA1
fa229e56782cd29d72f161ab6d82706d232fa9b8

SHA256
01877e47c1d4b03912e30d683a77f99a20f8cf86ddd482bc7343e102952df830

SHA512
a3cad831401081ae0a3f076a7b191c96f12628b9d1809b8f34596d0044e02b7a6f5d0947f9d2875552a38c42264e20f43a06ffa91cb6c70079a3291d3a28a6b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44074.exe

Filesize
468KB

MD5
8d125813d457900cebe3053593125c06

SHA1
8ca44cfe8cc2210cd4711deccb274b4bb5142264

SHA256
81b8bebfb0ac42d3314a55d53b5deef5855831b6ad97a56638c45287d5c96f30

SHA512
ff5520a313bb31a8f39589d02415c52491e88cb43b090aa19bbc0de5ebff36e60a756404045ebe9c3204d950b11d05fb311d206a5c0db975e5c503fb97edd630

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46098.exe

Filesize
468KB

MD5
be492a9b42f83389d0775799f434aa59

SHA1
4ba3fc82e284eabd81c62d9e0769a44f971f46bb

SHA256
35fb1d16a0a561b5ffae7b94a736b51f19ec2f5201edee53bf4b015a478ed5cb

SHA512
84a38d8a8d857ecbf8baf08a63c316907c01483c3a6947f3367c1f247e3232c2e1db4cdc185a60bf14e9249615b22a9d74a7648c4e1b4a05e1aef8e5bc47bb19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48018.exe

Filesize
468KB

MD5
3091dffd6ee9a07162fd8025e580d6c9

SHA1
8a333a39e561bf373db6dae07f75178206f8f2b3

SHA256
9090a242ddf4914b9d981203b13754d300348c97a7f7d30d099c4d6e35128df3

SHA512
9383c9b344d0996fb15a31d08e12853d6be9b11353633b6ceeb8cd916487418303fa4580d74f03dc271c5cf9ddcae7a3bdaf465b58af5615e1b54eade605ba2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe

Filesize
468KB

MD5
1e9efb780cdf394266beb131359d8193

SHA1
3e8acd95f40bbdc37bcb7bdc100aa7ddb2317432

SHA256
22200e3698a78f94a4fda27a8f4c4b42f11526edba0c28dc352f71cbee215051

SHA512
3c69a7452b4f22938768aee31c53df95e710df23ed20625a749bf928424351d74cc6c43b40f8394dee6f15657d4f2e038ae2efcc79909265542b1fbf6bb090c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe

Filesize
468KB

MD5
c8c8f9c5104c287489faf2300b4ce6c2

SHA1
a95816d2f9de4380478ea89654427e94721c8c57

SHA256
235dfbaaacde212d5b7b5fb474c0c3039f647766b404ee1a5507b227dce478e4

SHA512
4cd5a5ba44dedf3f2f207227e11f5d830ff601d28d79c1095d89b32c9a97463c97c1999351625b3a01f3a5e24311494c79ca019aca948e24ab73c9dbba591238

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53586.exe

Filesize
468KB

MD5
be901fef0ca6a139689779d2bf253e30

SHA1
05ccc7c8a5da742bdc3695c8789ab2fc549bf96a

SHA256
f1fc844fcb48d23eecb5a7cd3d696e14fb419926b42d25c1c16bda38f8306dc1

SHA512
f24e1c12f8d5f44b024e74e287084d385c3d217fa8fabbd944c92f52084d6e75b6125d3f2fccc78fd47d76b5006abd8199a2e8718bca43d85f758787019f6890

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54074.exe

Filesize
468KB

MD5
11d127f06cd64a607a42fa5c8437ec74

SHA1
ed6b4f0948171c9ea484e73b9b13efe0d7e262df

SHA256
6bff03a429ee7042ff753180c149c8b9a2f13ca9cce5990d0f58c24ecc673c12

SHA512
744ced03d895d41676ca5183fa99639bc51b1ebb133d3ba0d9486713a10ac891d8f17084bd7c06b399f2d49178cdfda5656c82eec0c987ff3fe8f4b651fc12c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56897.exe

Filesize
468KB

MD5
f7446f5addde5319f240904a14cdade7

SHA1
5d129383fa415d9718cd1bf364c6b4bdc22b7eb6

SHA256
27b810a970f84370f4c065624f916f11faf1dc4a07ba345bf11497ae4fa07744

SHA512
a6f6b7c06445906ca6cc82ebfff884c85edea480d5f286b718a1de68330be213d04b3633429518c5ab38153ee50917488cbeeda2eabcd48c6c1bcd4d005d9f55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57810.exe

Filesize
468KB

MD5
7952641c90660e9112de8ada0d016945

SHA1
87f7dddc31115c98e653a18e3271a6ab08bab419

SHA256
3ebdec82eb5529b614dd56c7f6d58cac4eaa059d8a70ac07acfcea06882edcfe

SHA512
8baf01f827047fd8a3413fb9814a2ac4fce58ca655bed9c657d0e290c9b06363ed1b33100c3249e41344a6e5b89eb6d83ba5d062f5fc3858f993547c408b1b40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60026.exe

Filesize
468KB

MD5
b4a9361ebdb7c5d73a51ad5c98d156ee

SHA1
7a8fc3b1d6bd4870f6ba7eb85037fe2c535be6d4

SHA256
15cc02fc06b7a44aec5fd89e42a053d8465a223e675ed72569ea6954ee7901f2

SHA512
4aa92259c7f71fc5268bbaffb1ba4902761b4a7735c5510aae2b8082eb8398bd85ed1e649fa6308777f635cdf9e171e1888ba14f78de71b9763414fe50e3403a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65266.exe

Filesize
468KB

MD5
09ebe98c2d60e91d53e204c57fe232b1

SHA1
748e3acd0dcc05537241ae6555695e822bbf9465

SHA256
15e9728ff92ed9f777c805772eeb2a58240948668185ef6a9baba199a1b83366

SHA512
a6e15aa8c2f4c2c5527923fc85cf27d0afec5120913a9bbb65e6036cc8d158b153bb331f292a2ed33ff0d7f45b3d9010aca6a174c39315c5c28d422f6e607b56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9320.exe

Filesize
468KB

MD5
54019ab0ddbef13818faf9708cc6f385

SHA1
992c38c654a28e372e2515239e9f9788bc400e3c

SHA256
b52e7f0721dd11899b7224c5a8729298e271cfb3242570b61ef4b1f868eeadc5

SHA512
db3076ca7427a4d83c8b55524bb27b043239675c8f82768f1570dce51f216ec66475ad141d319b39f5d00023ed11d6a10d2157d78401b9be21a6cbd5650b529c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9834.exe

Filesize
468KB

MD5
582f0b43c605f6d4b836145d139b4bac

SHA1
080cdf8de7bcdd802b02b02f8715ea29063e2da9

SHA256
f2a517564029c777155fcdf6ba6ae224852947300ce9ec03600683dc50aa8970

SHA512
b9a0f57d2ba6f819fb62d8debfab51266ad37d296aecfd4cfcfe88722f3a2a030abc40e43acd5c9f6f8249c93ccc7ad31fcc505046f0129ea18299d303158385

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads