dd9999e534ec4c605b17d044330075303be0a7c4ecae4d87d1a29f2c0423d38f

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd9999e534ec4c605b17d044330075303be0a7c4ecae4d87d1a29f2c0423d38f.exe
Size

184KB
MD5

1c300cb23b7542e3c88b35704c7ce52f
SHA1

adf4c65bde7ea19c0ce190438d3a832b3e2c28c6
SHA256

dd9999e534ec4c605b17d044330075303be0a7c4ecae4d87d1a29f2c0423d38f
SHA512

8591bde421bd7612e4856fa63263346feff1d5ee851502ab549db9a7550f2ec1b53b1d85c8c5a33e4465bae6f7550044c02eb49550e9e49f28b6718d0e163e86
SSDEEP

3072:uhgB8Fo2JjH1S+p9rjPqGCtwXvnqnvGuq:uh7oyQ+plqVtwXPqnvGu

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
208	Unicorn-37617.exe
3360	Unicorn-49584.exe
388	Unicorn-18343.exe
1224	Unicorn-34369.exe
5060	Unicorn-34369.exe
5052	Unicorn-60911.exe
3112	Unicorn-47176.exe
3152	Unicorn-53409.exe
4300	Unicorn-52952.exe
4508	Unicorn-39761.exe
2920	Unicorn-6896.exe
1732	Unicorn-34608.exe
640	Unicorn-17102.exe
4536	Unicorn-14742.exe
1848	Unicorn-3367.exe
5032	Unicorn-59390.exe
1236	Unicorn-26334.exe
4284	Unicorn-22612.exe
3652	Unicorn-17211.exe
1604	Unicorn-15129.exe
1552	Unicorn-42094.exe
1424	Unicorn-11844.exe
2468	Unicorn-58430.exe
2000	Unicorn-61310.exe
4112	Unicorn-28446.exe
4280	Unicorn-17817.exe
1336	Unicorn-61118.exe
1200	Unicorn-44590.exe
3440	Unicorn-22123.exe
4928	Unicorn-5595.exe
4368	Unicorn-24532.exe
4820	Unicorn-10589.exe
3372	Unicorn-23204.exe
3568	Unicorn-30574.exe
4200	Unicorn-43188.exe
2040	Unicorn-48638.exe
760	Unicorn-25595.exe
2500	Unicorn-31342.exe
1896	Unicorn-29140.exe
1392	Unicorn-5213.exe
1792	Unicorn-13993.exe
1432	Unicorn-37694.exe
944	Unicorn-4829.exe
4724	Unicorn-4372.exe
1696	Unicorn-14651.exe
1772	Unicorn-20398.exe
1332	Unicorn-36926.exe
4572	Unicorn-3412.exe
3948	Unicorn-7248.exe
1564	Unicorn-39614.exe
1876	Unicorn-16179.exe
4560	Unicorn-52229.exe
3740	Unicorn-15795.exe
2300	Unicorn-39230.exe
2996	Unicorn-22702.exe
4388	Unicorn-23086.exe
4124	Unicorn-22510.exe
1976	Unicorn-16379.exe
4312	Unicorn-16379.exe
3636	Unicorn-3028.exe
4100	Unicorn-18980.exe
540	Unicorn-52229.exe
844	Unicorn-2644.exe
3280	Unicorn-19251.exe

Program crash 5 IoCs

pid	pid_target	Process	procid_target
8056	6420	WerFault.exe	282
8048	6172	WerFault.exe	299
8040	5712	WerFault.exe	300
8960	7184	WerFault.exe	364
10476	9296	WerFault.exe	468

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34132.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47169.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15129.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19467.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11972.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65507.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49605.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46537.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9652.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56117.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64012.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59493.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28405.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53409.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27611.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33742.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13876.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58845.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21454.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34283.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26820.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29332.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54510.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7995.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49605.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3307.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16088.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18907.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8621.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62190.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52453.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25364.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38094.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51742.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12733.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33685.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	18264	dwm.exe
Token: SeChangeNotifyPrivilege	18264	dwm.exe
Token: 33	18264	dwm.exe
Token: SeIncBasePriorityPrivilege	18264	dwm.exe
Token: SeCreateGlobalPrivilege	16284	Process not Found
Token: SeChangeNotifyPrivilege	16284	Process not Found
Token: 33	16284	Process not Found
Token: SeIncBasePriorityPrivilege	16284	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2780	dd9999e534ec4c605b17d044330075303be0a7c4ecae4d87d1a29f2c0423d38f.exe
208	Unicorn-37617.exe
3360	Unicorn-49584.exe
388	Unicorn-18343.exe
5052	Unicorn-60911.exe
5060	Unicorn-34369.exe
1224	Unicorn-34369.exe
3112	Unicorn-47176.exe
3152	Unicorn-53409.exe
4300	Unicorn-52952.exe
4508	Unicorn-39761.exe
640	Unicorn-17102.exe
1732	Unicorn-34608.exe
1848	Unicorn-3367.exe
2920	Unicorn-6896.exe
4536	Unicorn-14742.exe
5032	Unicorn-59390.exe
1236	Unicorn-26334.exe
3652	Unicorn-17211.exe
4284	Unicorn-22612.exe
1604	Unicorn-15129.exe
1552	Unicorn-42094.exe
1424	Unicorn-11844.exe
3440	Unicorn-22123.exe
4928	Unicorn-5595.exe
2468	Unicorn-58430.exe
2000	Unicorn-61310.exe
1200	Unicorn-44590.exe
4112	Unicorn-28446.exe
4368	Unicorn-24532.exe
4280	Unicorn-17817.exe
1336	Unicorn-61118.exe
4820	Unicorn-10589.exe
3372	Unicorn-23204.exe
3568	Unicorn-30574.exe
4200	Unicorn-43188.exe
2040	Unicorn-48638.exe
760	Unicorn-25595.exe
2500	Unicorn-31342.exe
1896	Unicorn-29140.exe
1392	Unicorn-5213.exe
1792	Unicorn-13993.exe
944	Unicorn-4829.exe
1432	Unicorn-37694.exe
4724	Unicorn-4372.exe
1696	Unicorn-14651.exe
1772	Unicorn-20398.exe
4572	Unicorn-3412.exe
3948	Unicorn-7248.exe
1332	Unicorn-36926.exe
1876	Unicorn-16179.exe
1564	Unicorn-39614.exe
4560	Unicorn-52229.exe
540	Unicorn-52229.exe
3740	Unicorn-15795.exe
4312	Unicorn-16379.exe
4124	Unicorn-22510.exe
2300	Unicorn-39230.exe
4100	Unicorn-18980.exe
1976	Unicorn-16379.exe
3636	Unicorn-3028.exe
2996	Unicorn-22702.exe
4388	Unicorn-23086.exe
844	Unicorn-2644.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 208	2780	dd9999e534ec4c605b17d044330075303be0a7c4ecae4d87d1a29f2c0423d38f.exe	82
PID 2780 wrote to memory of 208	2780	dd9999e534ec4c605b17d044330075303be0a7c4ecae4d87d1a29f2c0423d38f.exe	82
PID 2780 wrote to memory of 208	2780	dd9999e534ec4c605b17d044330075303be0a7c4ecae4d87d1a29f2c0423d38f.exe	82
PID 208 wrote to memory of 3360	208	Unicorn-37617.exe	87
PID 208 wrote to memory of 3360	208	Unicorn-37617.exe	87
PID 208 wrote to memory of 3360	208	Unicorn-37617.exe	87
PID 2780 wrote to memory of 388	2780	dd9999e534ec4c605b17d044330075303be0a7c4ecae4d87d1a29f2c0423d38f.exe	88
PID 2780 wrote to memory of 388	2780	dd9999e534ec4c605b17d044330075303be0a7c4ecae4d87d1a29f2c0423d38f.exe	88
PID 2780 wrote to memory of 388	2780	dd9999e534ec4c605b17d044330075303be0a7c4ecae4d87d1a29f2c0423d38f.exe	88
PID 388 wrote to memory of 5060	388	Unicorn-18343.exe	91
PID 388 wrote to memory of 5060	388	Unicorn-18343.exe	91
PID 3360 wrote to memory of 1224	3360	Unicorn-49584.exe	90
PID 388 wrote to memory of 5060	388	Unicorn-18343.exe	91
PID 3360 wrote to memory of 1224	3360	Unicorn-49584.exe	90
PID 3360 wrote to memory of 1224	3360	Unicorn-49584.exe	90
PID 2780 wrote to memory of 5052	2780	dd9999e534ec4c605b17d044330075303be0a7c4ecae4d87d1a29f2c0423d38f.exe	92
PID 2780 wrote to memory of 5052	2780	dd9999e534ec4c605b17d044330075303be0a7c4ecae4d87d1a29f2c0423d38f.exe	92
PID 2780 wrote to memory of 5052	2780	dd9999e534ec4c605b17d044330075303be0a7c4ecae4d87d1a29f2c0423d38f.exe	92
PID 208 wrote to memory of 3112	208	Unicorn-37617.exe	93
PID 208 wrote to memory of 3112	208	Unicorn-37617.exe	93
PID 208 wrote to memory of 3112	208	Unicorn-37617.exe	93
PID 5052 wrote to memory of 3152	5052	Unicorn-60911.exe	96
PID 5052 wrote to memory of 3152	5052	Unicorn-60911.exe	96
PID 5052 wrote to memory of 3152	5052	Unicorn-60911.exe	96
PID 2780 wrote to memory of 4300	2780	dd9999e534ec4c605b17d044330075303be0a7c4ecae4d87d1a29f2c0423d38f.exe	97
PID 2780 wrote to memory of 4300	2780	dd9999e534ec4c605b17d044330075303be0a7c4ecae4d87d1a29f2c0423d38f.exe	97
PID 2780 wrote to memory of 4300	2780	dd9999e534ec4c605b17d044330075303be0a7c4ecae4d87d1a29f2c0423d38f.exe	97
PID 5060 wrote to memory of 4508	5060	Unicorn-34369.exe	98
PID 5060 wrote to memory of 4508	5060	Unicorn-34369.exe	98
PID 5060 wrote to memory of 4508	5060	Unicorn-34369.exe	98
PID 3112 wrote to memory of 2920	3112	Unicorn-47176.exe	99
PID 3112 wrote to memory of 2920	3112	Unicorn-47176.exe	99
PID 3112 wrote to memory of 2920	3112	Unicorn-47176.exe	99
PID 1224 wrote to memory of 1732	1224	Unicorn-34369.exe	100
PID 1224 wrote to memory of 1732	1224	Unicorn-34369.exe	100
PID 1224 wrote to memory of 1732	1224	Unicorn-34369.exe	100
PID 208 wrote to memory of 640	208	Unicorn-37617.exe	102
PID 208 wrote to memory of 640	208	Unicorn-37617.exe	102
PID 208 wrote to memory of 640	208	Unicorn-37617.exe	102
PID 388 wrote to memory of 4536	388	Unicorn-18343.exe	101
PID 388 wrote to memory of 4536	388	Unicorn-18343.exe	101
PID 388 wrote to memory of 4536	388	Unicorn-18343.exe	101
PID 3360 wrote to memory of 1848	3360	Unicorn-49584.exe	103
PID 3360 wrote to memory of 1848	3360	Unicorn-49584.exe	103
PID 3360 wrote to memory of 1848	3360	Unicorn-49584.exe	103
PID 3152 wrote to memory of 5032	3152	Unicorn-53409.exe	104
PID 3152 wrote to memory of 5032	3152	Unicorn-53409.exe	104
PID 3152 wrote to memory of 5032	3152	Unicorn-53409.exe	104
PID 4300 wrote to memory of 1236	4300	Unicorn-52952.exe	105
PID 4300 wrote to memory of 1236	4300	Unicorn-52952.exe	105
PID 4300 wrote to memory of 1236	4300	Unicorn-52952.exe	105
PID 5052 wrote to memory of 4284	5052	Unicorn-60911.exe	106
PID 5052 wrote to memory of 4284	5052	Unicorn-60911.exe	106
PID 5052 wrote to memory of 4284	5052	Unicorn-60911.exe	106
PID 2780 wrote to memory of 3652	2780	dd9999e534ec4c605b17d044330075303be0a7c4ecae4d87d1a29f2c0423d38f.exe	107
PID 2780 wrote to memory of 3652	2780	dd9999e534ec4c605b17d044330075303be0a7c4ecae4d87d1a29f2c0423d38f.exe	107
PID 2780 wrote to memory of 3652	2780	dd9999e534ec4c605b17d044330075303be0a7c4ecae4d87d1a29f2c0423d38f.exe	107
PID 4508 wrote to memory of 1552	4508	Unicorn-39761.exe	108
PID 4508 wrote to memory of 1552	4508	Unicorn-39761.exe	108
PID 4508 wrote to memory of 1552	4508	Unicorn-39761.exe	108
PID 5060 wrote to memory of 1604	5060	Unicorn-34369.exe	109
PID 5060 wrote to memory of 1604	5060	Unicorn-34369.exe	109
PID 5060 wrote to memory of 1604	5060	Unicorn-34369.exe	109
PID 208 wrote to memory of 1424	208	Unicorn-37617.exe	111

C:\Users\Admin\AppData\Local\Temp\dd9999e534ec4c605b17d044330075303be0a7c4ecae4d87d1a29f2c0423d38f.exe
"C:\Users\Admin\AppData\Local\Temp\dd9999e534ec4c605b17d044330075303be0a7c4ecae4d87d1a29f2c0423d38f.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37617.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37617.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49584.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49584.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34369.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34608.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61310.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16179.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2541.exe
        8⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
        9⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
        9⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16603.exe
        9⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15588.exe
        9⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41357.exe
        9⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50837.exe
        8⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54510.exe
        9⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        9⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        9⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4939.exe
        8⤵
        
        PID:9296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9296 -s 464
        9⤵
        Program crash
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        8⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63833.exe
        8⤵
        
        PID:17232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53375.exe
        8⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31300.exe
        7⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63411.exe
        8⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7348.exe
        8⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21211.exe
        8⤵
        
        PID:13800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6961.exe
        8⤵
        
        PID:17160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe
        7⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26270.exe
        8⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31524.exe
        8⤵
        
        PID:15468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9576.exe
        8⤵
        
        PID:17664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12340.exe
        7⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25915.exe
        7⤵
        
        PID:14184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59581.exe
        7⤵
        
        PID:16496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52229.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51550.exe
        7⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36670.exe
        8⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40670.exe
        9⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17240.exe
        9⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36130.exe
        9⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
        8⤵
        
        PID:12372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64789.exe
        8⤵
        
        PID:16124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        7⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37612.exe
        7⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        7⤵
        
        PID:13752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63833.exe
        7⤵
        
        PID:17132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        7⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39339.exe
        7⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30427.exe
        6⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19566.exe
        7⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
        8⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        8⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        8⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60145.exe
        8⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
        7⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
        7⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48453.exe
        7⤵
        
        PID:15712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19393.exe
        7⤵
        
        PID:7616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15460.exe
        6⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21454.exe
        7⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8836.exe
        7⤵
        
        PID:14016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33576.exe
        7⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19217.exe
        7⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9223.exe
        7⤵
        
        PID:8432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19051.exe
        6⤵
        
        PID:9276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27833.exe
        6⤵
        
        PID:13660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32075.exe
        6⤵
        
        PID:17012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41689.exe
        6⤵
        
        PID:7772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15795.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44643.exe
        7⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37438.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45781.exe
        8⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49276.exe
        8⤵
        
        PID:12716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        8⤵
        
        PID:16220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41357.exe
        8⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61500.exe
        7⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38101.exe
        7⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38027.exe
        7⤵
        
        PID:14328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46913.exe
        7⤵
        
        PID:17524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12618.exe
        7⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49941.exe
        6⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36478.exe
        7⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
        7⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16603.exe
        7⤵
        
        PID:12648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31925.exe
        7⤵
        
        PID:16324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59065.exe
        7⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53986.exe
        7⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9211.exe
        6⤵
        
        PID:7172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27717.exe
        6⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
        6⤵
        
        PID:13672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47297.exe
        6⤵
        
        PID:17204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46971.exe
        6⤵
        
        PID:9560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16379.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53854.exe
        6⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21102.exe
        7⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15285.exe
        8⤵
        
        PID:17028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23352.exe
        8⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        7⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34283.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        7⤵
        
        PID:16404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44485.exe
        6⤵
        
        PID:7188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        6⤵
        
        PID:9236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53034.exe
        6⤵
        
        PID:13628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31544.exe
        6⤵
        
        PID:17040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53375.exe
        6⤵
        
        PID:8440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19764.exe
        5⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50526.exe
        6⤵
        
        PID:7108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36756.exe
        6⤵
        
        PID:10316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24299.exe
        6⤵
        
        PID:872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23106.exe
        6⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48609.exe
        6⤵
        
        PID:16200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        5⤵
        
        PID:7216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9252.exe
        5⤵
        
        PID:10264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15117.exe
        5⤵
        
        PID:15268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57072.exe
        5⤵
        
        PID:16704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3367.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61118.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22510.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30916.exe
        7⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1837.exe
        8⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30745.exe
        8⤵
        
        PID:12924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        8⤵
        
        PID:15912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37697.exe
        7⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6980.exe
        7⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11339.exe
        7⤵
        
        PID:16020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4673.exe
        7⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-164.exe
        6⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3250.exe
        7⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34436.exe
        7⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6961.exe
        7⤵
        
        PID:17180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        7⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
        6⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 176
        7⤵
        Program crash
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        6⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46476.exe
        6⤵
        
        PID:12796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7108.exe
        6⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26539.exe
        6⤵
        
        PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18980.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62060.exe
        6⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5501.exe
        7⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        7⤵
        
        PID:13764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        7⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15560.exe
        7⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10067.exe
        7⤵
        
        PID:8288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33477.exe
        6⤵
        
        PID:9356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46476.exe
        6⤵
        
        PID:12672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56117.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42875.exe
        6⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe
        6⤵
        
        PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65404.exe
        5⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50926.exe
        6⤵
        
        PID:7644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19476.exe
        6⤵
        
        PID:12316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32971.exe
        6⤵
        
        PID:16116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30258.exe
        6⤵
        
        PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
        5⤵
        
        PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25787.exe
        5⤵
        
        PID:8444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17076.exe
        5⤵
        
        PID:15340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57062.exe
        5⤵
        
        PID:17700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5595.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5213.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58078.exe
        6⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62894.exe
        7⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20686.exe
        8⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        8⤵
        
        PID:13748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        8⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35284.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 212
        8⤵
        Program crash
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37441.exe
        7⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35370.exe
        7⤵
        
        PID:13692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
        7⤵
        
        PID:17976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38041.exe
        6⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50734.exe
        7⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52917.exe
        7⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14139.exe
        7⤵
        
        PID:15976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        7⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26357.exe
        6⤵
        
        PID:8932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        6⤵
        
        PID:12776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38052.exe
        6⤵
        
        PID:1172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51098.exe
        5⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        6⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46302.exe
        7⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48677.exe
        7⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19520.exe
        7⤵
        
        PID:14780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40029.exe
        7⤵
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
        6⤵
        
        PID:8840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48972.exe
        6⤵
        
        PID:11940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37301.exe
        6⤵
        
        PID:15944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54649.exe
        6⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24828.exe
        6⤵
        
        PID:8764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18043.exe
        5⤵
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38558.exe
        6⤵
        
        PID:11112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        6⤵
        
        PID:13588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        6⤵
        
        PID:17540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42309.exe
        5⤵
        
        PID:7280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16208.exe
        5⤵
        
        PID:12996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30569.exe
        5⤵
        
        PID:15784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13993.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
        5⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50483.exe
        6⤵
        
        PID:11216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19993.exe
        6⤵
        
        PID:14492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24682.exe
        6⤵
        
        PID:18100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43562.exe
        5⤵
        
        PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30411.exe
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
        5⤵
        
        PID:16224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54603.exe
        5⤵
        
        PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41440.exe
        5⤵
        
        PID:1076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36459.exe
      4⤵
      PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44574.exe
        6⤵
        
        PID:7540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23705.exe
        6⤵
        
        PID:11300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3547.exe
        6⤵
        
        PID:14472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57906.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:18028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
        5⤵
        
        PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
        5⤵
        
        PID:12308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
        5⤵
        
        PID:16236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
        5⤵
        
        PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16772.exe
      4⤵
      PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37214.exe
        5⤵
        
        PID:10752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8452.exe
        5⤵
        
        PID:14148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33576.exe
        5⤵
        
        PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
        5⤵
        
        PID:7224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34174.exe
      4⤵
      PID:8948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51699.exe
      4⤵
      PID:12808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11532.exe
      4⤵
      PID:1908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38292.exe
      4⤵
      PID:8688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47176.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47176.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6896.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22702.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51742.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
        8⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1981.exe
        9⤵
        
        PID:14264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65181.exe
        9⤵
        
        PID:16300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36844.exe
        8⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33237.exe
        8⤵
        
        PID:14024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47305.exe
        8⤵
        
        PID:17316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53759.exe
        8⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26420.exe
        7⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9652.exe
        7⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32848.exe
        7⤵
        
        PID:14736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19441.exe
        7⤵
        
        PID:17968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
        7⤵
        
        PID:18196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60604.exe
        6⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48947.exe
        7⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        7⤵
        
        PID:13396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17240.exe
        7⤵
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37589.exe
        6⤵
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3307.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27652.exe
        6⤵
        
        PID:15580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11530.exe
        6⤵
        
        PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2644.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60979.exe
        6⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50910.exe
        7⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
        7⤵
        
        PID:11884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
        7⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
        7⤵
        
        PID:18336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43277.exe
        7⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
        6⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28779.exe
        6⤵
        
        PID:11172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23253.exe
        6⤵
        
        PID:15244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12536.exe
        6⤵
        
        PID:16840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46956.exe
        5⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60718.exe
        6⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23705.exe
        6⤵
        
        PID:11292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3547.exe
        6⤵
        
        PID:14512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57906.exe
        6⤵
        
        PID:18020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56796.exe
        5⤵
        
        PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4281.exe
        5⤵
        
        PID:12100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21853.exe
        5⤵
        
        PID:15880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        5⤵
        
        PID:7708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24532.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39230.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28804.exe
        6⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21454.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8836.exe
        7⤵
        
        PID:14132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33576.exe
        7⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57163.exe
        7⤵
        
        PID:12520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31723.exe
        6⤵
        
        PID:8344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11972.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59756.exe
        6⤵
        
        PID:15728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53858.exe
        6⤵
        
        PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43033.exe
        5⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4765.exe
        6⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        6⤵
        
        PID:9880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exe
        6⤵
        
        PID:13364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        6⤵
        
        PID:16396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9753.exe
        6⤵
        
        PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23627.exe
        5⤵
        
        PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20980.exe
        5⤵
        
        PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
        5⤵
        
        PID:13700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47297.exe
        5⤵
        
        PID:17172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64569.exe
        5⤵
        
        PID:18064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16379.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28804.exe
        5⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
        6⤵
        
        PID:10832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20377.exe
        6⤵
        
        PID:14520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
        6⤵
        
        PID:17720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32299.exe
        5⤵
        
        PID:8240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3515.exe
        5⤵
        
        PID:12476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        5⤵
        
        PID:16260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22122.exe
        5⤵
        
        PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23371.exe
        5⤵
        
        PID:6912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4004.exe
      4⤵
      PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60318.exe
        5⤵
        
        PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        5⤵
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exe
        5⤵
        
        PID:13340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        5⤵
        
        PID:16648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52066.exe
        5⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25898.exe
        5⤵
        
        PID:18072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55996.exe
      4⤵
      PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23603.exe
        5⤵
        
        PID:12616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60565.exe
        5⤵
        
        PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2516.exe
      4⤵
      PID:9220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44899.exe
      4⤵
      PID:13644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10544.exe
      4⤵
      PID:16996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17102.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17102.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
        6⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13805.exe
        7⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63342.exe
        8⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28057.exe
        8⤵
        
        PID:13100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45113.exe
        8⤵
        
        PID:17332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34436.exe
        7⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
        7⤵
        
        PID:13708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6961.exe
        7⤵
        
        PID:17120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
        7⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33348.exe
        6⤵
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41557.exe
        6⤵
        
        PID:11040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39564.exe
        6⤵
        
        PID:14796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35969.exe
        6⤵
        
        PID:17956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53375.exe
        6⤵
        
        PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35524.exe
        5⤵
        
        PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
        5⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3021.exe
        6⤵
        
        PID:12012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55557.exe
        6⤵
        
        PID:15828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-552.exe
        6⤵
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
        5⤵
        
        PID:9196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63852.exe
        5⤵
        
        PID:10584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
        5⤵
        
        PID:16000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38651.exe
        5⤵
        
        PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52229.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2541.exe
        5⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21502.exe
        6⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56741.exe
        6⤵
        
        PID:9312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
        6⤵
        
        PID:13724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6961.exe
        6⤵
        
        PID:17188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
        6⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55522.exe
        6⤵
        
        PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12212.exe
        5⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53550.exe
        6⤵
        
        PID:10568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8836.exe
        6⤵
        
        PID:14008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17240.exe
        6⤵
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19793.exe
        6⤵
        
        PID:6412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47612.exe
        5⤵
        
        PID:10464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28437.exe
        5⤵
        
        PID:14080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63449.exe
        5⤵
        
        PID:220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63676.exe
      4⤵
      PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65134.exe
        5⤵
        
        PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18500.exe
        5⤵
        
        PID:11088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40828.exe
        5⤵
        
        PID:14376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
        5⤵
        
        PID:17668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26749.exe
        5⤵
        
        PID:8820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56796.exe
      4⤵
      PID:8696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6585.exe
      4⤵
      PID:12260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29166.exe
      4⤵
      PID:15928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33456.exe
      4⤵
      PID:6484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11844.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
        5⤵
        
        PID:972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        6⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5309.exe
        7⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        7⤵
        
        PID:13964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64329.exe
        7⤵
        
        PID:17116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30868.exe
        6⤵
        
        PID:9160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17643.exe
        6⤵
        
        PID:12196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
        6⤵
        
        PID:15988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54457.exe
        6⤵
        
        PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
        5⤵
        
        PID:6716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        6⤵
        
        PID:11028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        6⤵
        
        PID:14348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
        6⤵
        
        PID:17712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20299.exe
        5⤵
        
        PID:7904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15828.exe
        5⤵
        
        PID:12836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21723.exe
        5⤵
        
        PID:1132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        5⤵
        
        PID:7140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57813.exe
      4⤵
      PID:8
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        5⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53166.exe
        6⤵
        
        PID:10768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        6⤵
        
        PID:14140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33576.exe
        6⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35554.exe
        6⤵
        
        PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60860.exe
        5⤵
        
        PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8052.exe
        5⤵
        
        PID:13048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23643.exe
        5⤵
        
        PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
      4⤵
      PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26238.exe
        5⤵
        
        PID:9080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11796.exe
        5⤵
        
        PID:13040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59500.exe
        5⤵
        
        PID:624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
      4⤵
      PID:7588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40028.exe
      4⤵
      PID:12984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30569.exe
      4⤵
      PID:15776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4952.exe
      4⤵
      PID:5328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7248.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7248.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3890.exe
      4⤵
      PID:324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58190.exe
        5⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14141.exe
        6⤵
        
        PID:9944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18820.exe
        6⤵
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45113.exe
        6⤵
        
        PID:17144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14731.exe
        5⤵
        
        PID:9776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40149.exe
        5⤵
        
        PID:9564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40940.exe
        5⤵
        
        PID:16480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
        5⤵
        
        PID:16612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16036.exe
      4⤵
      PID:6384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
      4⤵
      PID:9756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29755.exe
      4⤵
      PID:13324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
      4⤵
      PID:17128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45113.exe
    3⤵
    PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15538.exe
      4⤵
      PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
        5⤵
        
        PID:11932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55941.exe
        5⤵
        
        PID:15816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40132.exe
        5⤵
        
        PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14731.exe
      4⤵
      PID:9748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40149.exe
      4⤵
      PID:12832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40940.exe
      4⤵
      PID:16452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19442.exe
      4⤵
      PID:7080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
    3⤵
    PID:6236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33579.exe
      4⤵
      PID:4372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3811.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3811.exe
    3⤵
    PID:7180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20908.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20908.exe
    3⤵
    PID:11992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1508.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1508.exe
    3⤵
    PID:16016
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18343.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18343.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34369.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34369.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42094.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20398.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63070.exe
        7⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        8⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14731.exe
        8⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49578.exe
        8⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40940.exe
        8⤵
        
        PID:16432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
        7⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62190.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
        8⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
        8⤵
        
        PID:15952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48212.exe
        8⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36444.exe
        7⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32165.exe
        7⤵
        
        PID:12768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5387.exe
        7⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
        7⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31876.exe
        6⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
        7⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38558.exe
        8⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        8⤵
        
        PID:14416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49337.exe
        8⤵
        
        PID:17532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9652.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
        7⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35969.exe
        7⤵
        
        PID:17944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58604.exe
        6⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27717.exe
        6⤵
        
        PID:9240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21492.exe
        6⤵
        
        PID:14396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13818.exe
        6⤵
        
        PID:17652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
        6⤵
        
        PID:7236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3412.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        6⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        7⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
        8⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8452.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49337.exe
        8⤵
        
        PID:17560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36514.exe
        8⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14724.exe
        7⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
        7⤵
        
        PID:12220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
        7⤵
        
        PID:16128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37736.exe
        7⤵
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62746.exe
        6⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45150.exe
        7⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21780.exe
        7⤵
        
        PID:11760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26427.exe
        7⤵
        
        PID:14404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58674.exe
        7⤵
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43068.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54837.exe
        6⤵
        
        PID:11996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28635.exe
        6⤵
        
        PID:15956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61372.exe
        5⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46286.exe
        6⤵
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
        6⤵
        
        PID:10208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46693.exe
        6⤵
        
        PID:14424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46537.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35516.exe
        6⤵
        
        PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4708.exe
        5⤵
        
        PID:7312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2139.exe
        5⤵
        
        PID:9328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1876.exe
        5⤵
        
        PID:13772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        5⤵
        
        PID:17148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18307.exe
        5⤵
        
        PID:8912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15129.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37694.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13293.exe
        6⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25326.exe
        7⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        8⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34660.exe
        8⤵
        
        PID:11892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31435.exe
        8⤵
        
        PID:15904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        8⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
        7⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
        7⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
        7⤵
        
        PID:16144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37736.exe
        7⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28417.exe
        7⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35252.exe
        6⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 212
        7⤵
        Program crash
        
        PID:8056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55909.exe
        6⤵
        
        PID:13308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39788.exe
        6⤵
        
        PID:15804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31876.exe
        5⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19892.exe
        6⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22990.exe
        7⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        7⤵
        
        PID:14408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49337.exe
        7⤵
        
        PID:17512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53618.exe
        7⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9223.exe
        7⤵
        
        PID:18216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64053.exe
        6⤵
        
        PID:10824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30155.exe
        6⤵
        
        PID:14960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6369.exe
        6⤵
        
        PID:18320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7050.exe
        6⤵
        
        PID:16856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64572.exe
        5⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38366.exe
        6⤵
        
        PID:11152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        6⤵
        
        PID:14384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
        6⤵
        
        PID:17640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30410.exe
        6⤵
        
        PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10804.exe
        5⤵
        
        PID:9324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18411.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47297.exe
        5⤵
        
        PID:17272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14651.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35140.exe
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
        6⤵
        
        PID:6776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        6⤵
        
        PID:9828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exe
        6⤵
        
        PID:13372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1828.exe
        5⤵
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4733.exe
        6⤵
        
        PID:10540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        6⤵
        
        PID:17008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65145.exe
        6⤵
        
        PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29435.exe
        5⤵
        
        PID:11064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14393.exe
        5⤵
        
        PID:14540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13818.exe
        5⤵
        
        PID:17704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28405.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7453.exe
        5⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41246.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        6⤵
        
        PID:14364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49337.exe
        6⤵
        
        PID:17728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31067.exe
        5⤵
        
        PID:9672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40341.exe
        5⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40940.exe
        5⤵
        
        PID:16472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52690.exe
        5⤵
        
        PID:8656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19467.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38366.exe
        5⤵
        
        PID:11204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        5⤵
        
        PID:13600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17240.exe
        5⤵
        
        PID:464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36130.exe
        5⤵
        
        PID:7016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17108.exe
      4⤵
      PID:9108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23261.exe
      4⤵
      PID:13052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35699.exe
      4⤵
      PID:15888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14742.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28446.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
        6⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21102.exe
        7⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50814.exe
        8⤵
        
        PID:15532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31388.exe
        8⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        7⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exe
        7⤵
        
        PID:13348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        7⤵
        
        PID:16488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16387.exe
        7⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6321.exe
        7⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
        7⤵
        
        PID:8796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1636.exe
        6⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
        6⤵
        
        PID:9368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        6⤵
        
        PID:13820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63833.exe
        6⤵
        
        PID:17248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35332.exe
        5⤵
        
        PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52060.exe
        5⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54510.exe
        6⤵
        
        PID:10444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        6⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64329.exe
        6⤵
        
        PID:17308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51153.exe
        5⤵
        
        PID:9636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15524.exe
        5⤵
        
        PID:12368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41470.exe
        5⤵
        
        PID:16548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3028.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28804.exe
        5⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
        6⤵
        
        PID:8000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
        6⤵
        
        PID:11924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14139.exe
        6⤵
        
        PID:16060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        6⤵
        
        PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26357.exe
        5⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        5⤵
        
        PID:12784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47289.exe
        5⤵
        
        PID:15648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10778.exe
        5⤵
        
        PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47024.exe
        5⤵
        
        PID:16504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-932.exe
      4⤵
      PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-301.exe
        5⤵
        
        PID:9492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
        5⤵
        
        PID:12584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9915.exe
        5⤵
        
        PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28923.exe
      4⤵
      PID:8320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52309.exe
      4⤵
      PID:12124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44718.exe
      4⤵
      PID:15616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3451.exe
      4⤵
      PID:5360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22123.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22123.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41550.exe
        5⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49438.exe
        6⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        7⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14852.exe
        7⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29504.exe
        7⤵
        
        PID:14532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57906.exe
        7⤵
        
        PID:17548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17988.exe
        6⤵
        
        PID:8352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6107.exe
        6⤵
        
        PID:12164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15572.exe
        6⤵
        
        PID:15372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
        6⤵
        
        PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28996.exe
        5⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
        6⤵
        
        PID:10792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        6⤵
        
        PID:13436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        6⤵
        
        PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59413.exe
        5⤵
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        5⤵
        
        PID:12760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5188.exe
        5⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58544.exe
        5⤵
        
        PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63500.exe
        5⤵
        
        PID:11016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4772.exe
      4⤵
      PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28206.exe
        5⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54510.exe
        6⤵
        
        PID:10484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        6⤵
        
        PID:13808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        6⤵
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22708.exe
        5⤵
        
        PID:8896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42828.exe
        5⤵
        
        PID:12916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30389.exe
        5⤵
        
        PID:15632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29761.exe
        5⤵
        
        PID:6312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56108.exe
      4⤵
      PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16254.exe
        5⤵
        
        PID:10320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10569.exe
        5⤵
        
        PID:13580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2243.exe
        5⤵
        
        PID:15996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        5⤵
        
        PID:1132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
      4⤵
      PID:10148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
      4⤵
      PID:13716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47297.exe
      4⤵
      PID:17196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9626.exe
      4⤵
      PID:6828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4372.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4372.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58078.exe
      4⤵
      PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57907.exe
        5⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52403.exe
        6⤵
        
        PID:9816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
        6⤵
        
        PID:14036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50105.exe
        6⤵
        
        PID:17336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51689.exe
        6⤵
        
        PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20491.exe
        5⤵
        
        PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48693.exe
        5⤵
        
        PID:12928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44556.exe
        5⤵
        
        PID:14292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59581.exe
        5⤵
        
        PID:15404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
      4⤵
      PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4733.exe
        5⤵
        
        PID:10532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8836.exe
        5⤵
        
        PID:14052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        5⤵
        
        PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28459.exe
      4⤵
      PID:8300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56181.exe
      4⤵
      PID:12240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11339.exe
      4⤵
      PID:16092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21585.exe
      4⤵
      PID:5620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36459.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36459.exe
    3⤵
    PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23982.exe
      4⤵
      PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33742.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2868.exe
        5⤵
        
        PID:12692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
        5⤵
        
        PID:13680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58845.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22708.exe
      4⤵
      PID:8956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
      4⤵
      PID:12908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30389.exe
      4⤵
      PID:4788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27753.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27753.exe
    3⤵
    PID:6844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57198.exe
      4⤵
      PID:11248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19993.exe
      4⤵
      PID:14500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
      4⤵
      PID:17684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53987.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53987.exe
    3⤵
    PID:9848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29699.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29699.exe
    3⤵
    PID:13332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14604.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14604.exe
    3⤵
    PID:16528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35969.exe
    3⤵
    PID:6396
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53409.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53409.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59390.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10589.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19251.exe
        6⤵
        Executes dropped EXE
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36558.exe
        7⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21102.exe
        8⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        8⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exe
        8⤵
        
        PID:13356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        8⤵
        
        PID:16536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9753.exe
        8⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45445.exe
        7⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        7⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43221.exe
        7⤵
        
        PID:13840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63833.exe
        7⤵
        
        PID:17292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58098.exe
        7⤵
        
        PID:16164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19380.exe
        6⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3229.exe
        7⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
        7⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
        7⤵
        
        PID:13292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57690.exe
        7⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42426.exe
        7⤵
        
        PID:8708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
        6⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 212
        7⤵
        Program crash
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62122.exe
        6⤵
        
        PID:9864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50508.exe
        6⤵
        
        PID:13404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24404.exe
        6⤵
        
        PID:16500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55493.exe
        5⤵
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
        7⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64053.exe
        7⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17387.exe
        7⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21201.exe
        7⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8756.exe
        6⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28587.exe
        6⤵
        
        PID:10828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35370.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56532.exe
        6⤵
        
        PID:17636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50412.exe
        5⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46302.exe
        6⤵
        
        PID:8276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57909.exe
        6⤵
        
        PID:12148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42572.exe
        6⤵
        
        PID:15284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50226.exe
        6⤵
        
        PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13748.exe
        5⤵
        
        PID:7656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25019.exe
        5⤵
        
        PID:11428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16884.exe
        5⤵
        
        PID:14488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57062.exe
        5⤵
        
        PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18867.exe
        5⤵
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24446.exe
        6⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33348.exe
        7⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4363.exe
        7⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
        7⤵
        
        PID:16984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53375.exe
        7⤵
        
        PID:8436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58901.exe
        6⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15469.exe
        7⤵
        
        PID:15788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
        6⤵
        
        PID:10196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53034.exe
        6⤵
        
        PID:13616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31544.exe
        6⤵
        
        PID:17052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3620.exe
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13337.exe
        6⤵
        
        PID:1844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14139.exe
        6⤵
        
        PID:16032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        6⤵
        
        PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7883.exe
        5⤵
        
        PID:7652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33685.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33419.exe
        5⤵
        
        PID:14752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32705.exe
        5⤵
        
        PID:508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19643.exe
      4⤵
      PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28405.exe
      4⤵
      PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43390.exe
        5⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38174.exe
        6⤵
        
        PID:10596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        6⤵
        
        PID:13784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64329.exe
        6⤵
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3649.exe
        6⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57444.exe
        6⤵
        
        PID:7556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22708.exe
        5⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9963.exe
        5⤵
        
        PID:12816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30389.exe
        5⤵
        
        PID:15608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58954.exe
        5⤵
        
        PID:18168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18907.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
        5⤵
        
        PID:10660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8836.exe
        5⤵
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        5⤵
        
        PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40180.exe
      4⤵
      PID:9392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47006.exe
      4⤵
      PID:12720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2643.exe
      4⤵
      PID:4340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22612.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22612.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48638.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58467.exe
        5⤵
        
        PID:996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62126.exe
        6⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        7⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14852.exe
        7⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29504.exe
        7⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
        7⤵
        
        PID:17772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35481.exe
        6⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59516.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55141.exe
        6⤵
        
        PID:12756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23643.exe
        6⤵
        
        PID:808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        6⤵
        
        PID:12560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37273.exe
        5⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-996.exe
        6⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34859.exe
        6⤵
        
        PID:13304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8684.exe
        6⤵
        
        PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26773.exe
        5⤵
        
        PID:11844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23627.exe
        5⤵
        
        PID:14636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-801.exe
        5⤵
        
        PID:17436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24828.exe
        5⤵
        
        PID:12548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54938.exe
      4⤵
      PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        6⤵
        
        PID:8984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13337.exe
        6⤵
        
        PID:12060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32971.exe
        6⤵
        
        PID:16212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37165.exe
        6⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57156.exe
        6⤵
        
        PID:18084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42964.exe
        5⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63180.exe
        5⤵
        
        PID:11584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42085.exe
        5⤵
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
        5⤵
        
        PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41004.exe
      4⤵
      PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
        5⤵
        
        PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3547.exe
        5⤵
        
        PID:14372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
        5⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59268.exe
        5⤵
        
        PID:16464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6068.exe
      4⤵
      PID:6656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3307.exe
      4⤵
      PID:11244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27652.exe
      4⤵
      PID:15624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24982.exe
      4⤵
      PID:5200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25595.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11570.exe
      4⤵
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54451.exe
        5⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46302.exe
        6⤵
        
        PID:7936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
        6⤵
        
        PID:11568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
        6⤵
        
        PID:14820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57906.exe
        6⤵
        
        PID:18328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34132.exe
        5⤵
        
        PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
        5⤵
        
        PID:11856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
        5⤵
        
        PID:14828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58452.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:18340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51106.exe
        5⤵
        
        PID:6284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45909.exe
      4⤵
      PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
        5⤵
        
        PID:7824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
        5⤵
        
        PID:11556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
        5⤵
        
        PID:14844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57906.exe
        5⤵
        
        PID:17904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11.exe
      4⤵
      PID:6216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11972.exe
      4⤵
      PID:12284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60524.exe
      4⤵
      PID:15600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49441.exe
      4⤵
      PID:5924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60122.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22564.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
        5⤵
        
        PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62348.exe
        5⤵
        
        PID:14112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28482.exe
        5⤵
        
        PID:16584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54562.exe
        5⤵
        
        PID:7272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36444.exe
      4⤵
      PID:8996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43020.exe
      4⤵
      PID:14124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
      4⤵
      PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14107.exe
      4⤵
      PID:10996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
    3⤵
    PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54510.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8836.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
      4⤵
      PID:17064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24298.exe
      4⤵
      PID:12532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12964.exe
    3⤵
    PID:8228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8621.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8621.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25475.exe
    3⤵
    PID:12744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
    3⤵
    PID:3044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52952.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52952.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26334.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26334.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30574.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7730.exe
        5⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40014.exe
        6⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45150.exe
        7⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14852.exe
        7⤵
        
        PID:11232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29504.exe
        7⤵
        
        PID:15348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
        7⤵
        
        PID:17940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9683.exe
        7⤵
        
        PID:8392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26820.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37441.exe
        6⤵
        
        PID:11308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35370.exe
        6⤵
        
        PID:15356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56532.exe
        6⤵
        
        PID:17628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3236.exe
        5⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17598.exe
        6⤵
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2868.exe
        6⤵
        
        PID:12628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
        6⤵
        
        PID:13592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        6⤵
        
        PID:16604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
        6⤵
        
        PID:6208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40364.exe
        5⤵
        
        PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3508.exe
        5⤵
        
        PID:11600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33419.exe
        5⤵
        
        PID:14872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39996.exe
        5⤵
        
        PID:17692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43973.exe
      4⤵
      PID:1056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45214.exe
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41246.exe
        6⤵
        
        PID:11132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        6⤵
        
        PID:14356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
        6⤵
        
        PID:17788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35092.exe
        5⤵
        
        PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
        5⤵
        
        PID:12460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62652.exe
        5⤵
        
        PID:16328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13500.exe
        5⤵
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3682.exe
        5⤵
        
        PID:18092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26971.exe
      4⤵
      PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60446.exe
        5⤵
        
        PID:9036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63109.exe
        5⤵
        
        PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
        5⤵
        
        PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8832.exe
        5⤵
        
        PID:8716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38165.exe
      4⤵
      PID:8220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3307.exe
      4⤵
      PID:12104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27652.exe
      4⤵
      PID:15592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27867.exe
      4⤵
      PID:3348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43188.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14253.exe
      4⤵
      PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22564.exe
        5⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50099.exe
        6⤵
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
        6⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17240.exe
        6⤵
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60145.exe
        6⤵
        
        PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36444.exe
        5⤵
        
        PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43020.exe
        5⤵
        
        PID:14092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        5⤵
        
        PID:15736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
        5⤵
        
        PID:7600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13236.exe
      4⤵
      PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
        5⤵
        
        PID:9044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34660.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31435.exe
        5⤵
        
        PID:15920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49020.exe
      4⤵
      PID:8264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11972.exe
      4⤵
      PID:11280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
      4⤵
      PID:15216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43868.exe
    3⤵
    PID:4244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39630.exe
      4⤵
      PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
        5⤵
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
        5⤵
        
        PID:12848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7995.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18529.exe
        5⤵
        
        PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4984.exe
        5⤵
        
        PID:7084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59493.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
      4⤵
      PID:11444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42085.exe
      4⤵
      PID:14516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56532.exe
      4⤵
      PID:17520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29765.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29765.exe
    3⤵
    PID:6104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
      4⤵
      PID:7956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26404.exe
      4⤵
      PID:12376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32971.exe
      4⤵
      PID:16136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63122.exe
      4⤵
      PID:6304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53900.exe
    3⤵
    PID:7848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43844.exe
    3⤵
    PID:11592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
    3⤵
    PID:14832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28240.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28240.exe
    3⤵
    PID:18048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24969.exe
    3⤵
    PID:7800
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17211.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17211.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31342.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17518.exe
      4⤵
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12733.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34590.exe
        6⤵
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36580.exe
        6⤵
        
        PID:12216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14139.exe
        6⤵
        
        PID:16008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        6⤵
        
        PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25668.exe
        5⤵
        
        PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62412.exe
        5⤵
        
        PID:11684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25386.exe
        5⤵
        
        PID:15292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
        5⤵
        
        PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29572.exe
      4⤵
      PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        5⤵
        
        PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50997.exe
        5⤵
        
        PID:12252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31435.exe
        5⤵
        
        PID:15964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        5⤵
        
        PID:6308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48828.exe
      4⤵
      PID:6188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11972.exe
      4⤵
      PID:12140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39772.exe
      4⤵
      PID:14340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55778.exe
      4⤵
      PID:18344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
      4⤵
      PID:1168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46661.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46661.exe
    3⤵
    PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
      4⤵
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20686.exe
        5⤵
        
        PID:10668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8452.exe
        5⤵
        
        PID:14084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17240.exe
        5⤵
        
        PID:3772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34132.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
      4⤵
      PID:11876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
      4⤵
      PID:15336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
      4⤵
      PID:5092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24667.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24667.exe
    3⤵
    PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
      4⤵
      PID:10388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
      4⤵
      PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
      4⤵
      PID:4048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6068.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6068.exe
    3⤵
    PID:4208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3307.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3307.exe
    3⤵
    PID:12172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23236.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23236.exe
    3⤵
    PID:15276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7306.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7306.exe
    3⤵
    PID:4552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52306.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52306.exe
    3⤵
    PID:18176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29140.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29140.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36158.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36158.exe
    3⤵
    PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45214.exe
      4⤵
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60446.exe
        5⤵
        
        PID:8920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63109.exe
        5⤵
        
        PID:13204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42972.exe
        5⤵
        
        PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25744.exe
        5⤵
        
        PID:18160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14916.exe
      4⤵
      PID:8124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
      4⤵
      PID:11840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
      4⤵
      PID:13384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40964.exe
      4⤵
      PID:3664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26692.exe
    3⤵
    PID:5604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53486.exe
      4⤵
      PID:13288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57890.exe
      4⤵
      PID:16416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54281.exe
      4⤵
      PID:5932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49020.exe
    3⤵
    PID:7208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11972.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11972.exe
    3⤵
    PID:12200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6907.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6907.exe
    3⤵
    PID:15396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25025.exe
    3⤵
    PID:5248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8300.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8300.exe
    3⤵
    PID:18184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42387.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42387.exe
  2⤵
  PID:812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33102.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33102.exe
    3⤵
    PID:5816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27966.exe
      4⤵
      PID:8044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31012.exe
      4⤵
      PID:13104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
      4⤵
      PID:3520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34866.exe
      4⤵
      PID:7128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4216.exe
      4⤵
      PID:6240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29332.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29332.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64732.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64732.exe
    3⤵
    PID:11748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37301.exe
    3⤵
    PID:15936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21784.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21784.exe
    3⤵
    PID:6276
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
  2⤵
  PID:5992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41246.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41246.exe
    3⤵
    PID:9856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
    3⤵
    PID:14000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17240.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17240.exe
    3⤵
    PID:4052
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3164.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3164.exe
  2⤵
  PID:8212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46708.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46708.exe
  2⤵
  PID:12132
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55437.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55437.exe
  2⤵
  PID:15280
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44013.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44013.exe
  2⤵
  PID:3068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 5712 -ip 5712
1⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 6172 -ip 6172
1⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 6420 -ip 6420
1⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 7184 -ip 7184
1⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 9296 -ip 9296
1⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 6696 -ip 6696
1⤵
PID:5452

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:18264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10589.exe

Filesize
184KB

MD5
a3fbeb117bdd69d29bfdd2a836af37b5

SHA1
80c902a69414ac8d86f81e0e52f31d1cc9e22b0a

SHA256
f1f0e219521c053cda7548513cd2884f5e4934808c6b0cfffac95fc9fbb37cf3

SHA512
d0dbf42ee6e7c4af5ff0c5e1e01cac8bd7d862f7de82c80650ee917e525dea2b53c5b2f9c1e98b91890541277df1ba0ac44ccd4654887c1893286fcea2c1d483

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11844.exe

Filesize
184KB

MD5
db30dbd15265997a274029fc1c0a67ca

SHA1
c2d2c442d644a7a8ed647ad640aecbb1e7651736

SHA256
7b05a92910a9ddb92f46c71468fd8a4bb4bc37c3d941b053e49686bc6a873877

SHA512
113d7f420fae05f22e9f72c209df123afe3bfc29e63ac13d326343f3855c888ade6a2bc593c3b4bf76c27eca0671a132f1be65c9b06c9841881c542e2f4c45b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14742.exe

Filesize
184KB

MD5
d422e11b5fc5727bc6bf6c04b3b9b8c6

SHA1
bb88b83537bdf277854af82e157caf0e31ca12d7

SHA256
473b1b63e4cbfe8b59f88510db9171f5a298388e308c1e086ba80cc926785b3a

SHA512
3f4912961235fe377bdf84d539413e98e6fcccd7e6beaa34e813f41a9e6f0b1f8004985be58aaf3ead98dde73bb047bba3418fa4f19b8cf75832b39662b7cd61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15129.exe

Filesize
184KB

MD5
801629234fc118c66dd6356b7ea2ef00

SHA1
1dbb7ac2e6b79e854223bec66fadbe8edd0a86a6

SHA256
58532be9105802df8ec3066fa1d5b3a56acc6146fbe744c3bac0d188a1cddf0a

SHA512
c62c731d168127a9df4f53455c71dfd7d6caa23f3cfe4dbbed3ee349acbe5025a2e9f05a541a8595f65909a6edf4e184d98f6ced6842f5681f997edb3917afd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17102.exe

Filesize
184KB

MD5
002fa51f52f83b8af26d8c8dc492ba36

SHA1
00daa95149e9daf8da4f3adcfd9dab5d16cc617c

SHA256
b1ca76475c6fb6a412a49569507dc8b8069057902d72630c4a14aaf1192f4d99

SHA512
8167ea2e79d38068d1a416e4491ced97c11cbb6d0aaa82fd5fb2a3694cee9cf94a8d7a13824722b33d974bcaee181ce49bce5e2c5bfaf6271c96115409350cf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17211.exe

Filesize
184KB

MD5
c4535b18450b25ff8f0bff7273e50185

SHA1
4a0048b28ac3af9567a852a204ab8d6b3e7afb2e

SHA256
8cba523d9111b13296af507cb54e1a817af4967de60e6d0cad55178235968110

SHA512
fe4fbc3389a6d75fbd548746cd4ecc218c6bbaabbd39b9daf342e1943e0826f38b90c005a788e931589ea8cef6ca5070a06230dcccda2069931fe2d967c1bfde

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe

Filesize
184KB

MD5
ad73a6e6d302e11fcc203a83f2d23c72

SHA1
062c2f7e53005737a9a7d1d3463c0f1bb237c0c4

SHA256
597cf82cf11b9d74b5b353e81996d013d2a14a14ba4942b6e8b1e62bba9601d4

SHA512
d88afd85f28954f84ec8eaf8a201ab9486df8e4279667d6d81559d11afc0b8f21b4f571a056f8d069b218ba89e27f27af6a30dbbea1699d6926baf9e98ca700e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18343.exe

Filesize
184KB

MD5
525d9e3e1c00ac2b805ca38a883f1641

SHA1
4d708ec59a61f4685f7fa4bc0b2488f5a8cc6141

SHA256
a459dea30c6540995d7e6a88b8a9dbe846ddc498c62e57b605b89281635334e0

SHA512
8673474da796f600d551209ccdfb92adcad0d5a6fe5c387382ef7017cfdca87bc65d9844c14b95d4f95876ec9b1f32bd98f8ad8e53ba069a032fd3be8b45962f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22123.exe

Filesize
184KB

MD5
d645b98d111a45e0d9296a524faf2854

SHA1
f7cd2d9763c2a87b89770a4fc42ef8897d72e3f0

SHA256
bee8ef81fef8aeef947fdccf0a5e0ee85c49a94bea1677e632db87fde5a71a3d

SHA512
a1a1546a09c9d197c6720365a0a7ec9e7ec081f968c3ee22f0f04491830ac5173a7c4bdf9a2c17e5c7d1165b65a0a048823c78aeb173a84385db4e0d11e45b6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22612.exe

Filesize
184KB

MD5
2b2e8ff6739fdaaed68c93323d90ebc2

SHA1
cda0fe462b58b05761bd1097113b735a7835c0f6

SHA256
315cfe7deb074ef11bd7c8f1bb7642b09ac7e0bd45f53ae3968efa3c64ce8b2d

SHA512
3430e393deb0e0d17c57373b1b51ad5aa82e7eb4b4de5996d89e24075e0ff15f6d1b8d7601a2c67b28630e6f2b805fc1b76b606a1269214c7bffab948d0b1596

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24532.exe

Filesize
184KB

MD5
cff170102dcae187649b12d8d663e773

SHA1
b224b635b2c3d1e7610c6557f6a2396d388b1ede

SHA256
17471d76197dab7ae7eaa4a014152b5fc4624f1b31054a0e9339347a21926fb2

SHA512
b1e9bda6ffe5dc6eb2d0dc27100640008a91d85cee41767f4a79fd0150e44ee9f486fbe1833dbaddc28fbe530448fe56e9bcaca268332b841a422b5139e85b37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26334.exe

Filesize
184KB

MD5
18a1133414616ddfec473ada7bf15eaf

SHA1
7c5b9d35429e95ba01a5a9d02465674abb09d986

SHA256
aaef2f51feea3c8340197f0e4b03b14e39472055639fbb06dd0f08611715b06d

SHA512
d90e7d332f3b4afb46c495f881695f24e2ad5c226c04050f20535bf2287aa377e4efbf3a92bd9fbc6c867c370082335a90d055f26217d5fe47d2643917a71800

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe

Filesize
184KB

MD5
ffe68d2dcaf9866a65b9aadbb198910d

SHA1
49a644dbf7b5943a46c060a49101f64cfc8dc8c7

SHA256
4a420b52c068577f592de133b0ceadae4621651e514040d26fc4571aee76b5d4

SHA512
a7e161daa3424aeecb5226e0c96d6a57670a1262781e2a2dd40feb36868e1ad4a343beb278f9e342f34a818b5caedd6387f39102c4538cafa47e927e6ee4e146

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28446.exe

Filesize
184KB

MD5
d35f781c21305c7d458f00fc0b8dc419

SHA1
3fc4b61f2c913acdad608c425c24bfd661520cc7

SHA256
28331dc88322f6ecf192121251cc31c211161d6535eca44b7f79e5ff73c7c3cc

SHA512
917c406b8f9d911de56996fba68ed563453fc43b300c58136b05567d9ef5a7e70ad959eac02fe7ef44efe7fe27a3c88ed025a11494c192362df400241c59ca08

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30574.exe

Filesize
184KB

MD5
ccf002032740681c7eeb5ba2264ec9bb

SHA1
2c67273f167914a54c2c282383ca0d75ababf6fc

SHA256
c8a76881e8ea985e9312c452395a3bca5dc05451d23ec18d3863c55396ad4e9f

SHA512
fa0ea86a75b01fdd1c2b77ef6ff80b598304522f0019c37cc3f0c28dea8a7fcb54887fafd69884583d716abf8ff48921a7ae0d00e6a1ce4ca8da67151ad77c22

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3367.exe

Filesize
184KB

MD5
ce1b1897c05cb829518321c08f415785

SHA1
06a60c1cd9caab53a59c9f494342c3d36dae2f03

SHA256
f64da70e3757042375ba959c25b68df6c5e0f0d6f481f7ee4a0a1f386f1bda6b

SHA512
d14abdcf3420201a140938d069964a5be128adb5ac85d0d727b33c33360e70ff1568683eb45604af409a99b2a61a5abb84b32495a183716337523f658e8707fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34369.exe

Filesize
184KB

MD5
1aef72413db2047dd335dee9a0b9f77a

SHA1
4fad7df4616355277783b110e9162d1d55fbbe24

SHA256
fb3fd90ae448594eb459c8bd3c8e84ccbd3f578a83b0da2931e5964fb50ff4ce

SHA512
f9501c2e84f5554b4a0847bfe8b84b6b1291f75ca95934f0329977344abb813a4e3201e0adf2f75ac6dd2be72d7c392da5fbaf3b07a7d44b588eb23563bd4635

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34608.exe

Filesize
184KB

MD5
b57ebd1c36dba5397bc22dbaa073984c

SHA1
d40f0d3087197022ecf41580ab20a6dbda4c3c09

SHA256
124c9ec292bd57e02b81ddef37835974285c2490d1a456231fbd29257d08915c

SHA512
32f972dfaaf9cafa9491d15f2c7b2634a1cb96a8f6e087c7d71ca46422dde8cdb3413e28795f5f60c3a0a71bd3b9568764780eed59fd326438f0aef760d963e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37617.exe

Filesize
184KB

MD5
8fa295966f1962dc83f1a05908921b53

SHA1
d8cc734160c6e981bfafec0c8a17be21393805e3

SHA256
a68e8e39a7bae45c65a48583a54f972c677e2ebae98e378b77a5db26f406cf93

SHA512
dc7cfa8d4222f330a629284578a062dd50824a202d2bc2377dce45d60a46eb8fb211423cba93be763e2f08cd1f5772b39d337d9e170fe83f8fd9b7c48367a385

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe

Filesize
184KB

MD5
4a8e4062f04cb8e5c6ee482d24928c63

SHA1
74fd610403411f4593e127ef218205d13aab6456

SHA256
c49d2c5ab5ed96481c0b89659d1cc4e2dfc3705a8059d0325f77ea31557241ed

SHA512
b75caa42f04e38d85f09344382e635c7eb058ad15bf819843a53ece40dcde344f36359c8694f47353c70a465a6fbd395934e1a54355f84be135572a8f7d1f533

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42094.exe

Filesize
184KB

MD5
5e2c1b8421e45970395bc5c8a2946d7d

SHA1
9f9945c5694360b06a9d7ea713a8e84bb49672d7

SHA256
f93e445a30dcc0f1a75b461f1ee4d60d133db85c35536c551981eae3b8a32d69

SHA512
ae86238862a3326283329abc71dedb613540b350e3da3691629e2127a377103c1f4c71cf8c5e19084b2e2ad754c35d005348ec67d5237d87b1444b4ebd719e84

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe

Filesize
184KB

MD5
1975876d7316a9c9995b4bde848a3e82

SHA1
229f7d072881eee28864c7ee61740053a60bd976

SHA256
c3b6ad166ebf9033cb591b5b52d3bac71f042bd571ce8090a2ac8fe4a4b154c8

SHA512
87cd3ffd50b1cf491c41affe4f171ff8f360709cf58c19e23253ae26949c24198393aff4e9a7dca39a5559bacb28d00207bac5a218a632223ea5d9add31d7947

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47176.exe

Filesize
184KB

MD5
0bf2ceb0bfbca0c01e5b01c63b58380b

SHA1
d48c5434f9911448c1cb929e254b9fca72858b7a

SHA256
ac7ba33ed403b34a18a9c351b0cf9cc999ed93d24f49f6cbd3a4f35baee2dc53

SHA512
81d9ae0560f0ee9b282f6544082c3a6515cea983ace55165984cd080c9cc838b26cf262f3259af1523faa1d6eef5cedd67a1afba7f4d20a37a227e3e163b1551

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49584.exe

Filesize
184KB

MD5
50d9402c407d922ac608c8d699d01c12

SHA1
c71bbea909f1e9aa853282ba40829fd20bf9d362

SHA256
c6b2626fa0eeefc79b7aa3e035b47a2c6cb3852efa0f67f3a52473beffa8e2cb

SHA512
34975a4cf591e881e741dd1f59dba3ec52c51c44799fbb6c80f75d3a454160fe1750427c89f0dc7eae026f5f98414375666b82aa8bda32c9c40844cb5f729bf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52952.exe

Filesize
184KB

MD5
f0165a2ba920b5b9a3285fa4ae080f9b

SHA1
422133781dae88a0151142eab9d1c164536c561f

SHA256
bd4c71dfa415030c13c696bfb427b417321a4ec7b2d7f5995784bf641813a6a8

SHA512
c65ff6bf9112a7b3b1d390afaee70126bf3c8243d8a800feac4c72662f27e1bf263a6c75ffce97755b79697c87419b07e0f05891195237075e4de7abfc6fc627

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53409.exe

Filesize
184KB

MD5
0b01b0927773ab075c950207e7699dfc

SHA1
5e4440c760a3bd68cb1a1e64e07c8fb7e08f851f

SHA256
15aace63f6abfc9dd4eab0cb9193289a2e807689589d366961898f268e356e7a

SHA512
791a6949cf7ff2ae9cadb94f91a464b4afa604d28e2a8a17d085c57d4e5b70fa764f943e5deef6eaf2a9c4762ea688bde6bad08bbb73813649cc6a223f837c02

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5595.exe

Filesize
184KB

MD5
eb19ce6688e071ca99a10c0f64dc141d

SHA1
ffd48132605ca041b1da3096eee394d090123cec

SHA256
4e8d28a7bb28eea940461e80705e54e5778bf12cd44d1d099a5d74663f63a792

SHA512
8aaba1c751a39aa83a59e79fd3eff10e032f4167f21a48e792bf3e0bc438d52755c35c066bc8031f5e5f911576e29c9e94a32d146a14528e2bf0f38e37b49f4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe

Filesize
184KB

MD5
8e8833d6427135f1bfc6ede2e5a3c5d9

SHA1
488d7abf663aa082ac7b61d571b89b0c3efaa7d8

SHA256
c2e6f8b0edcb56428c194f749e9b4bdb57dd890804377c07b69b4b8dd1f9d6b4

SHA512
03ecddbd5cc9aae4bffef61bd9080b22f842cee3f11c038348e69cddca0ca0fc835132d0129847bdbaaeb4d39b93b037a4d1d3f50b013af76d5e7c3b1bf656b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59390.exe

Filesize
184KB

MD5
a50d03892a81f529b365553f1ba05aa6

SHA1
80ce51dc932bf69bd606ca2a13cf10fe45540c49

SHA256
9a3d7dce9962d921d01d6f99d69745b23a6716701a176090fb68d02e45b41bb1

SHA512
4222541b066c0eb3943aaa8648abb6bbc922a807f72d7ec0fcfb38116b90254102e3ef9ccd8a3c3dc0c8657d360406991ca4e9a625e10605d5e2a5e1e18717f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe

Filesize
184KB

MD5
ade6a5b23add83ec75957489e50a1819

SHA1
4e6352b8abc83bea81a7c42922444ad4de01d3d9

SHA256
1175bdee7a0f7be2cf563dd383ea264004e4e6f01543e5a607c2f8fffece39fe

SHA512
e0ba35078535b8a37e436769cc3c8ff5153dff703fda9851ef8a478064a5504dfc338b3fc915d454921a89b7c230a5fc33a709b55ea6ec1d3607433b0c64bedc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61118.exe

Filesize
184KB

MD5
f98dc38c86500c6b2c746f92c2d68283

SHA1
72bd6ac32a3d98f92c429171bf11c623ecf89ee0

SHA256
8b3dc8fbc74dc600e484d10d029fe0efc8d78d941ea618de5e3c1d884f3e99d4

SHA512
859acd4c539795168727c1b9374d2e07392ef590786385411a24b718653b02b9b8eedf27520852b57eb5238c5992a686fcc45bbcd3239eb279ecdb807e3bfd00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61310.exe

Filesize
184KB

MD5
24f8b03325a66412ff6ee822a05592c9

SHA1
87a25241714695af403ddc277618bac7aa031c57

SHA256
b1e6cb8a453f48c037999133f09fd4ee7453fd2286cdf43da896ecbcddb161fa

SHA512
b8583b5e1f0576d8d9b3cbeec5d9acbd9c469d96146730c1a10a61ba5aec1db081af92c8c9adccab9b73ab43c41954f0afa55aaa1805b3c452abfa5061e6e61d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6896.exe

Filesize
184KB

MD5
a4476ed0d62b84e12c15d92ed185f505

SHA1
7ba87ff386b0af7da666fe7fb5a6ed4629ddeaea

SHA256
96eeb4e5f47db824d600fe74009e01397f67d1f5b8df99bbb074454f607d08bb

SHA512
8f3c03a2d6f5c95349e78a8633157379d7fca2174a4dac23897c307b31fae29e05705c057f77fad70768fd4f0a775edce4687db8e28132c306dae9367a87c388

Download Submit
memory/6488-3014-0x00007FFAC9250000-0x00007FFAC9445000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads