1cbabb746394b0948b3b473cc99563112697658ecc7c03b9de1e0d659944fd32

Analysis

max time kernel
120s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2024, 19:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1cbabb746394b0948b3b473cc99563112697658ecc7c03b9de1e0d659944fd32N.exe
Size

468KB
MD5

4e2c3ccaaefb84243cf38d84fbfb47b0
SHA1

5a6197a8500ef43d421f2d020fd3a8128e7e7c9b
SHA256

1cbabb746394b0948b3b473cc99563112697658ecc7c03b9de1e0d659944fd32
SHA512

2ac9d1b1a057b897c5c724064fb9947d2b62daf224ff015022da43b4cc27cb9b0afdc9c081000845de11f2273685c7ca8ac8962070f134e3593baea6e789b713
SSDEEP

3072:1GeeoEIVq05UubYMH5cOcf8/LChsZ0p1nFHewVPxoPp+7S0sv4l/:1GXom8UuTHSOcf6Yi2oPg+0sv

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1608	Unicorn-63869.exe
1264	Unicorn-34259.exe
4576	Unicorn-10309.exe
1136	Unicorn-45525.exe
836	Unicorn-52302.exe
1364	Unicorn-2546.exe
1028	Unicorn-57869.exe
4420	Unicorn-18665.exe
5096	Unicorn-47253.exe
4684	Unicorn-27387.exe
5064	Unicorn-47253.exe
1032	Unicorn-37039.exe
1380	Unicorn-23303.exe
2236	Unicorn-4274.exe
4668	Unicorn-40766.exe
1740	Unicorn-55011.exe
4780	Unicorn-55011.exe
3068	Unicorn-55011.exe
400	Unicorn-3764.exe
3416	Unicorn-50927.exe
1428	Unicorn-55566.exe
5016	Unicorn-964.exe
456	Unicorn-5545.exe
2184	Unicorn-65217.exe
4636	Unicorn-51482.exe
384	Unicorn-9894.exe
1240	Unicorn-9894.exe
1416	Unicorn-44705.exe
532	Unicorn-36297.exe
4624	Unicorn-39727.exe
4572	Unicorn-832.exe
4564	Unicorn-19215.exe
1460	Unicorn-19215.exe
3824	Unicorn-46220.exe
4500	Unicorn-33967.exe
3988	Unicorn-9448.exe
3316	Unicorn-56511.exe
4600	Unicorn-54108.exe
2448	Unicorn-57066.exe
3344	Unicorn-31815.exe
2596	Unicorn-31815.exe
1424	Unicorn-52235.exe
2656	Unicorn-37845.exe
2808	Unicorn-44622.exe
4196	Unicorn-55557.exe
876	Unicorn-64487.exe
1908	Unicorn-29677.exe
4484	Unicorn-15021.exe
212	Unicorn-55358.exe
2976	Unicorn-60958.exe
2932	Unicorn-9156.exe
4996	Unicorn-9156.exe
4460	Unicorn-26553.exe
2372	Unicorn-36759.exe
3384	Unicorn-1856.exe
4152	Unicorn-48919.exe
3220	Unicorn-3537.exe
4368	Unicorn-3537.exe
4516	Unicorn-26361.exe
3388	Unicorn-61726.exe
1700	Unicorn-16055.exe
2452	Unicorn-57642.exe
4396	Unicorn-22853.exe
3152	Unicorn-35197.exe

Program crash 5 IoCs

pid	pid_target	Process	procid_target
16092	15984	WerFault.exe	762
16912	3384	WerFault.exe	146
16876	5700	WerFault.exe	240
17036	2596	WerFault.exe	129
17156	3220	WerFault.exe	148

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6913.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47510.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15238.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17350.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54883.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34695.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21660.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23289.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41295.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18665.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9634.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16635.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57869.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52625.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13565.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42893.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12138.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10309.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-76.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25261.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62903.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6258.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12953.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7209.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3537.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17158.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58709.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25261.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40789.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65050.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41359.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37871.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30005.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48995.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65217.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	1968	dwm.exe
Token: SeChangeNotifyPrivilege	1968	dwm.exe
Token: 33	1968	dwm.exe
Token: SeIncBasePriorityPrivilege	1968	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4992	1cbabb746394b0948b3b473cc99563112697658ecc7c03b9de1e0d659944fd32N.exe
1608	Unicorn-63869.exe
1264	Unicorn-34259.exe
4576	Unicorn-10309.exe
1136	Unicorn-45525.exe
836	Unicorn-52302.exe
1364	Unicorn-2546.exe
1028	Unicorn-57869.exe
2236	Unicorn-4274.exe
1380	Unicorn-23303.exe
5064	Unicorn-47253.exe
4684	Unicorn-27387.exe
5096	Unicorn-47253.exe
4420	Unicorn-18665.exe
1032	Unicorn-37039.exe
4668	Unicorn-40766.exe
1740	Unicorn-55011.exe
4780	Unicorn-55011.exe
3068	Unicorn-55011.exe
1240	Unicorn-9894.exe
400	Unicorn-3764.exe
1428	Unicorn-55566.exe
1416	Unicorn-44705.exe
384	Unicorn-9894.exe
2184	Unicorn-65217.exe
3416	Unicorn-50927.exe
456	Unicorn-5545.exe
4636	Unicorn-51482.exe
5016	Unicorn-964.exe
532	Unicorn-36297.exe
4572	Unicorn-832.exe
4624	Unicorn-39727.exe
1460	Unicorn-19215.exe
4564	Unicorn-19215.exe
3824	Unicorn-46220.exe
4500	Unicorn-33967.exe
3988	Unicorn-9448.exe
3316	Unicorn-56511.exe
4600	Unicorn-54108.exe
2448	Unicorn-57066.exe
3344	Unicorn-31815.exe
2596	Unicorn-31815.exe
1424	Unicorn-52235.exe
2656	Unicorn-37845.exe
4196	Unicorn-55557.exe
2808	Unicorn-44622.exe
4484	Unicorn-15021.exe
4996	Unicorn-9156.exe
876	Unicorn-64487.exe
212	Unicorn-55358.exe
2932	Unicorn-9156.exe
2976	Unicorn-60958.exe
4460	Unicorn-26553.exe
2372	Unicorn-36759.exe
3384	Unicorn-1856.exe
4152	Unicorn-48919.exe
3220	Unicorn-3537.exe
4368	Unicorn-3537.exe
4516	Unicorn-26361.exe
3388	Unicorn-61726.exe
2452	Unicorn-57642.exe
1700	Unicorn-16055.exe
4396	Unicorn-22853.exe
8	Unicorn-41327.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4992 wrote to memory of 1608	4992	1cbabb746394b0948b3b473cc99563112697658ecc7c03b9de1e0d659944fd32N.exe	85
PID 4992 wrote to memory of 1608	4992	1cbabb746394b0948b3b473cc99563112697658ecc7c03b9de1e0d659944fd32N.exe	85
PID 4992 wrote to memory of 1608	4992	1cbabb746394b0948b3b473cc99563112697658ecc7c03b9de1e0d659944fd32N.exe	85
PID 1608 wrote to memory of 1264	1608	Unicorn-63869.exe	86
PID 1608 wrote to memory of 1264	1608	Unicorn-63869.exe	86
PID 1608 wrote to memory of 1264	1608	Unicorn-63869.exe	86
PID 4992 wrote to memory of 4576	4992	1cbabb746394b0948b3b473cc99563112697658ecc7c03b9de1e0d659944fd32N.exe	87
PID 4992 wrote to memory of 4576	4992	1cbabb746394b0948b3b473cc99563112697658ecc7c03b9de1e0d659944fd32N.exe	87
PID 4992 wrote to memory of 4576	4992	1cbabb746394b0948b3b473cc99563112697658ecc7c03b9de1e0d659944fd32N.exe	87
PID 1264 wrote to memory of 1136	1264	Unicorn-34259.exe	88
PID 1264 wrote to memory of 1136	1264	Unicorn-34259.exe	88
PID 1264 wrote to memory of 1136	1264	Unicorn-34259.exe	88
PID 1608 wrote to memory of 836	1608	Unicorn-63869.exe	89
PID 1608 wrote to memory of 836	1608	Unicorn-63869.exe	89
PID 1608 wrote to memory of 836	1608	Unicorn-63869.exe	89
PID 4576 wrote to memory of 1364	4576	Unicorn-10309.exe	90
PID 4576 wrote to memory of 1364	4576	Unicorn-10309.exe	90
PID 4576 wrote to memory of 1364	4576	Unicorn-10309.exe	90
PID 4992 wrote to memory of 1028	4992	1cbabb746394b0948b3b473cc99563112697658ecc7c03b9de1e0d659944fd32N.exe	91
PID 4992 wrote to memory of 1028	4992	1cbabb746394b0948b3b473cc99563112697658ecc7c03b9de1e0d659944fd32N.exe	91
PID 4992 wrote to memory of 1028	4992	1cbabb746394b0948b3b473cc99563112697658ecc7c03b9de1e0d659944fd32N.exe	91
PID 1136 wrote to memory of 4420	1136	Unicorn-45525.exe	92
PID 1136 wrote to memory of 4420	1136	Unicorn-45525.exe	92
PID 1136 wrote to memory of 4420	1136	Unicorn-45525.exe	92
PID 836 wrote to memory of 5064	836	Unicorn-52302.exe	95
PID 836 wrote to memory of 5064	836	Unicorn-52302.exe	95
PID 836 wrote to memory of 5064	836	Unicorn-52302.exe	95
PID 1364 wrote to memory of 5096	1364	Unicorn-2546.exe	94
PID 1364 wrote to memory of 5096	1364	Unicorn-2546.exe	94
PID 1364 wrote to memory of 5096	1364	Unicorn-2546.exe	94
PID 1264 wrote to memory of 4684	1264	Unicorn-34259.exe	93
PID 1264 wrote to memory of 4684	1264	Unicorn-34259.exe	93
PID 1264 wrote to memory of 4684	1264	Unicorn-34259.exe	93
PID 1608 wrote to memory of 1032	1608	Unicorn-63869.exe	96
PID 1608 wrote to memory of 1032	1608	Unicorn-63869.exe	96
PID 1608 wrote to memory of 1032	1608	Unicorn-63869.exe	96
PID 4576 wrote to memory of 1380	4576	Unicorn-10309.exe	97
PID 4576 wrote to memory of 1380	4576	Unicorn-10309.exe	97
PID 4576 wrote to memory of 1380	4576	Unicorn-10309.exe	97
PID 1028 wrote to memory of 2236	1028	Unicorn-57869.exe	98
PID 1028 wrote to memory of 2236	1028	Unicorn-57869.exe	98
PID 1028 wrote to memory of 2236	1028	Unicorn-57869.exe	98
PID 4992 wrote to memory of 4668	4992	1cbabb746394b0948b3b473cc99563112697658ecc7c03b9de1e0d659944fd32N.exe	99
PID 4992 wrote to memory of 4668	4992	1cbabb746394b0948b3b473cc99563112697658ecc7c03b9de1e0d659944fd32N.exe	99
PID 4992 wrote to memory of 4668	4992	1cbabb746394b0948b3b473cc99563112697658ecc7c03b9de1e0d659944fd32N.exe	99
PID 1380 wrote to memory of 1740	1380	Unicorn-23303.exe	104
PID 1380 wrote to memory of 1740	1380	Unicorn-23303.exe	104
PID 1380 wrote to memory of 1740	1380	Unicorn-23303.exe	104
PID 4420 wrote to memory of 4780	4420	Unicorn-18665.exe	105
PID 4420 wrote to memory of 4780	4420	Unicorn-18665.exe	105
PID 4420 wrote to memory of 4780	4420	Unicorn-18665.exe	105
PID 5096 wrote to memory of 3068	5096	Unicorn-47253.exe	106
PID 5096 wrote to memory of 3068	5096	Unicorn-47253.exe	106
PID 5096 wrote to memory of 3068	5096	Unicorn-47253.exe	106
PID 4684 wrote to memory of 3416	4684	Unicorn-27387.exe	107
PID 4684 wrote to memory of 3416	4684	Unicorn-27387.exe	107
PID 4684 wrote to memory of 3416	4684	Unicorn-27387.exe	107
PID 4576 wrote to memory of 400	4576	Unicorn-10309.exe	108
PID 4576 wrote to memory of 400	4576	Unicorn-10309.exe	108
PID 4576 wrote to memory of 400	4576	Unicorn-10309.exe	108
PID 1364 wrote to memory of 1428	1364	Unicorn-2546.exe	110
PID 1364 wrote to memory of 1428	1364	Unicorn-2546.exe	110
PID 1364 wrote to memory of 1428	1364	Unicorn-2546.exe	110
PID 4992 wrote to memory of 5016	4992	1cbabb746394b0948b3b473cc99563112697658ecc7c03b9de1e0d659944fd32N.exe	109

C:\Users\Admin\AppData\Local\Temp\1cbabb746394b0948b3b473cc99563112697658ecc7c03b9de1e0d659944fd32N.exe
"C:\Users\Admin\AppData\Local\Temp\1cbabb746394b0948b3b473cc99563112697658ecc7c03b9de1e0d659944fd32N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63869.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63869.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34259.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18665.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55011.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19215.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58815.exe
        9⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30201.exe
        10⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
        11⤵
        
        PID:12532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-811.exe
        11⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62528.exe
        10⤵
        
        PID:12680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58213.exe
        10⤵
        
        PID:11812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42213.exe
        9⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47217.exe
        10⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17037.exe
        10⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3344.exe
        9⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47510.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:15168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47545.exe
        9⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14829.exe
        8⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
        9⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
        10⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48730.exe
        10⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42893.exe
        9⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
        9⤵
        
        PID:14968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52534.exe
        9⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29306.exe
        8⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19623.exe
        9⤵
        
        PID:12088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45172.exe
        8⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42711.exe
        8⤵
        
        PID:16580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64816.exe
        8⤵
        
        PID:14896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
        8⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41083.exe
        9⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
        10⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61563.exe
        11⤵
        
        PID:16220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55492.exe
        11⤵
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22788.exe
        10⤵
        
        PID:16484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19182.exe
        10⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42893.exe
        9⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4915.exe
        9⤵
        
        PID:16372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19182.exe
        9⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44813.exe
        8⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43862.exe
        8⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28564.exe
        7⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41083.exe
        8⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22329.exe
        9⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39009.exe
        9⤵
        
        PID:13684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9865.exe
        9⤵
        
        PID:18296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7123.exe
        8⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6258.exe
        8⤵
        
        PID:14524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
        8⤵
        
        PID:12444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61814.exe
        7⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
        8⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1696.exe
        7⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30259.exe
        7⤵
        
        PID:16592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4092.exe
        7⤵
        
        PID:14892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55732.exe
        7⤵
        
        PID:12804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33967.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41327.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
        8⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
        9⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32993.exe
        10⤵
        
        PID:11508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31775.exe
        10⤵
        
        PID:16604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
        10⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18886.exe
        9⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53514.exe
        9⤵
        
        PID:16408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25404.exe
        9⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18170.exe
        8⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64713.exe
        9⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34495.exe
        9⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
        8⤵
        
        PID:13584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exe
        8⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10937.exe
        7⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
        8⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36513.exe
        8⤵
        
        PID:11892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55206.exe
        8⤵
        
        PID:16312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50475.exe
        8⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15238.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        7⤵
        
        PID:13292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43495.exe
        7⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62707.exe
        7⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
        8⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        9⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58060.exe
        9⤵
        
        PID:14512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62648.exe
        9⤵
        
        PID:17924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42893.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4915.exe
        8⤵
        
        PID:16364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59821.exe
        8⤵
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18170.exe
        7⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18269.exe
        8⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56114.exe
        7⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51005.exe
        7⤵
        
        PID:14156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34622.exe
        6⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36361.exe
        7⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52388.exe
        8⤵
        
        PID:17384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42865.exe
        8⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40789.exe
        7⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
        7⤵
        
        PID:12252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18276.exe
        6⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39849.exe
        6⤵
        
        PID:13156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32992.exe
        6⤵
        
        PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48919.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17207.exe
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34285.exe
        8⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39599.exe
        9⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56505.exe
        9⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16251.exe
        8⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exe
        8⤵
        
        PID:14916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60688.exe
        7⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43277.exe
        8⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30572.exe
        8⤵
        
        PID:16196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
        8⤵
        
        PID:18148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
        7⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
        7⤵
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
        7⤵
        
        PID:17372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14445.exe
        6⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11534.exe
        7⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        8⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        8⤵
        
        PID:13020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14749.exe
        8⤵
        
        PID:13112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58404.exe
        8⤵
        
        PID:17956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33189.exe
        7⤵
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50681.exe
        8⤵
        
        PID:16116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47142.exe
        8⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44577.exe
        7⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe
        7⤵
        
        PID:9600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4034.exe
        6⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61415.exe
        7⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32979.exe
        7⤵
        
        PID:14300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28339.exe
        7⤵
        
        PID:18076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39744.exe
        6⤵
        
        PID:11108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63157.exe
        6⤵
        
        PID:14588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3537.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28089.exe
        6⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34285.exe
        7⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-538.exe
        8⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        9⤵
        
        PID:12788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19669.exe
        9⤵
        
        PID:13764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        8⤵
        
        PID:14092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
        8⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35030.exe
        7⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43016.exe
        7⤵
        
        PID:16800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
        7⤵
        
        PID:18040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60688.exe
        6⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26613.exe
        7⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60556.exe
        7⤵
        
        PID:17352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42865.exe
        7⤵
        
        PID:5548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56498.exe
        6⤵
        
        PID:12040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32788.exe
        6⤵
        
        PID:17188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41541.exe
        6⤵
        
        PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41525.exe
        5⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35053.exe
        6⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63527.exe
        7⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54936.exe
        7⤵
        
        PID:16356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1344.exe
        7⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58052.exe
        6⤵
        
        PID:10844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49430.exe
        6⤵
        
        PID:16400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13142.exe
        6⤵
        
        PID:13752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29177.exe
        5⤵
        
        PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37865.exe
        5⤵
        
        PID:12152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20148.exe
        5⤵
        
        PID:17128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27465.exe
        5⤵
        
        PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27387.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50927.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29677.exe
        6⤵
        Executes dropped EXE
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3371.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2406.exe
        7⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57357.exe
        8⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36513.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19252.exe
        8⤵
        
        PID:17068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23764.exe
        8⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
        7⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19112.exe
        7⤵
        
        PID:13864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2836.exe
        7⤵
        
        PID:12664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24070.exe
        6⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37461.exe
        7⤵
        
        PID:11984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62494.exe
        6⤵
        
        PID:10712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64719.exe
        6⤵
        
        PID:14980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14876.exe
        6⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56028.exe
        7⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        8⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19165.exe
        8⤵
        
        PID:14696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5781.exe
        8⤵
        
        PID:17980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29986.exe
        7⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7847.exe
        7⤵
        
        PID:14992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33562.exe
        7⤵
        
        PID:17912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18503.exe
        6⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22687.exe
        7⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16922.exe
        7⤵
        
        PID:16476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28564.exe
        7⤵
        
        PID:13576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23640.exe
        7⤵
        
        PID:11852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36209.exe
        6⤵
        
        PID:10588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14069.exe
        6⤵
        
        PID:14900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37335.exe
        5⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14658.exe
        6⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        7⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58829.exe
        8⤵
        
        PID:18332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        7⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14749.exe
        7⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57683.exe
        7⤵
        
        PID:12036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17350.exe
        6⤵
        
        PID:10192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57048.exe
        6⤵
        
        PID:14868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55737.exe
        6⤵
        
        PID:11256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3293.exe
        5⤵
        
        PID:6388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        5⤵
        
        PID:10404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13565.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33366.exe
        5⤵
        
        PID:13464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65217.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37845.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
        6⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61482.exe
        7⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47217.exe
        8⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
        8⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39871.exe
        8⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17158.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16862.exe
        7⤵
        
        PID:16032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
        7⤵
        
        PID:18284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49230.exe
        6⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8130.exe
        7⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37063.exe
        7⤵
        
        PID:12588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42730.exe
        7⤵
        
        PID:18004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24176.exe
        6⤵
        
        PID:9932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53017.exe
        6⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27683.exe
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56028.exe
        6⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53055.exe
        7⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39009.exe
        7⤵
        
        PID:13664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48995.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58537.exe
        7⤵
        
        PID:11064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35825.exe
        6⤵
        
        PID:9916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28644.exe
        6⤵
        
        PID:11472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18206.exe
        6⤵
        
        PID:16380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12019.exe
        6⤵
        
        PID:18208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62965.exe
        5⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51685.exe
        6⤵
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6913.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56399.exe
        6⤵
        
        PID:12272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29246.exe
        5⤵
        
        PID:10340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        5⤵
        
        PID:14592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
        5⤵
        
        PID:18060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15021.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61939.exe
        5⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2188.exe
        6⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
        7⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8588.exe
        7⤵
        
        PID:15004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60126.exe
        7⤵
        
        PID:11900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42893.exe
        6⤵
        
        PID:10676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1982.exe
        6⤵
        
        PID:15012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12227.exe
        6⤵
        
        PID:16680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1913.exe
        5⤵
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
        6⤵
        
        PID:12416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56399.exe
        6⤵
        
        PID:11352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4496.exe
        5⤵
        
        PID:11272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51376.exe
        5⤵
        
        PID:16732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34534.exe
      4⤵
      PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34839.exe
        5⤵
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54015.exe
        6⤵
        
        PID:10460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8859.exe
        6⤵
        
        PID:14768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58537.exe
        6⤵
        
        PID:17044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17158.exe
        5⤵
        
        PID:10512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24376.exe
        5⤵
        
        PID:14804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14896.exe
        5⤵
        
        PID:10272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12903.exe
      4⤵
      PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37905.exe
        5⤵
        
        PID:11492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17868.exe
        5⤵
        
        PID:17992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53783.exe
      4⤵
      PID:10396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9100.exe
      4⤵
      PID:14652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42763.exe
      4⤵
      PID:17328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52302.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52302.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47253.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9894.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45774.exe
        6⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24581.exe
        7⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
        8⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-162.exe
        9⤵
        
        PID:13700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6249.exe
        9⤵
        
        PID:17008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36513.exe
        8⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24480.exe
        8⤵
        
        PID:15392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
        7⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
        7⤵
        
        PID:13216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39411.exe
        7⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5404.exe
        6⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8706.exe
        7⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10997.exe
        7⤵
        
        PID:14732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6362.exe
        7⤵
        
        PID:16092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14471.exe
        6⤵
        
        PID:9484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15984 -s 240
        7⤵
        Program crash
        
        PID:16092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3184.exe
        6⤵
        
        PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
        5⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5867.exe
        6⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14954.exe
        7⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        7⤵
        
        PID:13004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19172.exe
        7⤵
        
        PID:17916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9976.exe
        6⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19151.exe
        7⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58610.exe
        6⤵
        
        PID:13876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5047.exe
        5⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58509.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25605.exe
        6⤵
        
        PID:12708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27848.exe
        6⤵
        
        PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
        5⤵
        
        PID:9772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58106.exe
        5⤵
        
        PID:14252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50621.exe
        5⤵
        
        PID:11484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37605.exe
        5⤵
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41493.exe
        6⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30523.exe
        7⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36513.exe
        7⤵
        
        PID:11296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55206.exe
        7⤵
        
        PID:16772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16390.exe
        6⤵
        
        PID:9860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17769.exe
        6⤵
        
        PID:14072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe
        6⤵
        
        PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
        5⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47217.exe
        6⤵
        
        PID:9680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        6⤵
        
        PID:14304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27270.exe
        6⤵
        
        PID:18272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
        5⤵
        
        PID:9816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30100.exe
        5⤵
        
        PID:14624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40595.exe
        5⤵
        
        PID:7556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9156.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61939.exe
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45577.exe
        6⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62079.exe
        7⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        8⤵
        
        PID:12692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49341.exe
        8⤵
        
        PID:17284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
        7⤵
        
        PID:12256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        7⤵
        
        PID:17196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
        7⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37299.exe
        6⤵
        
        PID:8316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40135.exe
        6⤵
        
        PID:12180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50625.exe
        6⤵
        
        PID:17268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        6⤵
        
        PID:17628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46900.exe
        5⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
        6⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37412.exe
        6⤵
        
        PID:17404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47763.exe
        6⤵
        
        PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8606.exe
        5⤵
        
        PID:9328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38766.exe
        5⤵
        
        PID:14688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
      4⤵
      PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45643.exe
        5⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53203.exe
        6⤵
        
        PID:15116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8963.exe
        6⤵
        
        PID:13128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        5⤵
        
        PID:11328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36488.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
        5⤵
        
        PID:13328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60165.exe
      4⤵
      PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
        5⤵
        
        PID:9708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37063.exe
        5⤵
        
        PID:11488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13996.exe
        5⤵
        
        PID:17840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30631.exe
      4⤵
      PID:14636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48098.exe
      4⤵
      PID:17116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36391.exe
      4⤵
      PID:7816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9894.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56511.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        6⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32317.exe
        7⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        8⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        8⤵
        
        PID:12580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe
        8⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23216.exe
        7⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        7⤵
        
        PID:14536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56067.exe
        7⤵
        
        PID:18192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43609.exe
        6⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
        7⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34143.exe
        8⤵
        
        PID:17092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30980.exe
        7⤵
        
        PID:13496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27350.exe
        7⤵
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47719.exe
        6⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65050.exe
        6⤵
        
        PID:13208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        6⤵
        
        PID:16788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39743.exe
        5⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4160.exe
        6⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43221.exe
        7⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
        8⤵
        
        PID:12716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26782.exe
        8⤵
        
        PID:16592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37220.exe
        8⤵
        
        PID:18224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58052.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22788.exe
        7⤵
        
        PID:16456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28554.exe
        7⤵
        
        PID:18232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        6⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58164.exe
        7⤵
        
        PID:17312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54453.exe
        7⤵
        
        PID:16040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21660.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37063.exe
        6⤵
        
        PID:11992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5404.exe
        5⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64347.exe
        6⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19379.exe
        7⤵
        
        PID:15924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12969.exe
        6⤵
        
        PID:13736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6362.exe
        6⤵
        
        PID:16812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-811.exe
        6⤵
        
        PID:12004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3781.exe
        5⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17947.exe
        6⤵
        
        PID:16952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46940.exe
        6⤵
        
        PID:10040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9104.exe
        5⤵
        
        PID:14356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57066.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14829.exe
        5⤵
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        6⤵
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7925.exe
        6⤵
        
        PID:11548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19252.exe
        6⤵
        
        PID:17076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
        6⤵
        
        PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51803.exe
        5⤵
        
        PID:7788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65050.exe
        5⤵
        
        PID:13232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12953.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54055.exe
      4⤵
      PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4160.exe
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
        6⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65435.exe
        7⤵
        
        PID:12924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36513.exe
        6⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18269.exe
        7⤵
        
        PID:8116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
        6⤵
        
        PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32229.exe
        5⤵
        
        PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19112.exe
        5⤵
        
        PID:13856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
        5⤵
        
        PID:8564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17299.exe
      4⤵
      PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3615.exe
        5⤵
        
        PID:9280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6258.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9171.exe
        5⤵
        
        PID:10424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5806.exe
      4⤵
      PID:9308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58425.exe
      4⤵
      PID:15976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7554.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:18316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5545.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31815.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25375.exe
        5⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44015.exe
        6⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6384.exe
        8⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47282.exe
        8⤵
        
        PID:16856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50177.exe
        8⤵
        
        PID:12388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        7⤵
        
        PID:12640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27656.exe
        7⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33189.exe
        6⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48995.exe
        7⤵
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2393.exe
        6⤵
        
        PID:15304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54256.exe
        6⤵
        
        PID:7652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58435.exe
        5⤵
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48995.exe
        6⤵
        
        PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
        5⤵
        
        PID:11840
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 504
        5⤵
        Program crash
        
        PID:17036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42265.exe
      4⤵
      PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2406.exe
        5⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36361.exe
        6⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39585.exe
        7⤵
        
        PID:14744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40789.exe
        6⤵
        
        PID:12060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
        6⤵
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46236.exe
        5⤵
        
        PID:9164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22031.exe
        6⤵
        
        PID:16992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34495.exe
        6⤵
        
        PID:11524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
        5⤵
        
        PID:13248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53993.exe
        5⤵
        
        PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36323.exe
      4⤵
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47025.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37063.exe
        5⤵
        
        PID:14820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17696.exe
        5⤵
        
        PID:18428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
      4⤵
      PID:10320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
      4⤵
      PID:14580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55557.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61939.exe
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9204.exe
        5⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        6⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45450.exe
        6⤵
        
        PID:13172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7427.exe
        6⤵
        
        PID:632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33189.exe
        5⤵
        
        PID:9504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38355.exe
        5⤵
        
        PID:14108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49230.exe
      4⤵
      PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        5⤵
        
        PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29471.exe
        5⤵
        
        PID:14472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37089.exe
        5⤵
        
        PID:17280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5087.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47885.exe
      4⤵
      PID:10464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28460.exe
      4⤵
      PID:14760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22083.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22083.exe
    3⤵
    PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
      4⤵
      PID:7208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37871.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58060.exe
        5⤵
        
        PID:14704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58345.exe
        5⤵
        
        PID:12296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54954.exe
      4⤵
      PID:10996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53705.exe
      4⤵
      PID:14376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12227.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8562.exe
    3⤵
    PID:6200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62549.exe
      4⤵
      PID:15124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55118.exe
      4⤵
      PID:5704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
    3⤵
    PID:11188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16375.exe
    3⤵
    PID:16676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24405.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24405.exe
    3⤵
    PID:16656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10309.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10309.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2546.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2546.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47253.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55011.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31815.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14829.exe
        7⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45359.exe
        8⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27547.exe
        9⤵
        
        PID:15492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24583.exe
        9⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10797.exe
        8⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
        8⤵
        
        PID:16332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7033.exe
        8⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62903.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50084.exe
        7⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
        7⤵
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
        6⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2188.exe
        7⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5582.exe
        8⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3405.exe
        8⤵
        
        PID:15560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3114.exe
        8⤵
        
        PID:11872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62528.exe
        7⤵
        
        PID:12672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
        6⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-79.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-79.exe
        7⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17106.exe
        6⤵
        
        PID:12084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        6⤵
        
        PID:17176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47071.exe
        6⤵
        
        PID:16888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44622.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61939.exe
        6⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57637.exe
        7⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        8⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        8⤵
        
        PID:12760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61017.exe
        8⤵
        
        PID:16652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe
        8⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17350.exe
        7⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57048.exe
        7⤵
        
        PID:14884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37070.exe
        7⤵
        
        PID:12488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49230.exe
        6⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
        7⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63706.exe
        7⤵
        
        PID:14000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5444.exe
        7⤵
        
        PID:18216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48461.exe
        6⤵
        
        PID:10732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
        6⤵
        
        PID:15132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15088.exe
        6⤵
        
        PID:13796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37335.exe
        5⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2406.exe
        6⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        7⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-676.exe
        8⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        7⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44681.exe
        7⤵
        
        PID:16840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
        7⤵
        
        PID:18108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24368.exe
        6⤵
        
        PID:10632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14724.exe
        6⤵
        
        PID:16060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6731.exe
        6⤵
        
        PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38104.exe
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4622.exe
        6⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53976.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20026.exe
        6⤵
        
        PID:12424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59475.exe
        5⤵
        
        PID:10312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
        5⤵
        
        PID:14548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55566.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45774.exe
        5⤵
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36641.exe
        6⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65525.exe
        7⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53425.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45736.exe
        8⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36513.exe
        7⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55206.exe
        7⤵
        
        PID:15432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23408.exe
        6⤵
        
        PID:10956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20178.exe
        6⤵
        
        PID:15096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8528.exe
        5⤵
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        6⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26613.exe
        7⤵
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18003.exe
        7⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47012.exe
        6⤵
        
        PID:12632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59290.exe
        6⤵
        
        PID:17124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55545.exe
        6⤵
        
        PID:12440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57668.exe
        5⤵
        
        PID:8000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        6⤵
        
        PID:18268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
        5⤵
        
        PID:13164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18547.exe
        5⤵
        
        PID:16640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9868.exe
        5⤵
        
        PID:8284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9156.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14876.exe
        5⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2406.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30139.exe
        7⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33795.exe
        8⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18553.exe
        8⤵
        
        PID:728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7925.exe
        7⤵
        
        PID:11384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 652
        7⤵
        Program crash
        
        PID:16876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3257.exe
        6⤵
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
        6⤵
        
        PID:13240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
        6⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49230.exe
        5⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46457.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27454.exe
        6⤵
        
        PID:17712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33878.exe
        5⤵
        
        PID:11092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe
        5⤵
        
        PID:14600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27350.exe
        5⤵
        
        PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
      4⤵
      PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39355.exe
        5⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        6⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14116.exe
        7⤵
        
        PID:16236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20177.exe
        6⤵
        
        PID:12236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-314.exe
        6⤵
        
        PID:12464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38067.exe
        5⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
        5⤵
        
        PID:12768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1345.exe
        5⤵
        
        PID:16648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        5⤵
        
        PID:10444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8634.exe
      4⤵
      PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60839.exe
        5⤵
        
        PID:8312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5185.exe
        5⤵
        
        PID:14056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
        5⤵
        
        PID:8372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36525.exe
      4⤵
      PID:10176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9634.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23303.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23303.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55011.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19215.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16055.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25951.exe
        7⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
        8⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16683.exe
        9⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58060.exe
        9⤵
        
        PID:14672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32096.exe
        9⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16251.exe
        8⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
        8⤵
        
        PID:14960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
        8⤵
        
        PID:18020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25188.exe
        7⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61429.exe
        7⤵
        
        PID:13820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19702.exe
        7⤵
        
        PID:13400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43609.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40445.exe
        7⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27869.exe
        8⤵
        
        PID:15340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6109.exe
        8⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40789.exe
        7⤵
        
        PID:12068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17306.exe
        7⤵
        
        PID:17268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52352.exe
        7⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59971.exe
        6⤵
        
        PID:9144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65050.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60016.exe
        6⤵
        
        PID:16032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57642.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
        6⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21971.exe
        7⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        8⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36513.exe
        7⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51845.exe
        7⤵
        
        PID:18404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51803.exe
        6⤵
        
        PID:8376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65050.exe
        6⤵
        
        PID:13132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2455.exe
        6⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        5⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14632.exe
        6⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
        7⤵
        
        PID:12604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26782.exe
        7⤵
        
        PID:12960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64402.exe
        7⤵
        
        PID:9316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58052.exe
        6⤵
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17140.exe
        6⤵
        
        PID:15612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15730.exe
        6⤵
        
        PID:18180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62546.exe
        5⤵
        
        PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18860.exe
        5⤵
        
        PID:10352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
        5⤵
        
        PID:17088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exe
        5⤵
        
        PID:16992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46220.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22853.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
        6⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
        7⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60966.exe
        7⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47763.exe
        7⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12219.exe
        6⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
        7⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36026.exe
        7⤵
        
        PID:16152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15098.exe
        7⤵
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15596.exe
        6⤵
        
        PID:10820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22814.exe
        6⤵
        
        PID:15348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53911.exe
        6⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5554.exe
        7⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56298.exe
        6⤵
        
        PID:11280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23266.exe
        6⤵
        
        PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51035.exe
        5⤵
        
        PID:8324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5232.exe
        6⤵
        
        PID:11360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53425.exe
        6⤵
        
        PID:17272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35814.exe
        6⤵
        
        PID:10560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
        5⤵
        
        PID:12228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
      4⤵
      Executes dropped EXE
      PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6765.exe
        6⤵
        
        PID:7768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50249.exe
        6⤵
        
        PID:8160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47561.exe
        6⤵
        
        PID:18188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        5⤵
        
        PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44219.exe
        5⤵
        
        PID:12116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31114.exe
      4⤵
      PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15016.exe
        5⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        6⤵
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53322.exe
        6⤵
        
        PID:16700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
        6⤵
        
        PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29271.exe
        5⤵
        
        PID:10428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
        5⤵
        
        PID:16344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5358.exe
        5⤵
        
        PID:18144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13424.exe
      4⤵
      PID:8296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
      4⤵
      PID:12212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3764.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3764.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9448.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20715.exe
        5⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
        6⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64217.exe
        7⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
        8⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19906.exe
        7⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        7⤵
        
        PID:17204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60023.exe
        7⤵
        
        PID:10448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
        6⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10203.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18791.exe
        6⤵
        
        PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38347.exe
        5⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19955.exe
        7⤵
        
        PID:16132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12138.exe
        7⤵
        
        PID:8560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        6⤵
        
        PID:13036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14749.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64434.exe
        6⤵
        
        PID:18052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46925.exe
        5⤵
        
        PID:9376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8118.exe
        5⤵
        
        PID:15180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23407.exe
      4⤵
      PID:1384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51031.exe
        5⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4051.exe
        6⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40135.exe
        6⤵
        
        PID:12204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49814.exe
        6⤵
        
        PID:17100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23266.exe
        6⤵
        
        PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12219.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
        6⤵
        
        PID:12556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
        6⤵
        
        PID:8404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36846.exe
        5⤵
        
        PID:13484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2455.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52083.exe
      4⤵
      PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36361.exe
        5⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
        6⤵
        
        PID:12864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26782.exe
        6⤵
        
        PID:12968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
        6⤵
        
        PID:12176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40789.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57668.exe
      4⤵
      PID:7828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
      4⤵
      PID:13188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42271.exe
      4⤵
      PID:17012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54108.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54108.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10408.exe
      4⤵
      PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26719.exe
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55473.exe
        6⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
        7⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37412.exe
        7⤵
        
        PID:16464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9004.exe
        7⤵
        
        PID:18080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16635.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29008.exe
        6⤵
        
        PID:15380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55206.exe
        6⤵
        
        PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34777.exe
        5⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        6⤵
        
        PID:9400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53322.exe
        6⤵
        
        PID:16692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
        6⤵
        
        PID:16928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33508.exe
        6⤵
        
        PID:18128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6250.exe
        5⤵
        
        PID:10916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23006.exe
        5⤵
        
        PID:15540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10613.exe
        5⤵
        
        PID:11248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
      4⤵
      PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16875.exe
        5⤵
        
        PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10421.exe
        5⤵
        
        PID:14388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35249.exe
      4⤵
      PID:9320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57895.exe
      4⤵
      PID:16000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52625.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52625.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2406.exe
      4⤵
      PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        5⤵
        
        PID:9048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        5⤵
        
        PID:12996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38154.exe
        5⤵
        
        PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33189.exe
      4⤵
      PID:9408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52745.exe
      4⤵
      PID:13668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17147.exe
      4⤵
      PID:11592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16987.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16987.exe
    3⤵
    PID:7156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6760.exe
      4⤵
      PID:10044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47867.exe
      4⤵
      PID:15604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54672.exe
      4⤵
      PID:12884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23056.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23056.exe
    3⤵
    PID:10436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47994.exe
    3⤵
    PID:14496
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57869.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57869.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4274.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4274.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44705.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64487.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43657.exe
        6⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7066.exe
        7⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        8⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50925.exe
        9⤵
        
        PID:11912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13814.exe
        9⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        8⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14749.exe
        8⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
        8⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17350.exe
        7⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57048.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18980.exe
        7⤵
        
        PID:18416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55836.exe
        6⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18437.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37063.exe
        7⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10057.exe
        7⤵
        
        PID:17936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13458.exe
        6⤵
        
        PID:10836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
        6⤵
        
        PID:14728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21653.exe
        5⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53745.exe
        6⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15016.exe
        7⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48995.exe
        8⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25571.exe
        7⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21006.exe
        7⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
        7⤵
        
        PID:18028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63942.exe
        6⤵
        
        PID:8344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5324.exe
        6⤵
        
        PID:11764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23057.exe
        6⤵
        
        PID:18368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11434.exe
        5⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
        6⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58465.exe
        7⤵
        
        PID:16176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54883.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62264.exe
        6⤵
        
        PID:17708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35084.exe
        5⤵
        
        PID:10124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14141.exe
        5⤵
        
        PID:15632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21466.exe
        5⤵
        
        PID:17108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2640.exe
        5⤵
        
        PID:12032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
      4⤵
      PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50984.exe
        5⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        6⤵
        
        PID:9012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        6⤵
        
        PID:12528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
        6⤵
        
        PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23216.exe
        5⤵
        
        PID:8576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        5⤵
        
        PID:14604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30841.exe
        5⤵
        
        PID:12456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50164.exe
      4⤵
      PID:6672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        5⤵
        
        PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26399.exe
        5⤵
        
        PID:12220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18276.exe
      4⤵
      PID:9184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39849.exe
      4⤵
      PID:13140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32992.exe
      4⤵
      PID:5184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-832.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-832.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11176.exe
        5⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
        6⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60839.exe
        7⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54883.exe
        7⤵
        
        PID:13380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15730.exe
        7⤵
        
        PID:18304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42125.exe
        6⤵
        
        PID:10184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7820.exe
        6⤵
        
        PID:14276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
        6⤵
        
        PID:8524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18170.exe
        5⤵
        
        PID:8432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56114.exe
        5⤵
        
        PID:11336
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 744
        5⤵
        Program crash
        
        PID:16912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
      4⤵
      PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26693.exe
        5⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60463.exe
        6⤵
        
        PID:11792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13255.exe
        6⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4304.exe
        5⤵
        
        PID:11536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43016.exe
        5⤵
        
        PID:16792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
        5⤵
        
        PID:16676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10832.exe
      4⤵
      PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6384.exe
        5⤵
        
        PID:13548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56793.exe
        5⤵
        
        PID:5268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
      4⤵
      PID:11436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42711.exe
      4⤵
      PID:16664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3537.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3537.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
      4⤵
      PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34861.exe
        5⤵
        
        PID:7192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
        6⤵
        
        PID:9604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60695.exe
        6⤵
        
        PID:16076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20063.exe
        6⤵
        
        PID:6424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20143.exe
        5⤵
        
        PID:11116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
        5⤵
        
        PID:14712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
        5⤵
        
        PID:5488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36531.exe
      4⤵
      PID:7492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12222.exe
        5⤵
        
        PID:12972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8884.exe
        5⤵
        
        PID:7548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15730.exe
        5⤵
        
        PID:18324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57973.exe
      4⤵
      PID:11864
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 720
      4⤵
      Program crash
      PID:17156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41525.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8410.exe
      4⤵
      PID:7672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36911.exe
        5⤵
        
        PID:10156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49430.exe
        5⤵
        
        PID:16448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
        5⤵
        
        PID:18096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18197.exe
      4⤵
      PID:10864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2558.exe
      4⤵
      PID:14464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59290.exe
      4⤵
      PID:17404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
      4⤵
      PID:18116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6619.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6619.exe
    3⤵
    PID:6324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15871.exe
      4⤵
      PID:16124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46950.exe
      4⤵
      PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64458.exe
      4⤵
      PID:12944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3054.exe
    3⤵
    PID:12136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20148.exe
    3⤵
    PID:17120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-823.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-823.exe
    3⤵
    PID:336
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40766.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40766.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36297.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36297.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26553.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9230.exe
        5⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2982.exe
        6⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8156.exe
        7⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36513.exe
        7⤵
        
        PID:11288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47196.exe
        6⤵
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58007.exe
        6⤵
        
        PID:14004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9338.exe
        6⤵
        
        PID:7752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19540.exe
        5⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
        6⤵
        
        PID:11392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25553.exe
        6⤵
        
        PID:16648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
        6⤵
        
        PID:13372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15352.exe
        5⤵
        
        PID:13264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25743.exe
        5⤵
        
        PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13869.exe
      4⤵
      PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50429.exe
        5⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47217.exe
        6⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23362.exe
        6⤵
        
        PID:15596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
        6⤵
        
        PID:7772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60408.exe
        5⤵
        
        PID:9436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32900.exe
        5⤵
        
        PID:14680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9338.exe
        5⤵
        
        PID:7072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30676.exe
      4⤵
      PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23289.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8859.exe
        5⤵
        
        PID:14776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64567.exe
        5⤵
        
        PID:11724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9017.exe
      4⤵
      PID:10984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50905.exe
      4⤵
      PID:14852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36759.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36759.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54155.exe
      4⤵
      PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
        5⤵
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6384.exe
        6⤵
        
        PID:13516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21982.exe
        6⤵
        
        PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16251.exe
        5⤵
        
        PID:10652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
        5⤵
        
        PID:14952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7427.exe
        5⤵
        
        PID:5432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15571.exe
      4⤵
      PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6760.exe
        5⤵
        
        PID:10052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32979.exe
        5⤵
        
        PID:14320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56437.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-255.exe
      4⤵
      PID:14292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10911.exe
    3⤵
    PID:5756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
      4⤵
      PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47025.exe
        5⤵
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37063.exe
        5⤵
        
        PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48807.exe
        5⤵
        
        PID:12160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31802.exe
      4⤵
      PID:12624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-844.exe
      4⤵
      PID:12360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26506.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26506.exe
    3⤵
    PID:8120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8898.exe
      4⤵
      PID:10552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55922.exe
      4⤵
      PID:14836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47983.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47983.exe
    3⤵
    PID:9884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6318.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6318.exe
    3⤵
    PID:14988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37745.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37745.exe
    3⤵
    PID:8608
- C:\Users\Admin\AppData\Local\Temp\Unicorn-964.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-964.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52235.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52235.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33543.exe
      4⤵
      PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-76.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-76.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
        6⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57126.exe
        6⤵
        
        PID:12264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33983.exe
        5⤵
        
        PID:7916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
        5⤵
        
        PID:13148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2846.exe
        5⤵
        
        PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46900.exe
      4⤵
      PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3278.exe
        5⤵
        
        PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        5⤵
        
        PID:11640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32096.exe
        5⤵
        
        PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8606.exe
      4⤵
      PID:9344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57895.exe
      4⤵
      PID:16012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50434.exe
    3⤵
    PID:916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14850.exe
      4⤵
      PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56781.exe
        5⤵
        
        PID:7920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7925.exe
        5⤵
        
        PID:11376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38067.exe
      4⤵
      PID:7740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59185.exe
      4⤵
      PID:12656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1345.exe
      4⤵
      PID:16792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21740.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21740.exe
    3⤵
    PID:6820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
      4⤵
      PID:9172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5185.exe
      4⤵
      PID:14064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35084.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35084.exe
    3⤵
    PID:10116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41295.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41295.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:16432
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55358.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55358.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
    3⤵
    PID:5172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41877.exe
      4⤵
      PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        5⤵
        
        PID:9004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        5⤵
        
        PID:12988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58574.exe
        5⤵
        
        PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17350.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12123.exe
      4⤵
      PID:14572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51461.exe
      4⤵
      PID:12308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16941.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16941.exe
    3⤵
    PID:7172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47217.exe
      4⤵
      PID:9632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37457.exe
      4⤵
      PID:6116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3344.exe
    3⤵
    PID:10776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47510.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47510.exe
    3⤵
    PID:15160
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39149.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39149.exe
  2⤵
  PID:5352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10574.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10574.exe
    3⤵
    PID:6164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5634.exe
      4⤵
      PID:7776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40789.exe
      4⤵
      PID:12052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17647.exe
    3⤵
    PID:8456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63269.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63269.exe
    3⤵
    PID:13088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28858.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28858.exe
  2⤵
  PID:6344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53255.exe
    3⤵
    PID:12748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60556.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60556.exe
    3⤵
    PID:17344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12138.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12138.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5816
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53559.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53559.exe
  2⤵
  PID:10504
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59112.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59112.exe
  2⤵
  PID:14788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 15984 -ip 15984
1⤵
PID:14832

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10309.exe

Filesize
468KB

MD5
a1c345743e759a7c3bdd48f3cca84d66

SHA1
6f065b1d9a2d92b51138b0fda030a2f157bf0108

SHA256
4412f5e02b5da19e3dc6d09ddffb6cf9e75b7f818d89a847a90e619938a6fd7e

SHA512
55a8cb6127c62cdad73fb7a4cd97be70c5b2fda832c8f53fc02aea33ee75df8a8be31c8ef8bbaa129b73eec5723611ecdc9f5961f74ea4b251a7be74ab2556aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18665.exe

Filesize
468KB

MD5
fc8964cb8857858e2f8cde1879329fac

SHA1
8d24e34e1db2af240c501a939b7bea0842313305

SHA256
543b87af25c773d9324c93c1eec10ef845292435436f2a1b9f7b35bc4ad2bef8

SHA512
e7f66467b8cae609dafdbbe22ef44d9c215bc10508b5fd17f3a79b5b0690c844c7bc66abfadb1e4f50c1300c91a3deb898705b074252a38499c726314c565bb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19215.exe

Filesize
468KB

MD5
a9c036864423785427aa212116d82cca

SHA1
294523ca327f8fafda39924d89a98788c4b2c562

SHA256
87a7df03fdfca2af9915f2f27dd5c06698b209b763358b5ece1c7d0728d2bab8

SHA512
db2ebd0ef9721bd04f4b8e9c049b04e5abae9350770594606c2569375c3856d4eb727a4e237ac9421dd6ad19203aa9a72a55e82d1c861a6a0dc5171b8c68e2a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21660.exe

Filesize
468KB

MD5
10cb583eb47c3a3218a8c221ec13e669

SHA1
62bc81e51f7e00acd9a126e8bcd6af4168812daf

SHA256
1dee93ec5deb649c5a6a0b1245132d33aebb5215201215f7cc4848676b913b53

SHA512
398bc2503d5247bbe17bb5f959c899928d4ef98d9fc19b6a31fbdfd88293eee3b3bea8845a617cc0a0d8871a885e3c7a919434f13fd873f9a1cf4acaa939ea53

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23303.exe

Filesize
468KB

MD5
735eabd7019be94bcd96f72640bb85d1

SHA1
f093b43ee54953bc41fc25964228d84f60fdf93c

SHA256
e25c0664f628b5f8f6414231e830aba69f3d459bc398aa837ec391ee9f063f63

SHA512
c81dd56271c9d76d6e7dd0a56cb07f71c239daa4a96ae2ecb5b6cf0c1ceb5e38c781ffceb896b263bf856fe36a746d7c03343100b235ccfc88139e5531625829

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2546.exe

Filesize
468KB

MD5
1e50727af10fcb394cff0c4dabed6c58

SHA1
ad3824ba53bb7524ff731ab1b91277de292cd0de

SHA256
39dce6d4b664e86aa6a4f72b7e1f9297abf7b8d9fbf89eb25865fdf7200290a2

SHA512
9d5b31c6e84f30a1037e1c7c368b8e9252f66901559749a9e3d48992777ea2d99b065694206ec80263ad883a3dbfa53138bc58abc8a95ce0c86a78e0d4777d12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27387.exe

Filesize
468KB

MD5
47780bc6d3b8377cc385f0489eb33d48

SHA1
eb9076f555c63d75bf06ff0c01c93e1ce5233cc5

SHA256
1b1c1dfbdc23a6d989a97bae70339e0758dc414f0352d04811ec73aca57f3ae6

SHA512
c5d3f6f90497e0e20b25fc624e4c4b2bd2548096e83e33898b364756d9e3f84c7fb56e1526f7a2ac8b0f34cce22283b8da13b6402591673e6c29039ac9f71f22

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33543.exe

Filesize
468KB

MD5
337e695f625602afe5bc08439afc23e4

SHA1
4e5394b4f0390a2d0c94c194de4dbc0ce50a05d1

SHA256
ab4b209a3cf96bd34c0f3435392ee75016680e72b15acfe1ddc86bf094d0c76a

SHA512
a70745b8d56463ff217c85e8dfe0940bbb791b7947bfbb311471098806c387af594173105b910ec7461378c80c9a7eec88058327cc991ce2a7d9955f7883e803

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34259.exe

Filesize
468KB

MD5
1c168fd386de40e85db9f017e45805af

SHA1
697c2737332b0fd7c49dad5c839624b28c8d6ca3

SHA256
d183e6a9cb135b5315559d55cb1f651958c5b84b1be4b2e1975ef46807e75af8

SHA512
646e06acc675a47add3cc8a2f00791d9fc08c0e07d3ba64e9ea5630fc6c1c2fedf77c7a1ca10d6de2187db532f591f8747faef8225f77ca0134d897377b0e340

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36297.exe

Filesize
468KB

MD5
2b626fde7c508bf2b5eb2ef24d318a8e

SHA1
16ceb37b5fce0023b76be2e8a784391e7f87c0f7

SHA256
92978d6e12dcbf240036c26c35cb12b3ad3e0961030ec1d129228b37643b313e

SHA512
ef78f528a3ab9f7f69e68ceea093f75000d3dd38851009d597469535ca26d0e5caee9827a06cc0ac0d47943d4fb628094d35f34e25d790eeaeb124902ff42f99

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe

Filesize
468KB

MD5
0032a6078021e8445015f73c7ce5551e

SHA1
997c1e70d9d7c782fc01a11c1c2ba959d0fc0d1a

SHA256
c7319e38e6e26a1a36bf83b447d5eaa9597811f100c41b8fdff79ac7b03be8b9

SHA512
6c40d246122abb6eae39be10a5b99914ee33af66d6f7824aa3292373ba34e51b292fb82890d9883fb2b03fd7f899002c2cba0c50aeee791d7e2ae1399c42a798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3764.exe

Filesize
468KB

MD5
34dc350a67b077bb2b4a3ff4c367f4e9

SHA1
8921a584d0356fba50b3b39d675e3dc3df6beb0f

SHA256
670249925a87a12d2c2cee2f36df243655bd1d75041da70f1db4273760a914e9

SHA512
7bd1124cffb61331d8eaf27b57875d3b63ebc3a803aa9d00b07f4aab84b9a1a969f442a63efed8a5d4ae1e0125200b1cb1355aab26b387806c0363c1847cda80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe

Filesize
468KB

MD5
5c071dab0c496d8c0773b8d5fc159b6f

SHA1
d541dcb9b714f7a3469259b1c5beeadc48f1f6f3

SHA256
7959c88cf88525e0ff1a592c777aeab1686cc3b58497dab820706241a5f91205

SHA512
ed275fc526a5dc98d5f133918b4dc8de7ee6f8ce4a033df1e36eedce63d1dce5f9bcff290c570c76cb99c2e661c2c97a866003648198b3dcb7ec975d22e9d10a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40766.exe

Filesize
468KB

MD5
8b39b0cccf47a415dd0733fa5884bdd7

SHA1
96bad9dfd8b2b84efa4bc657c22e58f11d0b5609

SHA256
43055738b5145ad940b3a1eb5be69cb3c54ea2dcee4a415528fa60c413a93846

SHA512
75cf9168239dce2ad260d68e8d0301c463c3ac39fddf46d5c20149cd71b83da38397970bb3063fb6ca4662cae5dcbc707d4e1bde6a2edf370761b8389ad18f53

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4274.exe

Filesize
468KB

MD5
119c2dcf5ec3ae5ad925ce84cea05c03

SHA1
a0d358fbf0d3508c68f2907ac5b8ab9b77d5adcf

SHA256
26c99475aa6ea41c8c658f9db706fa6cc0d400a877e2edee6e906087af646970

SHA512
096db7f682951e57684c58f21fb679bf308064f612ed056b2b31fa43fa8b032906cae7abe9ce1d7b5cf4241de8b55145d8a02e242b178db14841c5665ce4edc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43657.exe

Filesize
468KB

MD5
b0eebc114e78a3c0942a66ffa9662fe8

SHA1
059017f4a7598df701256d5341bc393c552410b8

SHA256
f98c862e9888f2e9c3c30d58a5a3fd467b022f2cd05e712e4a6890dc6d206d2a

SHA512
bc28e55e61d567e80a319edb08a56e136b718a960d8e27e574f798af7ebfa37f7f1396076e0981c9e8096527a3b7736fd475d5e78eda3fe4bd74a79f29a537e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44705.exe

Filesize
468KB

MD5
032ec0ae6a80c59335064a93b8c1e3dd

SHA1
4712e5d874f6eb9191a24f7295911e7512be12f7

SHA256
0bf87bf4f63a25c1869326423ba5e40f5f216334931e6786721e3a1620e290e6

SHA512
1c90f7b1b9d30ce5e124113831e3eadc64cd3ae287cbf60c509a0259acad2ef140f6cb03209cb12a429ee83ee64f5278ff0e524026b230a051188136dc13f46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe

Filesize
468KB

MD5
c82a4192f5772282e0b74093c018bafa

SHA1
8ff1788115d19e14e8443b5154f21999af395dc2

SHA256
a94414cf4d948717f4132e9f5b86b6557a9b3311cf5f0cc6c8f1df18e938b328

SHA512
4b74cd0f4c2c8f5101bb25e9c92c1bf99ec6f43ef8bd338fadaa4c1022ffe94e8dc3a70ec6200ea00067671db1e733c61bf932ccbb037806b4ea412545634cba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47253.exe

Filesize
468KB

MD5
99921d74139556066004d3147184798b

SHA1
2096d1817f4aca61b4feddb523b6847f1bb42cb8

SHA256
96fe90496c79d11678ece9b2875a3004f0d29008da5eda8ba06645207eb4518a

SHA512
764a45f60b25e25e4cce44c51acd2d3731b72c0ce7fab416a6f66ebf1d439b2a2fd46321ebbcfed2c50f5066938580ab5f6ecbf9f3d31ccae329c16b8d993e51

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50927.exe

Filesize
468KB

MD5
f8711e4df7385bfaf9d60c0d67fe761e

SHA1
5190534299a197c4c37f201834f42d7ac995f5c3

SHA256
167fb3fce537aa562321467a5f79e88ef2051d7884e06fd3a39a8089b39c34fa

SHA512
c06879310605c07cbe6ee4f9506a219218d66b4082e700521c2fa6eae787d81032346b6723bd0eafd5efb5788991fcc034b56d9a7aa6023c88de55873b86e5ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe

Filesize
468KB

MD5
fba18708dcbfb95ab91452742e8659aa

SHA1
1f5ee79dbaa23eff5e96aca217588af36213fae5

SHA256
624c8d5950193a919c75d2d3ef65bd3dd8ef7e39e9f9a68175643f7508c36549

SHA512
7f9876834d7c9027a6a4c5ddc8c222172870b343d6036b3686a80e131b7a0c4cb36d6118bff0b5d4a98271e6dfe0300c56e53fbf5fee7219473601ca2d53f7b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52302.exe

Filesize
468KB

MD5
14f8714f574e237cf4c6d41b42db1429

SHA1
993935a3e7f1f246dc81763c22fa8056c45cd7c3

SHA256
4fc30f8755cb2b21e1e88d902083d769b6c678b73d94e4e801509aadb9ef329b

SHA512
efcab9cfd41c52322b7b851577db1efc21651afb48b760c0e81cb98272cbbbfbc991655e6138ddf5437cbc7c2f248bf3276f57066518e1e1d27fbf450841654e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55011.exe

Filesize
468KB

MD5
4838ca78307d86c9ed96c1ec9a24a484

SHA1
cd15a9101eea9c7a0a12fcec3b46850ab95bd06b

SHA256
8efc6640e22ef100b3ef659a910d3513605af030c2ae007e69bc797a160225f9

SHA512
5c8d0662f6a5c5ca6fbfe6dffb72541cceeb29e0ab0ce78bc01afa13fc2e5c770fcd7b03e6ecc43497df361b62d103eff9978c286f052379c253fdcffb2268a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5545.exe

Filesize
468KB

MD5
f79801750a906a5f9dcbf8c219fce921

SHA1
8001d6dc2404b437faeea71d20d6ea24179d9242

SHA256
a90128718c434b4ee1ebda0d27b991297c686c716bc03eeb2e9610bbd1ab4ae7

SHA512
a54b15d4cff1a4cf73f0ba58438791694b57eb84db0729accde80dd0c7a6b3a9dc99ea9d59546ccc362477404d6fddfa8b466b39bf4dd105490437f29514c4ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55566.exe

Filesize
468KB

MD5
a95cde7e8e9e54dcb3cbadb277dafc58

SHA1
eb25a1d5be57f60a1f706f3c482ce1a6b3920b8f

SHA256
e372c1ab1c041807aa159f4b4a6a012e549da55e867b78ecaaf26e04093772e4

SHA512
c2948fe736e0948f3c3874506af88500559ad1fe4c6d56f29ab518a38f64762f864bec729003c7843fcb41507cac3c32bd5f72798c48df1132b3219cafb4dfd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57869.exe

Filesize
468KB

MD5
bf2673dad18698759ad3cce6477f4c88

SHA1
ec7a5561de5cb410f7b6e04037f2af7d7b98b1ab

SHA256
c60f87027e6d642e6efb242e9404c9d1f58cecaf85e0a2037cec082f03f53a5a

SHA512
766ab06d9055abdce55e6d910fd26772226d3e6ba7f3934de18f3ce0ad5dc4dba9c2d9a72811ae04ddaa43f89c3cfb07f881976ad1ca98d142a5d551774cbf81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63869.exe

Filesize
468KB

MD5
6ac539e21115a9989f4d34d952a6c05c

SHA1
8ac31ae8f2f6b970f361e8f1d1da17ce2b17b36c

SHA256
cdd5d323798c5807e9ae69be269bcf6465389a3ffc5e642fda42a00f81fc87fe

SHA512
22d2ef4bbcaa50ee1d748f1472926e3a967d36e8090cda9d81fb8301aceebcace00d38e9583333eec737c77a4038823b120e1c9102e2c82470bcb5c52dc11358

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65217.exe

Filesize
468KB

MD5
0fd9bbd6ac5e6b649204d0a56a6ecdf9

SHA1
80d310b9ab5cf6692eda90a610ccf3ca817ce47a

SHA256
2570c61db094f0ef10108fa33f355a922c109dc9077c606383db3e124c64c9fb

SHA512
d079778c1530af8ddfb9e737b481f8d6d28eb8145b2a51de0d9dde182bf3bfd657bf629bf1d87ff11ca2a5d4f750ed167845b6b4aa968b0837065fc601c21c17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-832.exe

Filesize
468KB

MD5
36fe936de3a0d69eefe4078f5c0e8d14

SHA1
ac1220a22fc063d3d1dd1e700dab1784e7d4827f

SHA256
aebbb324b1376e4be0ad6e14dedebe6992329bccd5d4d6b7de8de8323f819f11

SHA512
ef29459acaf1c5e0f2fc1494a6ecb90fc03db82ddc24a5e7874a8a4bdc2df688ea09383ea4d7edfcdc9fdaa4d392265e9801df9f43f31d835cbfefcdd2cfe50f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-964.exe

Filesize
468KB

MD5
4d5e46956f0f29dbedc926ac4d768b0f

SHA1
f4cf409da7311d963a135ef66aaba157dfbdd1de

SHA256
ea6471014368ff92dd6e5040d69bc022bdb15f44d03b25bf83b5145c5573ac60

SHA512
80fe2686dffffdf03c100b61d2d3e790cfdf15407e3288da6432eb4eae08aa3086f22d825cfbd8407b47f2cde3e2d29c52b2e17cb3b1941da952d24c464178ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9894.exe

Filesize
468KB

MD5
9efa07650b525a3cf659eb2ca97512d1

SHA1
3270e8867cddfa6a9027b6100db3edde21e2133d

SHA256
ac38103324f2a8e30d0d953052c64d64d67e4d9de5d70f84f36c4c9069881e6c

SHA512
fd0df04c7ca91b44494021dbd04bed61103f5ce6187e3356ba4bb7514f425f3c7781fa08ff16972c5cff7bbb5260a8113bb0993e6a0477ca6a446a15ed0f5618

Download Submit
memory/16604-2548-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads