a94e942831d48bb0d5901989be58ad4d93dbb5b9941f7b7a14dd2283559d47fd

Analysis

max time kernel
114s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a94e942831d48bb0d5901989be58ad4d93dbb5b9941f7b7a14dd2283559d47fdN.exe
Size

468KB
MD5

3471e2d8c69060e0766eb3e9d567a260
SHA1

271c8735fe0f813bbedcab2713c4d4bedf603a3e
SHA256

a94e942831d48bb0d5901989be58ad4d93dbb5b9941f7b7a14dd2283559d47fd
SHA512

47c89f721f455d7cd91a6e1bf9206dda746b9bb8b0623777b7bd4d17240360782cd2064141210ef2e1ff9d1cbb60c5fcfed354f670bdcc3e7278fe13034fc469
SSDEEP

3072:VPqjovOWIg5vtzYZJgu5OfDtrrCdkqIpqlmHeVSwHvlUv5HU9SDKh:VPCoIQvt+JD5OfO0u1vlq1U9S

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3204	Unicorn-31123.exe
4812	Unicorn-16531.exe
4752	Unicorn-29721.exe
4904	Unicorn-29331.exe
1076	Unicorn-42521.exe
2908	Unicorn-62387.exe
560	Unicorn-47809.exe
3460	Unicorn-14873.exe
368	Unicorn-2450.exe
820	Unicorn-23312.exe
5084	Unicorn-23312.exe
3180	Unicorn-38122.exe
3140	Unicorn-32256.exe
4552	Unicorn-3446.exe
3528	Unicorn-3439.exe
4876	Unicorn-4704.exe
1188	Unicorn-62256.exe
2068	Unicorn-42163.exe
2404	Unicorn-42163.exe
1036	Unicorn-42163.exe
4044	Unicorn-42163.exe
3372	Unicorn-22873.exe
3592	Unicorn-33808.exe
4380	Unicorn-42474.exe
1748	Unicorn-36609.exe
1080	Unicorn-12095.exe
3276	Unicorn-31961.exe
3540	Unicorn-58707.exe
3820	Unicorn-59018.exe
4996	Unicorn-3865.exe
4256	Unicorn-51041.exe
1924	Unicorn-51041.exe
1912	Unicorn-62355.exe
2904	Unicorn-39609.exe
220	Unicorn-37680.exe
4800	Unicorn-30393.exe
2468	Unicorn-18163.exe
328	Unicorn-51027.exe
3400	Unicorn-35952.exe
2548	Unicorn-54867.exe
4668	Unicorn-48737.exe
1632	Unicorn-20118.exe
764	Unicorn-575.exe
3904	Unicorn-39792.exe
1932	Unicorn-63034.exe
5020	Unicorn-55635.exe
3780	Unicorn-35769.exe
1232	Unicorn-11728.exe
376	Unicorn-20659.exe
3420	Unicorn-53066.exe
2800	Unicorn-42579.exe
3464	Unicorn-27504.exe
1204	Unicorn-60944.exe
2564	Unicorn-21753.exe
2352	Unicorn-35489.exe
1148	Unicorn-41619.exe
3924	Unicorn-54618.exe
4976	Unicorn-42387.exe
5004	Unicorn-18576.exe
4328	Unicorn-12445.exe
4276	Unicorn-9645.exe
1124	Unicorn-49110.exe
3216	Unicorn-29462.exe
2212	Unicorn-16198.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
3520	4904	WerFault.exe	90
3596	4904	WerFault.exe	90
6860	4356	WerFault.exe	171
7708	5980	WerFault.exe	209
10588	7960	WerFault.exe	322
17356	15452	WerFault.exe	756

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63582.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36825.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52285.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33709.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54478.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63470.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25704.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65286.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36761.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51041.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55155.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43272.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32789.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63240.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52285.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3954.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51059.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10860.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57711.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5263.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35944.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20849.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63037.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27443.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17467.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48737.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47600.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59018.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12011.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39475.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32256.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	1916	dwm.exe
Token: SeChangeNotifyPrivilege	1916	dwm.exe
Token: 33	1916	dwm.exe
Token: SeIncBasePriorityPrivilege	1916	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2260	a94e942831d48bb0d5901989be58ad4d93dbb5b9941f7b7a14dd2283559d47fdN.exe
3204	Unicorn-31123.exe
4812	Unicorn-16531.exe
4752	Unicorn-29721.exe
4904	Unicorn-29331.exe
2908	Unicorn-62387.exe
1076	Unicorn-42521.exe
560	Unicorn-47809.exe
3460	Unicorn-14873.exe
4552	Unicorn-3446.exe
3140	Unicorn-32256.exe
3180	Unicorn-38122.exe
368	Unicorn-2450.exe
5084	Unicorn-23312.exe
820	Unicorn-23312.exe
3528	Unicorn-3439.exe
4876	Unicorn-4704.exe
1188	Unicorn-62256.exe
1036	Unicorn-42163.exe
2068	Unicorn-42163.exe
4044	Unicorn-42163.exe
4380	Unicorn-42474.exe
3592	Unicorn-33808.exe
2404	Unicorn-42163.exe
3372	Unicorn-22873.exe
1748	Unicorn-36609.exe
3276	Unicorn-31961.exe
1080	Unicorn-12095.exe
3540	Unicorn-58707.exe
3820	Unicorn-59018.exe
4996	Unicorn-3865.exe
1924	Unicorn-51041.exe
4256	Unicorn-51041.exe
1912	Unicorn-62355.exe
2904	Unicorn-39609.exe
220	Unicorn-37680.exe
4800	Unicorn-30393.exe
2468	Unicorn-18163.exe
3400	Unicorn-35952.exe
328	Unicorn-51027.exe
2548	Unicorn-54867.exe
3780	Unicorn-35769.exe
376	Unicorn-20659.exe
764	Unicorn-575.exe
5020	Unicorn-55635.exe
1932	Unicorn-63034.exe
4668	Unicorn-48737.exe
1632	Unicorn-20118.exe
3904	Unicorn-39792.exe
1232	Unicorn-11728.exe
3420	Unicorn-53066.exe
2800	Unicorn-42579.exe
3464	Unicorn-27504.exe
1204	Unicorn-60944.exe
1148	Unicorn-41619.exe
2352	Unicorn-35489.exe
2564	Unicorn-21753.exe
3924	Unicorn-54618.exe
4976	Unicorn-42387.exe
4276	Unicorn-9645.exe
5004	Unicorn-18576.exe
4328	Unicorn-12445.exe
1124	Unicorn-49110.exe
2812	Unicorn-47574.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 3204	2260	a94e942831d48bb0d5901989be58ad4d93dbb5b9941f7b7a14dd2283559d47fdN.exe	82
PID 2260 wrote to memory of 3204	2260	a94e942831d48bb0d5901989be58ad4d93dbb5b9941f7b7a14dd2283559d47fdN.exe	82
PID 2260 wrote to memory of 3204	2260	a94e942831d48bb0d5901989be58ad4d93dbb5b9941f7b7a14dd2283559d47fdN.exe	82
PID 3204 wrote to memory of 4812	3204	Unicorn-31123.exe	87
PID 3204 wrote to memory of 4812	3204	Unicorn-31123.exe	87
PID 3204 wrote to memory of 4812	3204	Unicorn-31123.exe	87
PID 2260 wrote to memory of 4752	2260	a94e942831d48bb0d5901989be58ad4d93dbb5b9941f7b7a14dd2283559d47fdN.exe	88
PID 2260 wrote to memory of 4752	2260	a94e942831d48bb0d5901989be58ad4d93dbb5b9941f7b7a14dd2283559d47fdN.exe	88
PID 2260 wrote to memory of 4752	2260	a94e942831d48bb0d5901989be58ad4d93dbb5b9941f7b7a14dd2283559d47fdN.exe	88
PID 4812 wrote to memory of 4904	4812	Unicorn-16531.exe	90
PID 4812 wrote to memory of 4904	4812	Unicorn-16531.exe	90
PID 4812 wrote to memory of 4904	4812	Unicorn-16531.exe	90
PID 4752 wrote to memory of 2908	4752	Unicorn-29721.exe	91
PID 4752 wrote to memory of 2908	4752	Unicorn-29721.exe	91
PID 4752 wrote to memory of 2908	4752	Unicorn-29721.exe	91
PID 3204 wrote to memory of 1076	3204	Unicorn-31123.exe	92
PID 3204 wrote to memory of 1076	3204	Unicorn-31123.exe	92
PID 3204 wrote to memory of 1076	3204	Unicorn-31123.exe	92
PID 2260 wrote to memory of 560	2260	a94e942831d48bb0d5901989be58ad4d93dbb5b9941f7b7a14dd2283559d47fdN.exe	93
PID 2260 wrote to memory of 560	2260	a94e942831d48bb0d5901989be58ad4d93dbb5b9941f7b7a14dd2283559d47fdN.exe	93
PID 2260 wrote to memory of 560	2260	a94e942831d48bb0d5901989be58ad4d93dbb5b9941f7b7a14dd2283559d47fdN.exe	93
PID 4812 wrote to memory of 3460	4812	Unicorn-16531.exe	98
PID 4812 wrote to memory of 3460	4812	Unicorn-16531.exe	98
PID 4812 wrote to memory of 3460	4812	Unicorn-16531.exe	98
PID 2908 wrote to memory of 368	2908	Unicorn-62387.exe	99
PID 2908 wrote to memory of 368	2908	Unicorn-62387.exe	99
PID 2908 wrote to memory of 368	2908	Unicorn-62387.exe	99
PID 4752 wrote to memory of 4552	4752	Unicorn-29721.exe	102
PID 4752 wrote to memory of 4552	4752	Unicorn-29721.exe	102
PID 4752 wrote to memory of 4552	4752	Unicorn-29721.exe	102
PID 1076 wrote to memory of 820	1076	Unicorn-42521.exe	103
PID 560 wrote to memory of 5084	560	Unicorn-47809.exe	101
PID 1076 wrote to memory of 820	1076	Unicorn-42521.exe	103
PID 1076 wrote to memory of 820	1076	Unicorn-42521.exe	103
PID 560 wrote to memory of 5084	560	Unicorn-47809.exe	101
PID 560 wrote to memory of 5084	560	Unicorn-47809.exe	101
PID 2260 wrote to memory of 3180	2260	a94e942831d48bb0d5901989be58ad4d93dbb5b9941f7b7a14dd2283559d47fdN.exe	104
PID 2260 wrote to memory of 3180	2260	a94e942831d48bb0d5901989be58ad4d93dbb5b9941f7b7a14dd2283559d47fdN.exe	104
PID 2260 wrote to memory of 3180	2260	a94e942831d48bb0d5901989be58ad4d93dbb5b9941f7b7a14dd2283559d47fdN.exe	104
PID 3204 wrote to memory of 3140	3204	Unicorn-31123.exe	105
PID 3204 wrote to memory of 3140	3204	Unicorn-31123.exe	105
PID 3204 wrote to memory of 3140	3204	Unicorn-31123.exe	105
PID 3460 wrote to memory of 3528	3460	Unicorn-14873.exe	108
PID 3460 wrote to memory of 3528	3460	Unicorn-14873.exe	108
PID 3460 wrote to memory of 3528	3460	Unicorn-14873.exe	108
PID 4812 wrote to memory of 4876	4812	Unicorn-16531.exe	109
PID 4812 wrote to memory of 4876	4812	Unicorn-16531.exe	109
PID 4812 wrote to memory of 4876	4812	Unicorn-16531.exe	109
PID 3180 wrote to memory of 1188	3180	Unicorn-38122.exe	110
PID 3180 wrote to memory of 1188	3180	Unicorn-38122.exe	110
PID 3180 wrote to memory of 1188	3180	Unicorn-38122.exe	110
PID 4552 wrote to memory of 1036	4552	Unicorn-3446.exe	112
PID 4552 wrote to memory of 1036	4552	Unicorn-3446.exe	112
PID 4552 wrote to memory of 1036	4552	Unicorn-3446.exe	112
PID 368 wrote to memory of 2404	368	Unicorn-2450.exe	113
PID 368 wrote to memory of 2404	368	Unicorn-2450.exe	113
PID 368 wrote to memory of 2404	368	Unicorn-2450.exe	113
PID 3140 wrote to memory of 2068	3140	Unicorn-32256.exe	111
PID 3140 wrote to memory of 2068	3140	Unicorn-32256.exe	111
PID 3140 wrote to memory of 2068	3140	Unicorn-32256.exe	111
PID 5084 wrote to memory of 4044	5084	Unicorn-23312.exe	114
PID 5084 wrote to memory of 4044	5084	Unicorn-23312.exe	114
PID 5084 wrote to memory of 4044	5084	Unicorn-23312.exe	114
PID 1076 wrote to memory of 3372	1076	Unicorn-42521.exe	116

C:\Users\Admin\AppData\Local\Temp\a94e942831d48bb0d5901989be58ad4d93dbb5b9941f7b7a14dd2283559d47fdN.exe
"C:\Users\Admin\AppData\Local\Temp\a94e942831d48bb0d5901989be58ad4d93dbb5b9941f7b7a14dd2283559d47fdN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31123.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31123.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16531.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16531.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29331.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4904
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 716
        5⤵
        Program crash
        
        PID:3520
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 724
        5⤵
        Program crash
        
        PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14873.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3439.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31961.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27504.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23859.exe
        8⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26032.exe
        9⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22067.exe
        10⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44274.exe
        10⤵
        
        PID:13292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
        10⤵
        
        PID:16516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24217.exe
        9⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
        9⤵
        
        PID:13908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55258.exe
        9⤵
        
        PID:15840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
        8⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5789.exe
        8⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49768.exe
        8⤵
        
        PID:12768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29596.exe
        8⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11798.exe
        7⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31984.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46550.exe
        9⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64341.exe
        9⤵
        
        PID:13060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55880.exe
        9⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32258.exe
        9⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56311.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
        8⤵
        
        PID:13112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2813.exe
        7⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7218.exe
        8⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49016.exe
        8⤵
        
        PID:14788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37171.exe
        8⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24903.exe
        7⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14859.exe
        7⤵
        
        PID:13584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24727.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34901.exe
        7⤵
        
        PID:18208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54618.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
        7⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65424.exe
        8⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33872.exe
        9⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41268.exe
        9⤵
        
        PID:11884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34523.exe
        9⤵
        
        PID:15832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36368.exe
        9⤵
        
        PID:17888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9881.exe
        8⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7460.exe
        8⤵
        
        PID:12820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27816.exe
        8⤵
        
        PID:17280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27126.exe
        7⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20241.exe
        8⤵
        
        PID:13856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8194.exe
        8⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
        7⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
        7⤵
        
        PID:17524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28605.exe
        6⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        7⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23280.exe
        8⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49016.exe
        8⤵
        
        PID:14660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53668.exe
        8⤵
        
        PID:17668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9629.exe
        7⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18724.exe
        7⤵
        
        PID:13840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52716.exe
        7⤵
        
        PID:17112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39298.exe
        7⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40775.exe
        6⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63470.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61069.exe
        7⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16237.exe
        6⤵
        
        PID:9980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63093.exe
        6⤵
        
        PID:14000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62849.exe
        6⤵
        
        PID:17196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34065.exe
        6⤵
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12095.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42579.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23091.exe
        7⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
        8⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49803.exe
        9⤵
        
        PID:16332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8677.exe
        9⤵
        
        PID:18340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22314.exe
        8⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        8⤵
        
        PID:14468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        8⤵
        
        PID:18380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42113.exe
        7⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49134.exe
        8⤵
        
        PID:16944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39164.exe
        8⤵
        
        PID:17456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
        7⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47063.exe
        7⤵
        
        PID:15248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11045.exe
        7⤵
        
        PID:18064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28025.exe
        6⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43027.exe
        7⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        8⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2423.exe
        8⤵
        
        PID:16060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51146.exe
        8⤵
        
        PID:17576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        7⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
        7⤵
        
        PID:13140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
        7⤵
        
        PID:16536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        7⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64205.exe
        6⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36528.exe
        7⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22487.exe
        7⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64109.exe
        7⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14224.exe
        6⤵
        
        PID:10888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10743.exe
        6⤵
        
        PID:14548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30895.exe
        6⤵
        
        PID:17896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35489.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32214.exe
        6⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55155.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58838.exe
        8⤵
        
        PID:17800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57591.exe
        7⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63240.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
        7⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
        6⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22411.exe
        7⤵
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41143.exe
        7⤵
        
        PID:14528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-876.exe
        7⤵
        
        PID:17588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32509.exe
        6⤵
        
        PID:11032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3079.exe
        6⤵
        
        PID:14796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33078.exe
        6⤵
        
        PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63111.exe
        5⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
        6⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37838.exe
        7⤵
        
        PID:12728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53804.exe
        7⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10678.exe
        6⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
        6⤵
        
        PID:12972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16543.exe
        6⤵
        
        PID:17764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47953.exe
        5⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33070.exe
        6⤵
        
        PID:11568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42871.exe
        6⤵
        
        PID:14908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57197.exe
        6⤵
        
        PID:17860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exe
        5⤵
        
        PID:9324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60091.exe
        5⤵
        
        PID:13760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37277.exe
        5⤵
        
        PID:17540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4704.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58707.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60944.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47891.exe
        7⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59472.exe
        8⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20849.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
        9⤵
        
        PID:15452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15452 -s 472
        10⤵
        Program crash
        
        PID:17356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27212.exe
        9⤵
        
        PID:18216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38521.exe
        8⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
        8⤵
        
        PID:13100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63613.exe
        8⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63037.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27118.exe
        8⤵
        
        PID:12168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38935.exe
        8⤵
        
        PID:16176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52900.exe
        8⤵
        
        PID:17420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5789.exe
        7⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
        7⤵
        
        PID:13832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11798.exe
        6⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46867.exe
        7⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51059.exe
        8⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52607.exe
        8⤵
        
        PID:13176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe
        8⤵
        
        PID:15444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9881.exe
        7⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20219.exe
        7⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20487.exe
        7⤵
        
        PID:16040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53053.exe
        7⤵
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36254.exe
        6⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48366.exe
        7⤵
        
        PID:17172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6492.exe
        7⤵
        
        PID:17808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45261.exe
        6⤵
        
        PID:8904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23057.exe
        6⤵
        
        PID:11628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
        6⤵
        
        PID:18144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21753.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16755.exe
        6⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50547.exe
        7⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        8⤵
        
        PID:18036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63159.exe
        7⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59071.exe
        7⤵
        
        PID:13884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48346.exe
        7⤵
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8694.exe
        6⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
        7⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4148.exe
        7⤵
        
        PID:15280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42148.exe
        7⤵
        
        PID:18284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-413.exe
        6⤵
        
        PID:11064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3079.exe
        6⤵
        
        PID:14668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61235.exe
        6⤵
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29886.exe
        6⤵
        
        PID:14612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16876.exe
        6⤵
        
        PID:17904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48490.exe
        5⤵
        
        PID:7676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39025.exe
        6⤵
        
        PID:16768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        6⤵
        
        PID:8120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45167.exe
        5⤵
        
        PID:11760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20660.exe
        5⤵
        
        PID:15460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41990.exe
        5⤵
        
        PID:17960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59018.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32214.exe
        6⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42672.exe
        8⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32471.exe
        8⤵
        
        PID:13620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        8⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
        7⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23525.exe
        7⤵
        
        PID:13564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
        7⤵
        
        PID:16460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        7⤵
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53847.exe
        6⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38896.exe
        7⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44274.exe
        7⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
        7⤵
        
        PID:16568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
        7⤵
        
        PID:18016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47294.exe
        6⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50050.exe
        6⤵
        
        PID:13496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        6⤵
        
        PID:16952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
        6⤵
        
        PID:9732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23417.exe
        5⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17366.exe
        6⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15472.exe
        7⤵
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42871.exe
        7⤵
        
        PID:14988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11011.exe
        7⤵
        
        PID:17912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2230.exe
        6⤵
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58684.exe
        6⤵
        
        PID:13444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27240.exe
        6⤵
        
        PID:16820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18169.exe
        6⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
        5⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
        6⤵
        
        PID:16748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24971.exe
        6⤵
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40103.exe
        5⤵
        
        PID:10760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27278.exe
        5⤵
        
        PID:14692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13061.exe
        5⤵
        
        PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9645.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        5⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9586.exe
        6⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        7⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4148.exe
        7⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37171.exe
        7⤵
        
        PID:7400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21308.exe
        6⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
        6⤵
        
        PID:808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
        6⤵
        
        PID:16512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        6⤵
        
        PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        5⤵
        
        PID:8080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31655.exe
        5⤵
        
        PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
        5⤵
        
        PID:15928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
        5⤵
        
        PID:17684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35798.exe
      4⤵
      PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3954.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49710.exe
        6⤵
        
        PID:17020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        6⤵
        
        PID:7852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62106.exe
        5⤵
        
        PID:11216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62751.exe
        5⤵
        
        PID:14748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5973.exe
        5⤵
        
        PID:18324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40355.exe
      4⤵
      PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16846.exe
        5⤵
        
        PID:16916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65117.exe
        5⤵
        
        PID:18072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
      4⤵
      PID:11748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10860.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51612.exe
      4⤵
      PID:17920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3865.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42387.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44819.exe
        7⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19414.exe
        8⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60654.exe
        9⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        9⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47031.exe
        8⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62751.exe
        8⤵
        
        PID:14780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32211.exe
        8⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28889.exe
        7⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47967.exe
        7⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
        7⤵
        
        PID:15476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44506.exe
        7⤵
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59479.exe
        6⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
        7⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62751.exe
        7⤵
        
        PID:14920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63923.exe
        7⤵
        
        PID:16648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48193.exe
        6⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31950.exe
        7⤵
        
        PID:13512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37171.exe
        7⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        6⤵
        
        PID:10684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27086.exe
        6⤵
        
        PID:14564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12445.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        6⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        8⤵
        
        PID:17052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28412.exe
        8⤵
        
        PID:18292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22314.exe
        7⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51837.exe
        7⤵
        
        PID:18192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42113.exe
        6⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17410.exe
        7⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38375.exe
        6⤵
        
        PID:11020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
        6⤵
        
        PID:15796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26918.exe
        6⤵
        
        PID:9716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60999.exe
        5⤵
        
        PID:620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29328.exe
        6⤵
        
        PID:7960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 632
        7⤵
        Program crash
        
        PID:10588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24918.exe
        6⤵
        
        PID:9348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63228.exe
        6⤵
        
        PID:12964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41744.exe
        6⤵
        
        PID:17608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34896.exe
        5⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2576.exe
        6⤵
        
        PID:14440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13174.exe
        5⤵
        
        PID:10968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60481.exe
        5⤵
        
        PID:14772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13562.exe
        5⤵
        
        PID:4748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22873.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18163.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36147.exe
        6⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28592.exe
        7⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13525.exe
        8⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
        9⤵
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41143.exe
        9⤵
        
        PID:15632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57197.exe
        9⤵
        
        PID:17984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2230.exe
        8⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56706.exe
        8⤵
        
        PID:13360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9279.exe
        8⤵
        
        PID:17236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50775.exe
        7⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5789.exe
        7⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51330.exe
        7⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29596.exe
        7⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29686.exe
        6⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15760.exe
        7⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14775.exe
        7⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60083.exe
        7⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37441.exe
        6⤵
        
        PID:8284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16001.exe
        6⤵
        
        PID:12240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3083.exe
        6⤵
        
        PID:16340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17957.exe
        6⤵
        
        PID:17756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8409.exe
        5⤵
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35798.exe
        6⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51918.exe
        7⤵
        
        PID:12836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17431.exe
        7⤵
        
        PID:16428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
        6⤵
        
        PID:8280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20510.exe
        6⤵
        
        PID:12048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30888.exe
        6⤵
        
        PID:16980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55834.exe
        6⤵
        
        PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11235.exe
        5⤵
        
        PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21830.exe
        5⤵
        
        PID:9828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55884.exe
        5⤵
        
        PID:13404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32789.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48737.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22131.exe
        5⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26608.exe
        6⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38896.exe
        7⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44274.exe
        7⤵
        
        PID:11948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
        7⤵
        
        PID:17000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5973.exe
        7⤵
        
        PID:18300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24128.exe
        6⤵
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17956.exe
        6⤵
        
        PID:13720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        6⤵
        
        PID:7780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21174.exe
        5⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31057.exe
        6⤵
        
        PID:12812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        6⤵
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47306.exe
        6⤵
        
        PID:14076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
        5⤵
        
        PID:10020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        5⤵
        
        PID:13536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7877.exe
        5⤵
        
        PID:18052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3910.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35798.exe
        5⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57363.exe
        6⤵
        
        PID:8944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36887.exe
        6⤵
        
        PID:10676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        6⤵
        
        PID:17072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19030.exe
        5⤵
        
        PID:9144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23390.exe
        5⤵
        
        PID:13268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42626.exe
        5⤵
        
        PID:16552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44506.exe
        5⤵
        
        PID:7680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39004.exe
      4⤵
      PID:8072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1581.exe
        5⤵
        
        PID:13672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
        5⤵
        
        PID:3440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14754.exe
      4⤵
      PID:10880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56547.exe
      4⤵
      PID:14628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49716.exe
      4⤵
      PID:10360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42163.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37680.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47543.exe
        6⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16598.exe
        7⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9750.exe
        8⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62751.exe
        8⤵
        
        PID:14720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60083.exe
        8⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51322.exe
        7⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58876.exe
        7⤵
        
        PID:13364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27240.exe
        7⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3042.exe
        7⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
        6⤵
        
        PID:7952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17102.exe
        6⤵
        
        PID:10724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64085.exe
        6⤵
        
        PID:14536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31087.exe
        6⤵
        
        PID:18200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23318.exe
        5⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5263.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37104.exe
        7⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20183.exe
        7⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35879.exe
        7⤵
        
        PID:17532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27478.exe
        6⤵
        
        PID:8796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17723.exe
        6⤵
        
        PID:11864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41832.exe
        6⤵
        
        PID:15596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61313.exe
        5⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28543.exe
        6⤵
        
        PID:10200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21830.exe
        5⤵
        
        PID:9800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55884.exe
        5⤵
        
        PID:13948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45783.exe
        5⤵
        
        PID:17304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30393.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47543.exe
        5⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9903.exe
        6⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57363.exe
        7⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22580.exe
        7⤵
        
        PID:13464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20969.exe
        7⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30973.exe
        6⤵
        
        PID:10292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39784.exe
        6⤵
        
        PID:14344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61309.exe
        6⤵
        
        PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37697.exe
        5⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31438.exe
        6⤵
        
        PID:15788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25163.exe
        6⤵
        
        PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6278.exe
        5⤵
        
        PID:11048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
        5⤵
        
        PID:15876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
        5⤵
        
        PID:17700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53281.exe
      4⤵
      PID:660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30995.exe
        5⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51059.exe
        6⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52607.exe
        6⤵
        
        PID:13144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe
        6⤵
        
        PID:15976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44506.exe
        6⤵
        
        PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9398.exe
        5⤵
        
        PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54888.exe
        5⤵
        
        PID:16028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
      4⤵
      PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51251.exe
        5⤵
        
        PID:7448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52607.exe
        5⤵
        
        PID:13152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe
        5⤵
        
        PID:16112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33753.exe
        5⤵
        
        PID:18128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46094.exe
      4⤵
      PID:8712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65461.exe
      4⤵
      PID:11860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42939.exe
      4⤵
      PID:16144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62706.exe
      4⤵
      PID:5296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42474.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55635.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
        5⤵
        
        PID:1192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20339.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe
        7⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        7⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
        7⤵
        
        PID:16992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37494.exe
        7⤵
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51895.exe
        6⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58009.exe
        6⤵
        
        PID:12036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30888.exe
        6⤵
        
        PID:17060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49908.exe
        6⤵
        
        PID:17968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63037.exe
        5⤵
        
        PID:7568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38539.exe
        6⤵
        
        PID:14944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37410.exe
        6⤵
        
        PID:10068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26087.exe
        5⤵
        
        PID:10672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        5⤵
        
        PID:14880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
        5⤵
        
        PID:17708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
      4⤵
      PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50707.exe
        5⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24179.exe
        6⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        6⤵
        
        PID:13260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
        6⤵
        
        PID:16620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44941.exe
        6⤵
        
        PID:18176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50810.exe
        5⤵
        
        PID:8684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19259.exe
        5⤵
        
        PID:11620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51074.exe
        5⤵
        
        PID:15980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51418.exe
        5⤵
        
        PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9917.exe
      4⤵
      PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11599.exe
        5⤵
        
        PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        5⤵
        
        PID:13076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51226.exe
        5⤵
        
        PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63143.exe
      4⤵
      PID:9624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6958.exe
      4⤵
      PID:12856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
      4⤵
      PID:17136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34027.exe
      4⤵
      PID:18404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11728.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5711.exe
      4⤵
      PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21107.exe
        5⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41360.exe
        6⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
        7⤵
        
        PID:13036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50015.exe
        7⤵
        
        PID:16628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18004.exe
        6⤵
        
        PID:11656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54879.exe
        6⤵
        
        PID:15268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60758.exe
        6⤵
        
        PID:18308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18137.exe
        5⤵
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19259.exe
        5⤵
        
        PID:12380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61733.exe
        5⤵
        
        PID:15180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49021.exe
        5⤵
        
        PID:18088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48346.exe
      4⤵
      PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15760.exe
        5⤵
        
        PID:9940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42393.exe
        5⤵
        
        PID:14008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60083.exe
        5⤵
        
        PID:3832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15965.exe
      4⤵
      PID:9784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64549.exe
      4⤵
      PID:13424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14763.exe
      4⤵
      PID:5228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44246.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44246.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58675.exe
      4⤵
      PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51059.exe
        5⤵
        
        PID:7468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32119.exe
        5⤵
        
        PID:11952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        5⤵
        
        PID:15816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39222.exe
        5⤵
        
        PID:17548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50810.exe
      4⤵
      PID:8692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40133.exe
      4⤵
      PID:12752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10219.exe
      4⤵
      PID:17160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19371.exe
      4⤵
      PID:6320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8415.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8415.exe
    3⤵
    PID:5124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
      4⤵
      PID:12024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
      4⤵
      PID:15996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53668.exe
      4⤵
      PID:17716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-613.exe
    3⤵
    PID:9696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46159.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46159.exe
    3⤵
    PID:13244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47565.exe
    3⤵
    PID:4200
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29721.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29721.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62387.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62387.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42163.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51027.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20304.exe
        7⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
        8⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48880.exe
        9⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48114.exe
        9⤵
        
        PID:13000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30398.exe
        9⤵
        
        PID:16008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39030.exe
        9⤵
        
        PID:17936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40726.exe
        8⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10136.exe
        8⤵
        
        PID:12220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11748.exe
        8⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55834.exe
        8⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42678.exe
        7⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63539.exe
        8⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
        8⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62751.exe
        8⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        8⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
        7⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11393.exe
        7⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46223.exe
        7⤵
        
        PID:16012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33564.exe
        7⤵
        
        PID:17868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23868.exe
        6⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11570.exe
        7⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31507.exe
        8⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63726.exe
        9⤵
        
        PID:16348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36642.exe
        9⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43542.exe
        8⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
        8⤵
        
        PID:12808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23545.exe
        8⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43094.exe
        7⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15405.exe
        8⤵
        
        PID:12872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17431.exe
        8⤵
        
        PID:16420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-876.exe
        8⤵
        
        PID:17776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26087.exe
        7⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25873.exe
        7⤵
        
        PID:16128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48876.exe
        7⤵
        
        PID:17500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        6⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48691.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25047.exe
        7⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
        7⤵
        
        PID:16964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48346.exe
        7⤵
        
        PID:7220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62439.exe
        6⤵
        
        PID:8228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18955.exe
        6⤵
        
        PID:12128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        6⤵
        
        PID:16044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29359.exe
        6⤵
        
        PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-575.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62483.exe
        6⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37552.exe
        7⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2517.exe
        8⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35191.exe
        8⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17883.exe
        8⤵
        
        PID:15236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44572.exe
        8⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        7⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16187.exe
        7⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53551.exe
        7⤵
        
        PID:17088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46309.exe
        7⤵
        
        PID:9160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63361.exe
        6⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20849.exe
        7⤵
        
        PID:11792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62773.exe
        7⤵
        
        PID:15540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38707.exe
        7⤵
        
        PID:16576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49418.exe
        6⤵
        
        PID:11260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27086.exe
        6⤵
        
        PID:14572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35557.exe
        6⤵
        
        PID:18264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39140.exe
        5⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36825.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2416.exe
        7⤵
        
        PID:12984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9813.exe
        7⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6470.exe
        6⤵
        
        PID:10564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        6⤵
        
        PID:14480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17100.exe
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25008.exe
        6⤵
        
        PID:11016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe
        6⤵
        
        PID:14556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57197.exe
        6⤵
        
        PID:17976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13165.exe
        5⤵
        
        PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39348.exe
        5⤵
        
        PID:13412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61688.exe
        5⤵
        
        PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe
        5⤵
        
        PID:17428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51041.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47574.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
        6⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 628
        7⤵
        Program crash
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28889.exe
        6⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14526.exe
        6⤵
        
        PID:11708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
        6⤵
        
        PID:15484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
        6⤵
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51098.exe
        5⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27443.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57237.exe
        6⤵
        
        PID:12176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
        6⤵
        
        PID:16956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28278.exe
        6⤵
        
        PID:9932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27741.exe
        5⤵
        
        PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43272.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31723.exe
        5⤵
        
        PID:15932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32485.exe
        5⤵
        
        PID:18108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4361.exe
      4⤵
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20339.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22803.exe
        6⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31159.exe
        6⤵
        
        PID:11508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56607.exe
        6⤵
        
        PID:15164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
        6⤵
        
        PID:17476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1718.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30494.exe
        5⤵
        
        PID:11704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
        5⤵
        
        PID:15504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34370.exe
        5⤵
        
        PID:6776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
      4⤵
      PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52849.exe
        5⤵
        
        PID:16216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62167.exe
      4⤵
      PID:9772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6528.exe
      4⤵
      PID:13380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63111.exe
      4⤵
      PID:16652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28922.exe
      4⤵
      PID:6900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3446.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3446.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42163.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35952.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47543.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58704.exe
        7⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21392.exe
        8⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2452.exe
        8⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44223.exe
        8⤵
        
        PID:15172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44764.exe
        8⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13750.exe
        7⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39551.exe
        7⤵
        
        PID:13284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10436.exe
        7⤵
        
        PID:15244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48564.exe
        7⤵
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1277.exe
        6⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27118.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38935.exe
        7⤵
        
        PID:16168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
        7⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11654.exe
        6⤵
        
        PID:8244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60236.exe
        6⤵
        
        PID:13508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34140.exe
        6⤵
        
        PID:17724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56567.exe
        5⤵
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18608.exe
        6⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63795.exe
        7⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30973.exe
        7⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39784.exe
        7⤵
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22547.exe
        7⤵
        
        PID:18416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10230.exe
        6⤵
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27107.exe
        6⤵
        
        PID:10408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39784.exe
        6⤵
        
        PID:14368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30556.exe
        6⤵
        
        PID:18240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        5⤵
        
        PID:7272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46257.exe
        6⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exe
        6⤵
        
        PID:16648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26835.exe
        6⤵
        
        PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exe
        5⤵
        
        PID:9440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        5⤵
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22010.exe
        5⤵
        
        PID:9728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20118.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5711.exe
        5⤵
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42640.exe
        6⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26675.exe
        7⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        7⤵
        
        PID:12996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4571.exe
        7⤵
        
        PID:16492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
        7⤵
        
        PID:17448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35350.exe
        6⤵
        
        PID:8660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-152.exe
        6⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17415.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57711.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33564.exe
        6⤵
        
        PID:17464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25465.exe
        5⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30259.exe
        6⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48626.exe
        6⤵
        
        PID:13744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7867.exe
        6⤵
        
        PID:18392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19584.exe
        5⤵
        
        PID:8784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
        5⤵
        
        PID:13028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17038.exe
        5⤵
        
        PID:16440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13061.exe
        5⤵
        
        PID:3136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63582.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65470.exe
        5⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48267.exe
        6⤵
        
        PID:1176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44998.exe
        6⤵
        
        PID:17676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11654.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42665.exe
        5⤵
        
        PID:13796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        5⤵
        
        PID:6448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13353.exe
      4⤵
      PID:6760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29264.exe
        5⤵
        
        PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57330.exe
        5⤵
        
        PID:12056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49023.exe
        5⤵
        
        PID:15984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36109.exe
      4⤵
      PID:8820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64693.exe
      4⤵
      PID:12444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53598.exe
      4⤵
      PID:15512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8596.exe
      4⤵
      PID:7296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36609.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20659.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29235.exe
        5⤵
        
        PID:4356
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 636
        6⤵
        Program crash
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        5⤵
        
        PID:10660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43415.exe
        5⤵
        
        PID:14836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49094.exe
        5⤵
        
        PID:12776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18518.exe
      4⤵
      PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20339.exe
        5⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7026.exe
        6⤵
        
        PID:11252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49016.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37171.exe
        6⤵
        
        PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24128.exe
        5⤵
        
        PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17956.exe
        5⤵
        
        PID:13728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
        5⤵
        
        PID:6280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1190.exe
      4⤵
      PID:8096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20049.exe
        5⤵
        
        PID:13984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22143.exe
        5⤵
        
        PID:17648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35853.exe
      4⤵
      PID:9812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43892.exe
      4⤵
      PID:13328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37999.exe
      4⤵
      PID:6736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5711.exe
      4⤵
      PID:1184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35798.exe
        5⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56752.exe
        6⤵
        
        PID:8580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1684.exe
        6⤵
        
        PID:11652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11550.exe
        6⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17944.exe
        6⤵
        
        PID:17156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49908.exe
        6⤵
        
        PID:17876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19030.exe
        5⤵
        
        PID:9136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23390.exe
        5⤵
        
        PID:13276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42626.exe
        5⤵
        
        PID:16560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44506.exe
        5⤵
        
        PID:7684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42113.exe
      4⤵
      PID:8148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25558.exe
        5⤵
        
        PID:10732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60668.exe
        5⤵
        
        PID:15808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44572.exe
        5⤵
        
        PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
      4⤵
      PID:11384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13623.exe
      4⤵
      PID:15216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
      4⤵
      PID:5896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60782.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60782.exe
    3⤵
    PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36825.exe
      4⤵
      PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34225.exe
        5⤵
        
        PID:17224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3420.exe
        5⤵
        
        PID:8116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
      4⤵
      PID:10028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23525.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47077.exe
      4⤵
      PID:17952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
    3⤵
    PID:6520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13695.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13695.exe
    3⤵
    PID:9888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35843.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35843.exe
    3⤵
    PID:13468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
    3⤵
    PID:16664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41477.exe
    3⤵
    PID:17556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47809.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47809.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42163.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29811.exe
        6⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65470.exe
        7⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30481.exe
        8⤵
        
        PID:12792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        8⤵
        
        PID:14932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11654.exe
        7⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60428.exe
        7⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34882.exe
        7⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42678.exe
        6⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54547.exe
        7⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44274.exe
        7⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
        7⤵
        
        PID:16540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58765.exe
        7⤵
        
        PID:17492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29994.exe
        6⤵
        
        PID:9680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25710.exe
        6⤵
        
        PID:13808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64143.exe
        6⤵
        
        PID:17792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2265.exe
        5⤵
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4630.exe
        6⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59030.exe
        7⤵
        
        PID:10228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54782.exe
        6⤵
        
        PID:9396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44648.exe
        6⤵
        
        PID:12440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48751.exe
        6⤵
        
        PID:17044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18891.exe
        6⤵
        
        PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23549.exe
        5⤵
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
        6⤵
        
        PID:12108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16158.exe
        6⤵
        
        PID:16068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48013.exe
        6⤵
        
        PID:9592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25450.exe
        5⤵
        
        PID:8752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45007.exe
        5⤵
        
        PID:13048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50773.exe
        5⤵
        
        PID:16608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34065.exe
        5⤵
        
        PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29811.exe
        5⤵
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36825.exe
        6⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39638.exe
        7⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25815.exe
        7⤵
        
        PID:13248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        7⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17309.exe
        6⤵
        
        PID:9900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65509.exe
        6⤵
        
        PID:13480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1634.exe
        6⤵
        
        PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42113.exe
        5⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30934.exe
        6⤵
        
        PID:11044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45209.exe
        6⤵
        
        PID:16080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57686.exe
        6⤵
        
        PID:18100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16145.exe
        5⤵
        
        PID:15260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16000.exe
      4⤵
      PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11122.exe
        5⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51059.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57330.exe
        6⤵
        
        PID:12064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49023.exe
        6⤵
        
        PID:16088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58765.exe
        6⤵
        
        PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26710.exe
        5⤵
        
        PID:8744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-126.exe
        5⤵
        
        PID:12088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37317.exe
        5⤵
        
        PID:15764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18361.exe
        5⤵
        
        PID:5456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
      4⤵
      PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20206.exe
        5⤵
        
        PID:12952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16663.exe
        5⤵
        
        PID:15812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46806.exe
      4⤵
      PID:10580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12541.exe
      4⤵
      PID:14636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7828.exe
      4⤵
      PID:7196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51041.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51041.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18576.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10802.exe
        5⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51792.exe
        6⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49035.exe
        7⤵
        
        PID:16140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42117.exe
        7⤵
        
        PID:18368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2230.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16846.exe
        7⤵
        
        PID:16908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11173.exe
        7⤵
        
        PID:17928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57448.exe
        6⤵
        
        PID:13460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51418.exe
        6⤵
        
        PID:564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
        5⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        6⤵
        
        PID:11308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4148.exe
        6⤵
        
        PID:15228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39475.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34237.exe
        5⤵
        
        PID:10748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49908.exe
        5⤵
        
        PID:17992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22774.exe
      4⤵
      PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54547.exe
        5⤵
        
        PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44274.exe
        5⤵
        
        PID:13308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5973.exe
        5⤵
        
        PID:6372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31296.exe
      4⤵
      PID:8612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36360.exe
      4⤵
      PID:11564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41423.exe
      4⤵
      PID:15372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48203.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16198.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16198.exe
    3⤵
    - Executes dropped EXE
    PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13106.exe
      4⤵
      PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8917.exe
        5⤵
        
        PID:6948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15472.exe
        6⤵
        
        PID:11532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42871.exe
        6⤵
        
        PID:15004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7788.exe
        6⤵
        
        PID:1312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32790.exe
        5⤵
        
        PID:9808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
        5⤵
        
        PID:13860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1148.exe
        5⤵
        
        PID:6300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24352.exe
      4⤵
      PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34030.exe
        5⤵
        
        PID:11896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20788.exe
        5⤵
        
        PID:15880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38899.exe
        5⤵
        
        PID:544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57415.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25873.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63375.exe
      4⤵
      PID:18356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33709.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
      4⤵
      PID:8468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18996.exe
      4⤵
      PID:12980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49021.exe
      4⤵
      PID:18136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62231.exe
    3⤵
    PID:8636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28225.exe
    3⤵
    PID:4744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20422.exe
    3⤵
    PID:2636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31375.exe
    3⤵
    PID:17292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38122.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38122.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62256.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62256.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62355.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49110.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        6⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
        7⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51985.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20788.exe
        8⤵
        
        PID:15888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
        8⤵
        
        PID:17784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17790.exe
        7⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51429.exe
        7⤵
        
        PID:14896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34370.exe
        7⤵
        
        PID:7324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
        6⤵
        
        PID:7340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58440.exe
        6⤵
        
        PID:11364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30158.exe
        6⤵
        
        PID:15204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57242.exe
        5⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        6⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-605.exe
        6⤵
        
        PID:10548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20676.exe
        6⤵
        
        PID:14812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30218.exe
        5⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39025.exe
        6⤵
        
        PID:16760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24971.exe
        6⤵
        
        PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48750.exe
        5⤵
        
        PID:11140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10551.exe
        5⤵
        
        PID:14820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
      4⤵
      Executes dropped EXE
      PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
        5⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17366.exe
        6⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40150.exe
        7⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65144.exe
        7⤵
        
        PID:12516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2002.exe
        7⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2230.exe
        6⤵
        
        PID:10180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21499.exe
        6⤵
        
        PID:13628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3042.exe
        6⤵
        
        PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50775.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21841.exe
        6⤵
        
        PID:11684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe
        6⤵
        
        PID:16292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51821.exe
        6⤵
        
        PID:18184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5789.exe
        5⤵
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51330.exe
        5⤵
        
        PID:13680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        5⤵
        
        PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
      4⤵
      PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19856.exe
        5⤵
        
        PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50968.exe
        5⤵
        
        PID:11296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62216.exe
        5⤵
        
        PID:17124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19804.exe
        5⤵
        
        PID:18316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
      4⤵
      PID:8264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7336.exe
      4⤵
      PID:12248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
      4⤵
      PID:16356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24800.exe
      4⤵
      PID:16828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39609.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18.exe
      4⤵
      PID:1408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62800.exe
        5⤵
        
        PID:812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8943.exe
        6⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42736.exe
        7⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53887.exe
        7⤵
        
        PID:13976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5447.exe
        7⤵
        
        PID:17316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50868.exe
        7⤵
        
        PID:17692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5302.exe
        6⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17659.exe
        6⤵
        
        PID:13572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35045.exe
        6⤵
        
        PID:16884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55066.exe
        6⤵
        
        PID:16252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8701.exe
        5⤵
        
        PID:7268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23758.exe
        6⤵
        
        PID:16780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44422.exe
        6⤵
        
        PID:17624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57415.exe
        5⤵
        
        PID:11072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25873.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45036.exe
        5⤵
        
        PID:16940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22774.exe
      4⤵
      PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8079.exe
        5⤵
        
        PID:10928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1076.exe
        5⤵
        
        PID:14804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50430.exe
      4⤵
      PID:8556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5249.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41423.exe
      4⤵
      PID:15432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44965.exe
      4⤵
      PID:1108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64033.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64033.exe
    3⤵
    PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49939.exe
      4⤵
      PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6991.exe
        5⤵
        
        PID:8952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25815.exe
        5⤵
        
        PID:11876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        5⤵
        
        PID:17312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63230.exe
      4⤵
      PID:9364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30443.exe
      4⤵
      PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27970.exe
      4⤵
      PID:7604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31242.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31242.exe
    3⤵
    PID:7128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8079.exe
      4⤵
      PID:10864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16343.exe
      4⤵
      PID:14540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54478.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55960.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55960.exe
    3⤵
    PID:12764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53121.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53121.exe
    3⤵
    PID:17156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe
    3⤵
    PID:17440
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33808.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33808.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54867.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54867.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47600.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20339.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58387.exe
        6⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        6⤵
        
        PID:13072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32066.exe
        6⤵
        
        PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23062.exe
        5⤵
        
        PID:8380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
        5⤵
        
        PID:7736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
        5⤵
        
        PID:16588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16543.exe
        5⤵
        
        PID:17596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
      4⤵
      PID:7420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39025.exe
        5⤵
        
        PID:16792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30716.exe
        5⤵
        
        PID:17944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
      4⤵
      PID:10688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43415.exe
      4⤵
      PID:14828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
      4⤵
      PID:18024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11673.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11673.exe
    3⤵
    PID:4936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21462.exe
      4⤵
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2098.exe
        5⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3210.exe
        6⤵
        
        PID:13124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23025.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2230.exe
        5⤵
        
        PID:9764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17467.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23545.exe
        5⤵
        
        PID:6804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
      4⤵
      PID:8040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38654.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
      4⤵
      PID:12700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34370.exe
      4⤵
      PID:6972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36510.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36510.exe
    3⤵
    PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
      4⤵
      PID:11588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42871.exe
      4⤵
      PID:14916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47306.exe
      4⤵
      PID:7936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21894.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21894.exe
    3⤵
    PID:8632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59569.exe
      4⤵
      PID:16368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63881.exe
      4⤵
      PID:16588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
    3⤵
    PID:11504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24887.exe
    3⤵
    PID:15628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18347.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18347.exe
    3⤵
    PID:18256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63034.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63034.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
    3⤵
    PID:4952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24054.exe
      4⤵
      PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54129.exe
        5⤵
        
        PID:11804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe
        5⤵
        
        PID:16412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51364.exe
        5⤵
        
        PID:324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
      4⤵
      PID:9476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39593.exe
      4⤵
      PID:4848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1634.exe
      4⤵
      PID:3280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42113.exe
    3⤵
    PID:8152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
    3⤵
    PID:11376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13623.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13623.exe
    3⤵
    PID:15196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
    3⤵
    PID:18224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61312.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61312.exe
  2⤵
  PID:5172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65470.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65470.exe
    3⤵
    PID:7800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22143.exe
      4⤵
      PID:17656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65286.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65286.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8079.exe
    3⤵
    PID:10936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16343.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16343.exe
    3⤵
    PID:14588
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55985.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55985.exe
  2⤵
  PID:8624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22871.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22871.exe
  2⤵
  PID:11516
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32704.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32704.exe
  2⤵
  PID:16444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 4904 -ip 4904
1⤵
PID:992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 4904 -ip 4904
1⤵
PID:5044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4356 -ip 4356
1⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 200 -p 5980 -ip 5980
1⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 7960 -ip 7960
1⤵
PID:10260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 15452 -ip 15452
1⤵
PID:16928

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12095.exe

Filesize
468KB

MD5
55c9638d8498bfc85c4d53a92cee7a2b

SHA1
f28f19afe7112307958e0a765f5997b13e97e46f

SHA256
5b665512d97388b49b6b9892c2b03b4cbc39860fc084b0b7f39d6a5c951e10c8

SHA512
f65c58aab175572208ff05d1db143664a998894570e162cf5eace16e828b6435fbb0e713107c7780c3cce22eb9bf08557f932ef1c083e5318c73f825c5eb0bc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14873.exe

Filesize
468KB

MD5
fe50b3956360c25b7591417bae8c6e36

SHA1
0c5d5d8ed6eefb3066a0c82e8406c9d1387a6513

SHA256
25851fa336d5d452f4673e4ed390e338b19a07b50f6068af3a52df35376b6c2c

SHA512
153184205838376c4a4027bfb82d2dd5778cff25cc0292673c01ab2c28ccf32c4b0071533fea2b8ebd153dbcc2b98471253ba1ac54bab534c5a8ea78be08cc9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16531.exe

Filesize
468KB

MD5
8737f2d99d215dc47111380ca3ea5dc8

SHA1
11dd739a5562b647af1d5b7cf60783a89fb1be35

SHA256
6f1748d9b89fa23ee193c45a2bc4fb4bd24b66637144620f8beca69b83118256

SHA512
7c650b1bb46633c281f3ac7be8a0ab4e27eb0da8b72aeb17db0d5f64d03090d4ebf358196e2ee934d2f0763ef08ba117fcc4a51179c5a83b1f831cb48a3a3297

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22873.exe

Filesize
468KB

MD5
4ce5b5c573dcf7447101e6eb02e8c734

SHA1
b4c99f43213a39020346c4100f365b29d7170b8a

SHA256
16f6c195b4ea73e8802a2d84b16936ef32f847df6d8f19df4fbc5a3676ab20a0

SHA512
f93a73b6a4596fd3a83ca9f6204883eb9ea9b1e046e24e89563331f2b477397c203c2953bbae4ea46bdd8cd5e3377a301fdae4f5fc2cdb28bca0b4eeb421f1ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe

Filesize
468KB

MD5
a92bc6a700296db8a851f522ee625e65

SHA1
4ecc660a28bb9331cdac9d55784942df9bb19563

SHA256
2993d4989ac0359b0a5f8478fcfb3ff17a263e93dd55699d37f1dfd67cfa8815

SHA512
cefa992fd7901ed9f614e9fb19d4bb403d0d36f25d08efde44f79d842f67c7267658087a993687f3a744ab90d0a4fae8ec0af3f09b68581635a9e75e3bc1a35b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe

Filesize
468KB

MD5
2e9c9619a0ba4fe3b0bb036634e28406

SHA1
7a37756bf6e139be183b336fa797970fb0d3d86c

SHA256
f4c101e368860e5a40a8b33e7ff7a07bbdf02198cea4c960a619e5d09ba299a2

SHA512
5dc4f8772570cb20cf58c5a0e8d2a81d7dbc7a770adc5ec0cedea3586b6ee60ea4d9b5a3aded371f47cf067612ae1abdd546e15c79944f8b9493ab95d2d2c63b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29331.exe

Filesize
468KB

MD5
afa9b9c761165d1e60951e9ec0c7843d

SHA1
ce0d39c90229967f9ed45d17d7fe37c0b0d5e5c7

SHA256
20032faf80a60b5950e945b8bcb072a9edd1747ab28c308b63bee1b3925f208a

SHA512
a3680f5721d2a58af7666d40f6b2c05ee23cd866b438eef26b1fa6f368de45799eacff6cac936220741577bc66139508d5d1a5427ff6653ceca2dbcaea9ee02d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29721.exe

Filesize
468KB

MD5
4097ad75924bfb4b99ef478fd59e028c

SHA1
9c488bd40a1d4ccd221c28849059994bb43165a5

SHA256
319571ed105ae8a1b07b17682338d1579ff193bb256f91122e8a6f6790164c4f

SHA512
155fa89407e7c5b667c993f3d100ebafb4ade2dd9bbd66c272207e13378b968039575d884156e31b245a3bc158de097656c1c3922a440efed0d03caa45bc40fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31123.exe

Filesize
468KB

MD5
a0aca60156c7967203702daa99576573

SHA1
d8d12ae420b385576929235d5ed0c356f5d16db1

SHA256
e72072e61dee207974636a1167b900894190c2d21de2c53f8f17f2f01d7f963f

SHA512
7eb17b18ddfbd487d703cd9d6ec7615e01285b37f1a9595c533189c4b62dbd453d50d58af3c8a23f2d67fcf9937810dba889dba9a891665f4bddee35359d2159

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31961.exe

Filesize
468KB

MD5
f3158c7d655e172c5e1c46f46aa6213a

SHA1
a62643834bb294591889446b967b95a76cbfe392

SHA256
5ced4b8baa52131d0810a29bab5c7eed06acb350d1e2ef744f5f75338fb9aa20

SHA512
16e76690d3beaf91ec5f0967ab79dcdfa47c3c75c9bdddb130a783894d5c258afb93a7287f7f577d963f613fd319a4f3c902a494ec7cb2d2433f317ddf9237b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe

Filesize
468KB

MD5
978ba222182ed7e20874396bba13e507

SHA1
316c8ba27fc0417983479ec5966b3ce60445499f

SHA256
e188a60c680e08c1ed812ffc6152460ccb9f15ae7e43ca6078340f7e3434bddf

SHA512
1058d3d3b07a3827c7bdd925f135ad21dfa3e7d64ddeb66d89430371bb622e461067859ed38a350641cd14a7bb50075e0982d7d6674cfdcc20100b19eaa9db0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33808.exe

Filesize
468KB

MD5
bbbc9174f2c5dd4f8a57307a8ed47da4

SHA1
44b67b4a014b4774902f946b6106e013ba71fae8

SHA256
1f6965a9b2698b80dafcbd4c5f6dd8e71190ff918dd37645b6916d8f32d6c6e0

SHA512
afcaeae7945048e6dda456e7130849ede1c7a97da836adc60bdec163344d75b758e9b522c5e885d7566d85666d8e7799ea812178ad61c307b1076084dfec0c38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3439.exe

Filesize
468KB

MD5
ddb69e716351db72aa912798927be03d

SHA1
de6f8aac6788389172459782294b089116cd1fcb

SHA256
244fa0fd1eea2e27ef4450c976416bc6a8f8c6df4a44ac45f4b3d3a050d0e0f5

SHA512
41499b123b7008a766ff076ebb54057984d5634819a9b0cd8949eff42691c066da94a92c9741b8d5cee300ab6bb8127f82d571625afe0921db2f87ea62b56a6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3446.exe

Filesize
468KB

MD5
015255f1ea96fb00ae9a6c889ba8fe46

SHA1
f60f9ca9e000c0e60d6e52a4a0f7381fd1def1b4

SHA256
20b2cdb9d013db8908398bb4ced4ac3ee6a9e1d0217665aad0e8340e867ac334

SHA512
752dc06646052d74344f82417a8c4c23026b18d72705a48010004da36b169638a1afc665ef5aefb4d742f135bc51fd9d31e8483cbd0923557ab28ec0646e9ed6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36609.exe

Filesize
468KB

MD5
b165818f4bafb07d94f88936b7212c61

SHA1
8ac3ab78284a150382dbabcbf592cda85684c031

SHA256
5b6497c182fc4124693dcebf95d45179bb3479ab4b82a2d87aa70f6e5116a149

SHA512
6fc920807b39080c4ea5eb44536edc52989523e9ed72306cda9f7b7c6ee51f2e3ba97cc3192fb9b527a5f013d72e8bd69e65a0b67198b81ae9f377b79ae010d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38122.exe

Filesize
468KB

MD5
66c2818ed9bab0e0352d1b0b5c993c4d

SHA1
34e1ed6fdd0551b8df732c0599c975a8e6d5bd97

SHA256
5fc35238c3bb40ee820f80ffac162428aee8776f519a1f9c6df9f56b30e6531d

SHA512
d1848eb511544caafaf7ec279c71e7f00e18951a920763500bdb4b8734cd739e3ebe6a9fa3cd69249d7b5040495d838f44d85d4d1aa5a6fdfc5808a06faa839a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3865.exe

Filesize
468KB

MD5
6bd563954ffa916778c8cc3feeedb453

SHA1
654632a7955f672c680121833237a632ac564d49

SHA256
536ae8afb42af59e2f68e19b21bd2a2cb00271a00da40f86e9a558e516a0f43d

SHA512
d0091743cb161f80e8ff0062f5b2705e8efaf606f9692bdeb77f35ba74dacd66e8a95b4af2b855c9ca888c97fb128eee4d7e665dbd654e63a50ca7763cf7d0df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39609.exe

Filesize
468KB

MD5
ec861e9c67b5a2d1f406b91eef4590d9

SHA1
0cf008d9edc5f3b6c7f4b529100778b4f7660d4d

SHA256
cef4393afe6e3fb3ef7ecef1489a50be673dc2b054a38a7c1d75b8746ca7950c

SHA512
7bf76709fb70064777f7e22f54148c16af3e8d08d801a6889e9ef913e7ce91315152dc48a11cd7617856376fbd8e5b7f5c4248b21d9a919322c384d54c058072

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42163.exe

Filesize
468KB

MD5
b1e47d1f2df1042e87b4e0a99272307e

SHA1
6fcd5a232f5c372bad9cf1bb8e3bb1a4d3bcdb5f

SHA256
f7a0ea1abc2524e83e082d6fe0e4ba423105538e0938b878b81cd074ea68cab1

SHA512
1c8b7c0faf546b43ea14ecfcfc791a39623a3d5ae4ddcc0a51313d02ff0c566fe230762b6330a6a19117e4252c1686878f1e955654aa1a22b5a21969c40cd75c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42474.exe

Filesize
468KB

MD5
182f186ca0c8e17d9c31f24498894bc0

SHA1
a8e921dcbf009fb4cb2eb16d814c6ffa46864fb6

SHA256
37b47996cdc52ce5d869c689cd41338aecd2dac22e5a1473356e8ec4c0bd6dd2

SHA512
64f82f6e2bc413dce1e5149db0b78e1b624e72239170c9729d69986a0c6901559625b371c7304aa6a935ed3ee253eb5b931f0a3c873a344e259fada0038b47d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe

Filesize
468KB

MD5
e89d3e5954af67a6fa3a875bdac39f2f

SHA1
d2993cd8787cb4c36039a4672d0ba469527ffa6c

SHA256
3149881fba772276a002ededc3bb15fa59a9427df29191d0556bd74cf6c21935

SHA512
8c295d9128a598269a3ea3fc3cf784d157f998a17839f5c82b5b883f91d5e3b7326659bc8b7f2e8e71dca5c002a2664612e75eee411266bc17adde302cebf57e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42640.exe

Filesize
468KB

MD5
2bc025e1937712dc655b30c747d7c525

SHA1
b8c492f961aef54775c1e87ef14b87f58e8e9f0d

SHA256
3f1a20e542a402cdcdf170aa9c48857d751473c30750c54d7b9de951003f1c62

SHA512
d4d9e035e52e69533a9de5f20f30112023456945ac5d65bf87e95d166a3828b527d69dd3f0b7335ff7e8bb97cf729a5e97b8c3447952be410ac9a38b2df4b7b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4704.exe

Filesize
468KB

MD5
39df10170dd003e27c68662637f1dc73

SHA1
7260ac7f81520c98326bc7194abf37650c1c7636

SHA256
fb9da24e1daead2431906d02a33775257c6a4f03c8121c47ebbd39188b7c7fed

SHA512
c4d314d3f98add4cc4f015625541ba844dc8ad068d9c47c43d3c3a5a5e9e15a6a84ee66e7071339dd00b783d6f4cfe4830f9349bb1f4af7c7658b176a7325d03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47809.exe

Filesize
468KB

MD5
3c0bbd7ae136927de3f7bd9ffe2462c5

SHA1
01b3cb56f9888b714eb78a4f4f0fffca4d4a823c

SHA256
6439f0202ce49e8039d20a85d6e142f2b40689f8e2ad10df6bad0d4e18417910

SHA512
b6c1c17bb2649e71057faaf6fe94949bfa5b12681f906d59fc9b8cd0829bc7bfd34f8b509764203aa745f22ffe283fca1f0c615795993464f94d18c0736560a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51041.exe

Filesize
468KB

MD5
285b99e5da11fa530d3e6343bb403210

SHA1
97d3ba32b886314d7a554592643e44969db20bab

SHA256
be4714087c33735d128051d13efd316dd5b4436bf3f41d9e8b89cc07f4cb94a0

SHA512
ec99bca20b8d1cb79ce1ff6b39cd84c075cee8b867d56634d8f0a9742c515ab13d803dd805c13d27a8e98c5895ec2e33dfd33aa66709330e04c96d4720c2a00c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58707.exe

Filesize
468KB

MD5
5395b74f6c760db5f4ee2cb9438642fd

SHA1
01006823859b9321fb18f0ca464b173ab12c559e

SHA256
7107c41e246e64b77dcb89e829360b6529c3eafe9c5849dbeabcfd1cbf307d15

SHA512
9a39e6cf92e0e803b8f5ef7a379e74b609eeec1c86ddee09d5a02ec7e0f4f53584446049519af4d94ba5f12a1f7e4f1964d976b89fefd48083cf783a190adcee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59018.exe

Filesize
468KB

MD5
dac56814b1966a2dd3f64a5dffb9b444

SHA1
411e78238cc8f0ebc66eba36094c05f3bbc8149b

SHA256
79a046f5437fcd1bc1adbac19c3226d0b6c9964288828af92d1531652dd3a167

SHA512
f41b12aee4e5d50e3d61dab389817c4a879eee2920a6184293f3ecb3698d99281f9d019686eefeb67fe90ce8ab44c69bf9d6849db5cf12bfbbfef8428ed201cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62256.exe

Filesize
468KB

MD5
5566bdd5db673fccb05faa0a13069443

SHA1
82a6254f98ee0a64693549ad8ec489383f6a1041

SHA256
9f9d0bed21f0b0f2dbae985c0252965aa0f927fa58e6b2a6e27c5f162a08fc44

SHA512
02669140c3394d474cb16474cac41734359e891ced3115aeb2b0f321dcf9fc32a5aa6021d70a7f5de212562881d619d7f1e8507c4867ef1386ad56db4e273cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62355.exe

Filesize
468KB

MD5
20a759235e6101ba7cd5940cab7e8df8

SHA1
48e71df79bc8e4fd86a99e09cc8498302f2e3e8e

SHA256
f894bcc5c5cfa4d6b1cea6eb44e98377e702c8ea16c382a3fd091f22cc82bffa

SHA512
46fc53e54b124eca40b25ce7cea93c3ac8b54a92ab07f98487ff5d5062bc9e4b0b4a8b6a7d0c8fe912e018a0da4977bf848a803b37a17ca5884758832ce68f3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62387.exe

Filesize
468KB

MD5
934171a89f625535c274c9a20d18ba99

SHA1
adc9596b6a11d14b07c37f53ec1a6873e78b3d98

SHA256
0963047fede4123f5c5dcf0d43db8d5214ccbdddeb53aecc54fc3a8a4dc25278

SHA512
11b3f89e5a5ffbcbef0060c08f6382eb6bb52a4da6c48665c3c5cd819733313d0649ada7f14633f9b7d69c3cf4a1d2b70782e6afed4db6f584a9a86a24936d15

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads