edfcde1696797d3137d30a70f15fb7e6e57ce7ba8544c1b8656f749e94a660d8

Analysis

max time kernel
114s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 08:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

edfcde1696797d3137d30a70f15fb7e6e57ce7ba8544c1b8656f749e94a660d8N.exe
Size

468KB
MD5

46da8957e418f65c4ff02765f19859b0
SHA1

22dea607b8a1317dc65698dcfac999e196963946
SHA256

edfcde1696797d3137d30a70f15fb7e6e57ce7ba8544c1b8656f749e94a660d8
SHA512

6fd6d23b7489aea2e68aa6c7adc6225adfa86c57980b0110490ce4e1ca1bfc8438309907c579ced4121dbd196d91367955d5234f73bfad25a86ce83c5ba0d96d
SSDEEP

3072:4belogxaIU57tbYZPzcfmbfD/n2DnsIH/QmyeQVqNT5Kkki3u3ulj:4b4oCc7tCP4fmbfra19T5D73u3

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4188	Unicorn-43972.exe
2396	Unicorn-13515.exe
4288	Unicorn-34682.exe
784	Unicorn-22940.exe
1408	Unicorn-42570.exe
3188	Unicorn-56306.exe
4252	Unicorn-28162.exe
2112	Unicorn-47260.exe
4804	Unicorn-61795.exe
3612	Unicorn-7955.exe
2516	Unicorn-42858.exe
912	Unicorn-32579.exe
4360	Unicorn-32844.exe
1188	Unicorn-22668.exe
4452	Unicorn-49402.exe
4568	Unicorn-65428.exe
1736	Unicorn-12890.exe
4480	Unicorn-43036.exe
1588	Unicorn-26700.exe
1704	Unicorn-18532.exe
1656	Unicorn-56227.exe
4820	Unicorn-1625.exe
956	Unicorn-2387.exe
4388	Unicorn-4425.exe
3988	Unicorn-10555.exe
3364	Unicorn-2122.exe
5104	Unicorn-56227.exe
4232	Unicorn-44188.exe
968	Unicorn-57867.exe
4272	Unicorn-38266.exe
1924	Unicorn-58132.exe
608	Unicorn-26996.exe
2460	Unicorn-31826.exe
1108	Unicorn-51692.exe
2928	Unicorn-21057.exe
2576	Unicorn-52460.exe
4912	Unicorn-65459.exe
3272	Unicorn-11619.exe
2912	Unicorn-8282.exe
1516	Unicorn-21900.exe
1308	Unicorn-55148.exe
4512	Unicorn-55148.exe
3076	Unicorn-55148.exe
232	Unicorn-18946.exe
5004	Unicorn-38812.exe
3852	Unicorn-61972.exe
4724	Unicorn-45636.exe
3304	Unicorn-28729.exe
2152	Unicorn-31529.exe
4412	Unicorn-64394.exe
3036	Unicorn-62091.exe
4872	Unicorn-9818.exe
1788	Unicorn-5179.exe
4536	Unicorn-37082.exe
5100	Unicorn-62548.exe
1940	Unicorn-46212.exe
1144	Unicorn-40290.exe
4836	Unicorn-32122.exe
3448	Unicorn-29521.exe
1716	Unicorn-26721.exe
3864	Unicorn-10379.exe
1996	Unicorn-7042.exe
4636	Unicorn-51604.exe
5076	Unicorn-35268.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
7944	5392	WerFault.exe	217
10032	6056	WerFault.exe	229
9868	4244	WerFault.exe	237
17388	15976	WerFault.exe	781
2896	8428	WerFault.exe	450
7020	15012	WerFault.exe	726

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37555.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6155.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4275.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58307.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2210.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55148.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1251.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13034.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57067.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56306.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10779.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32073.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59082.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13451.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49508.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35794.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58634.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17041.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36090.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20892.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51531.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30009.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19804.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54466.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57258.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61882.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65252.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20892.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33018.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38666.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	1864	dwm.exe
Token: SeChangeNotifyPrivilege	1864	dwm.exe
Token: 33	1864	dwm.exe
Token: SeIncBasePriorityPrivilege	1864	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4900	edfcde1696797d3137d30a70f15fb7e6e57ce7ba8544c1b8656f749e94a660d8N.exe
4188	Unicorn-43972.exe
4288	Unicorn-34682.exe
2396	Unicorn-13515.exe
784	Unicorn-22940.exe
1408	Unicorn-42570.exe
3188	Unicorn-56306.exe
4252	Unicorn-28162.exe
2112	Unicorn-47260.exe
3612	Unicorn-7955.exe
4804	Unicorn-61795.exe
2516	Unicorn-42858.exe
4360	Unicorn-32844.exe
912	Unicorn-32579.exe
1188	Unicorn-22668.exe
4452	Unicorn-49402.exe
4568	Unicorn-65428.exe
1736	Unicorn-12890.exe
1588	Unicorn-26700.exe
4480	Unicorn-43036.exe
4820	Unicorn-1625.exe
3988	Unicorn-10555.exe
4388	Unicorn-4425.exe
1656	Unicorn-56227.exe
1704	Unicorn-18532.exe
956	Unicorn-2387.exe
3364	Unicorn-2122.exe
5104	Unicorn-56227.exe
968	Unicorn-57867.exe
4232	Unicorn-44188.exe
1924	Unicorn-58132.exe
4272	Unicorn-38266.exe
608	Unicorn-26996.exe
1108	Unicorn-51692.exe
2460	Unicorn-31826.exe
2928	Unicorn-21057.exe
2576	Unicorn-52460.exe
4912	Unicorn-65459.exe
3272	Unicorn-11619.exe
2912	Unicorn-8282.exe
1516	Unicorn-21900.exe
1308	Unicorn-55148.exe
4512	Unicorn-55148.exe
5004	Unicorn-38812.exe
3076	Unicorn-55148.exe
232	Unicorn-18946.exe
3852	Unicorn-61972.exe
4724	Unicorn-45636.exe
2152	Unicorn-31529.exe
3304	Unicorn-28729.exe
5100	Unicorn-62548.exe
1144	Unicorn-40290.exe
1940	Unicorn-46212.exe
1788	Unicorn-5179.exe
3036	Unicorn-62091.exe
4536	Unicorn-37082.exe
4872	Unicorn-9818.exe
1716	Unicorn-26721.exe
3448	Unicorn-29521.exe
4412	Unicorn-64394.exe
4836	Unicorn-32122.exe
1996	Unicorn-7042.exe
3864	Unicorn-10379.exe
2080	Unicorn-51796.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 4188	4900	edfcde1696797d3137d30a70f15fb7e6e57ce7ba8544c1b8656f749e94a660d8N.exe	86
PID 4900 wrote to memory of 4188	4900	edfcde1696797d3137d30a70f15fb7e6e57ce7ba8544c1b8656f749e94a660d8N.exe	86
PID 4900 wrote to memory of 4188	4900	edfcde1696797d3137d30a70f15fb7e6e57ce7ba8544c1b8656f749e94a660d8N.exe	86
PID 4188 wrote to memory of 2396	4188	Unicorn-43972.exe	87
PID 4188 wrote to memory of 2396	4188	Unicorn-43972.exe	87
PID 4188 wrote to memory of 2396	4188	Unicorn-43972.exe	87
PID 4900 wrote to memory of 4288	4900	edfcde1696797d3137d30a70f15fb7e6e57ce7ba8544c1b8656f749e94a660d8N.exe	88
PID 4900 wrote to memory of 4288	4900	edfcde1696797d3137d30a70f15fb7e6e57ce7ba8544c1b8656f749e94a660d8N.exe	88
PID 4900 wrote to memory of 4288	4900	edfcde1696797d3137d30a70f15fb7e6e57ce7ba8544c1b8656f749e94a660d8N.exe	88
PID 4288 wrote to memory of 784	4288	Unicorn-34682.exe	89
PID 4288 wrote to memory of 784	4288	Unicorn-34682.exe	89
PID 4288 wrote to memory of 784	4288	Unicorn-34682.exe	89
PID 4188 wrote to memory of 1408	4188	Unicorn-43972.exe	90
PID 4188 wrote to memory of 1408	4188	Unicorn-43972.exe	90
PID 4188 wrote to memory of 1408	4188	Unicorn-43972.exe	90
PID 4900 wrote to memory of 3188	4900	edfcde1696797d3137d30a70f15fb7e6e57ce7ba8544c1b8656f749e94a660d8N.exe	91
PID 4900 wrote to memory of 3188	4900	edfcde1696797d3137d30a70f15fb7e6e57ce7ba8544c1b8656f749e94a660d8N.exe	91
PID 4900 wrote to memory of 3188	4900	edfcde1696797d3137d30a70f15fb7e6e57ce7ba8544c1b8656f749e94a660d8N.exe	91
PID 2396 wrote to memory of 4252	2396	Unicorn-13515.exe	92
PID 2396 wrote to memory of 4252	2396	Unicorn-13515.exe	92
PID 2396 wrote to memory of 4252	2396	Unicorn-13515.exe	92
PID 784 wrote to memory of 2112	784	Unicorn-22940.exe	93
PID 784 wrote to memory of 2112	784	Unicorn-22940.exe	93
PID 784 wrote to memory of 2112	784	Unicorn-22940.exe	93
PID 4288 wrote to memory of 4804	4288	Unicorn-34682.exe	94
PID 4288 wrote to memory of 4804	4288	Unicorn-34682.exe	94
PID 4288 wrote to memory of 4804	4288	Unicorn-34682.exe	94
PID 1408 wrote to memory of 3612	1408	Unicorn-42570.exe	95
PID 1408 wrote to memory of 3612	1408	Unicorn-42570.exe	95
PID 1408 wrote to memory of 3612	1408	Unicorn-42570.exe	95
PID 4188 wrote to memory of 2516	4188	Unicorn-43972.exe	96
PID 4188 wrote to memory of 2516	4188	Unicorn-43972.exe	96
PID 4188 wrote to memory of 2516	4188	Unicorn-43972.exe	96
PID 4900 wrote to memory of 912	4900	edfcde1696797d3137d30a70f15fb7e6e57ce7ba8544c1b8656f749e94a660d8N.exe	97
PID 4900 wrote to memory of 912	4900	edfcde1696797d3137d30a70f15fb7e6e57ce7ba8544c1b8656f749e94a660d8N.exe	97
PID 4900 wrote to memory of 912	4900	edfcde1696797d3137d30a70f15fb7e6e57ce7ba8544c1b8656f749e94a660d8N.exe	97
PID 3188 wrote to memory of 4360	3188	Unicorn-56306.exe	98
PID 3188 wrote to memory of 4360	3188	Unicorn-56306.exe	98
PID 3188 wrote to memory of 4360	3188	Unicorn-56306.exe	98
PID 4252 wrote to memory of 1188	4252	Unicorn-28162.exe	99
PID 4252 wrote to memory of 1188	4252	Unicorn-28162.exe	99
PID 4252 wrote to memory of 1188	4252	Unicorn-28162.exe	99
PID 2396 wrote to memory of 4452	2396	Unicorn-13515.exe	100
PID 2396 wrote to memory of 4452	2396	Unicorn-13515.exe	100
PID 2396 wrote to memory of 4452	2396	Unicorn-13515.exe	100
PID 2112 wrote to memory of 4568	2112	Unicorn-47260.exe	101
PID 2112 wrote to memory of 4568	2112	Unicorn-47260.exe	101
PID 2112 wrote to memory of 4568	2112	Unicorn-47260.exe	101
PID 784 wrote to memory of 1736	784	Unicorn-22940.exe	102
PID 784 wrote to memory of 1736	784	Unicorn-22940.exe	102
PID 784 wrote to memory of 1736	784	Unicorn-22940.exe	102
PID 3612 wrote to memory of 4480	3612	Unicorn-7955.exe	103
PID 3612 wrote to memory of 4480	3612	Unicorn-7955.exe	103
PID 3612 wrote to memory of 4480	3612	Unicorn-7955.exe	103
PID 4804 wrote to memory of 1588	4804	Unicorn-61795.exe	104
PID 4804 wrote to memory of 1588	4804	Unicorn-61795.exe	104
PID 4804 wrote to memory of 1588	4804	Unicorn-61795.exe	104
PID 2516 wrote to memory of 1704	2516	Unicorn-42858.exe	105
PID 2516 wrote to memory of 1704	2516	Unicorn-42858.exe	105
PID 2516 wrote to memory of 1704	2516	Unicorn-42858.exe	105
PID 4900 wrote to memory of 4820	4900	edfcde1696797d3137d30a70f15fb7e6e57ce7ba8544c1b8656f749e94a660d8N.exe	108
PID 4900 wrote to memory of 4820	4900	edfcde1696797d3137d30a70f15fb7e6e57ce7ba8544c1b8656f749e94a660d8N.exe	108
PID 4900 wrote to memory of 4820	4900	edfcde1696797d3137d30a70f15fb7e6e57ce7ba8544c1b8656f749e94a660d8N.exe	108
PID 3188 wrote to memory of 1656	3188	Unicorn-56306.exe	106

C:\Users\Admin\AppData\Local\Temp\edfcde1696797d3137d30a70f15fb7e6e57ce7ba8544c1b8656f749e94a660d8N.exe
"C:\Users\Admin\AppData\Local\Temp\edfcde1696797d3137d30a70f15fb7e6e57ce7ba8544c1b8656f749e94a660d8N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43972.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43972.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13515.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13515.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28162.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22668.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44188.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5179.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6539.exe
        8⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29612.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7731.exe
        10⤵
        
        PID:11616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41130.exe
        10⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58779.exe
        9⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
        9⤵
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61355.exe
        8⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        9⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62914.exe
        8⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34691.exe
        8⤵
        
        PID:14736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62875.exe
        7⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 492
        8⤵
        Program crash
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
        7⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
        7⤵
        
        PID:11920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13721.exe
        7⤵
        
        PID:15876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58634.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
        7⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
        8⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18338.exe
        8⤵
        
        PID:11944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16521.exe
        8⤵
        
        PID:15892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54155.exe
        7⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24191.exe
        8⤵
        
        PID:17288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24867.exe
        7⤵
        
        PID:12896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
        7⤵
        
        PID:15044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35875.exe
        6⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20892.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55251.exe
        7⤵
        
        PID:13856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1193.exe
        6⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32826.exe
        6⤵
        
        PID:13272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54327.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38266.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35002.exe
        6⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58812.exe
        7⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62284.exe
        8⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22148.exe
        9⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25844.exe
        9⤵
        
        PID:16488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65026.exe
        8⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51603.exe
        8⤵
        
        PID:15296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26473.exe
        7⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20924.exe
        8⤵
        
        PID:14720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
        7⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        7⤵
        
        PID:15440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59994.exe
        6⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23852.exe
        7⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7347.exe
        8⤵
        
        PID:11112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25844.exe
        8⤵
        
        PID:16040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42354.exe
        7⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61882.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15012 -s 464
        8⤵
        Program crash
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23019.exe
        6⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64071.exe
        7⤵
        
        PID:17224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
        6⤵
        
        PID:11472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exe
        6⤵
        
        PID:16032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29521.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37484.exe
        6⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27116.exe
        7⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        8⤵
        
        PID:15084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30242.exe
        7⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32167.exe
        8⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        7⤵
        
        PID:13516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65107.exe
        6⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61764.exe
        7⤵
        
        PID:15656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
        6⤵
        
        PID:10120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52267.exe
        6⤵
        
        PID:11504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41059.exe
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12154.exe
        6⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6022.exe
        7⤵
        
        PID:16544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56090.exe
        6⤵
        
        PID:11088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2210.exe
        6⤵
        
        PID:15076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45674.exe
        5⤵
        
        PID:8076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52707.exe
        5⤵
        
        PID:10816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59612.exe
        5⤵
        
        PID:15172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49402.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58132.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46212.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65252.exe
        7⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44324.exe
        8⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37644.exe
        9⤵
        
        PID:15164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18130.exe
        8⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7097.exe
        8⤵
        
        PID:14396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
        7⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38027.exe
        7⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        7⤵
        
        PID:15000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44147.exe
        6⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
        7⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61188.exe
        8⤵
        
        PID:16240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
        7⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
        7⤵
        
        PID:15460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43770.exe
        6⤵
        
        PID:8520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13818.exe
        6⤵
        
        PID:12268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56482.exe
        6⤵
        
        PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32122.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4043.exe
        6⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29612.exe
        7⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33684.exe
        8⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27101.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65026.exe
        7⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51603.exe
        7⤵
        
        PID:15192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34641.exe
        6⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
        6⤵
        
        PID:11732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        6⤵
        
        PID:15640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23185.exe
        5⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
        6⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25516.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12109.exe
        7⤵
        
        PID:16468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64643.exe
        6⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11897.exe
        6⤵
        
        PID:13020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46126.exe
        6⤵
        
        PID:17108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55107.exe
        5⤵
        
        PID:7852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40212.exe
        6⤵
        
        PID:11316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        6⤵
        
        PID:648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61074.exe
        5⤵
        
        PID:10884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42546.exe
        5⤵
        
        PID:14448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62548.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20956.exe
        6⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19804.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41202.exe
        8⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28825.exe
        8⤵
        
        PID:14724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4866.exe
        7⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20257.exe
        7⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
        7⤵
        
        PID:17252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64043.exe
        6⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56548.exe
        7⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        7⤵
        
        PID:16656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45515.exe
        6⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3529.exe
        6⤵
        
        PID:13932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60379.exe
        5⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63244.exe
        6⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60036.exe
        7⤵
        
        PID:15284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58971.exe
        6⤵
        
        PID:10280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        6⤵
        
        PID:11972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32905.exe
        5⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7347.exe
        6⤵
        
        PID:10760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28889.exe
        5⤵
        
        PID:11804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37834.exe
        5⤵
        
        PID:15740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26721.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7883.exe
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21444.exe
        6⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20732.exe
        7⤵
        
        PID:15304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58779.exe
        6⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14689.exe
        6⤵
        
        PID:13836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53187.exe
        5⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35148.exe
        6⤵
        
        PID:14944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61099.exe
        5⤵
        
        PID:11964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20929.exe
        5⤵
        
        PID:15948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41514.exe
      4⤵
      PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
      4⤵
      PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
        5⤵
        
        PID:11988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29595.exe
        5⤵
        
        PID:15960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34681.exe
      4⤵
      PID:8684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        5⤵
        
        PID:16332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        5⤵
        
        PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39258.exe
      4⤵
      PID:11960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-909.exe
      4⤵
      PID:16492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42570.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42570.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7955.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43036.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11619.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51443.exe
        7⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49508.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20892.exe
        9⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14026.exe
        9⤵
        
        PID:13780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30242.exe
        8⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        8⤵
        
        PID:13508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48814.exe
        8⤵
        
        PID:16644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53954.exe
        7⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22148.exe
        8⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1250.exe
        8⤵
        
        PID:16180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12842.exe
        7⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25921.exe
        7⤵
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37306.exe
        6⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31532.exe
        7⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14923.exe
        8⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39375.exe
        9⤵
        
        PID:17316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36490.exe
        8⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30361.exe
        8⤵
        
        PID:15424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30034.exe
        7⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28513.exe
        7⤵
        
        PID:12836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46702.exe
        7⤵
        
        PID:15028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30009.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58380.exe
        7⤵
        
        PID:12264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51222.exe
        7⤵
        
        PID:17308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24467.exe
        6⤵
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17457.exe
        6⤵
        
        PID:13068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        6⤵
        
        PID:17216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13451.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34116.exe
        7⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36436.exe
        8⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
        9⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21306.exe
        8⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        8⤵
        
        PID:12944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
        8⤵
        
        PID:17116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-722.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41764.exe
        8⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16201.exe
        7⤵
        
        PID:12888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21501.exe
        7⤵
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13202.exe
        6⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56916.exe
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60715.exe
        7⤵
        
        PID:12080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
        7⤵
        
        PID:15208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43770.exe
        6⤵
        
        PID:8528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13818.exe
        6⤵
        
        PID:10892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56482.exe
        6⤵
        
        PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59210.exe
        5⤵
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32108.exe
        6⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28868.exe
        7⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6818.exe
        7⤵
        
        PID:12872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36090.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
        6⤵
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46781.exe
        6⤵
        
        PID:17368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19922.exe
        5⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62500.exe
        6⤵
        
        PID:10628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        6⤵
        
        PID:14972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1001.exe
        5⤵
        
        PID:9128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26836.exe
        5⤵
        
        PID:13872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56227.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61972.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39492.exe
        6⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17500.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41068.exe
        8⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7098.exe
        8⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49581.exe
        8⤵
        
        PID:17172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39178.exe
        7⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22359.exe
        8⤵
        
        PID:16516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2210.exe
        7⤵
        
        PID:15056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55491.exe
        6⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58484.exe
        7⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28637.exe
        7⤵
        
        PID:16512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43978.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41883.exe
        6⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61043.exe
        5⤵
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
        6⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59132.exe
        7⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6522.exe
        7⤵
        
        PID:13120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34937.exe
        6⤵
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26123.exe
        6⤵
        
        PID:13104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62157.exe
        6⤵
        
        PID:17228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2433.exe
        5⤵
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41068.exe
        6⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38426.exe
        6⤵
        
        PID:11772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39877.exe
        6⤵
        
        PID:16948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49635.exe
        5⤵
        
        PID:8512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46474.exe
        5⤵
        
        PID:11436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63839.exe
        5⤵
        
        PID:17076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64394.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64131.exe
        5⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20892.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22386.exe
        6⤵
        
        PID:13796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26769.exe
        5⤵
        
        PID:8340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58027.exe
        5⤵
        
        PID:11044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53797.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26363.exe
      4⤵
      PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
        5⤵
        
        PID:10572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32578.exe
        5⤵
        
        PID:14556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22625.exe
      4⤵
      PID:8604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49058.exe
      4⤵
      PID:13140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38567.exe
      4⤵
      PID:16688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42858.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42858.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18532.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38812.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15371.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64204.exe
        7⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6755.exe
        8⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28898.exe
        8⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50538.exe
        8⤵
        
        PID:15276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34937.exe
        7⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26305.exe
        7⤵
        
        PID:13884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38666.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
        7⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8428 -s 636
        8⤵
        Program crash
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63419.exe
        7⤵
        
        PID:13828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
        6⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40627.exe
        6⤵
        
        PID:12300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
        6⤵
        
        PID:15324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        5⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9435.exe
        6⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54140.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48723.exe
        7⤵
        
        PID:14476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54555.exe
        6⤵
        
        PID:9156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        6⤵
        
        PID:13500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48814.exe
        6⤵
        
        PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7913.exe
        5⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
        6⤵
        
        PID:16084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44939.exe
        5⤵
        
        PID:10072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-73.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-73.exe
        5⤵
        
        PID:13452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40290.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47956.exe
        5⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
        6⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
        6⤵
        
        PID:11680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35729.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
        5⤵
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60688.exe
        6⤵
        
        PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37555.exe
        5⤵
        
        PID:11832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        5⤵
        
        PID:15768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10689.exe
      4⤵
      PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29060.exe
        5⤵
        
        PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57258.exe
        5⤵
        
        PID:13064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23019.exe
      4⤵
      PID:8156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        5⤵
        
        PID:13548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
      4⤵
      PID:11484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4010.exe
      4⤵
      PID:15212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2122.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55148.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31236.exe
        5⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24458.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33684.exe
        7⤵
        
        PID:13220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27101.exe
        7⤵
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
        6⤵
        
        PID:10504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
        6⤵
        
        PID:14604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40602.exe
        5⤵
        
        PID:7196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33684.exe
        6⤵
        
        PID:13228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27101.exe
        6⤵
        
        PID:16676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5354.exe
        5⤵
        
        PID:10324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42938.exe
        5⤵
        
        PID:15196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52787.exe
      4⤵
      PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20292.exe
        5⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5707.exe
        6⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14985.exe
        6⤵
        
        PID:15264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37834.exe
        5⤵
        
        PID:9444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        5⤵
        
        PID:13424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9125.exe
        5⤵
        
        PID:17248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13497.exe
      4⤵
      PID:7216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40212.exe
        5⤵
        
        PID:11328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        5⤵
        
        PID:17396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37539.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
      4⤵
      PID:5720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28729.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28729.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6539.exe
      4⤵
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2891.exe
        5⤵
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20922.exe
        6⤵
        
        PID:11560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        6⤵
        
        PID:15368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30522.exe
        5⤵
        
        PID:9168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48814.exe
        5⤵
        
        PID:132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40882.exe
      4⤵
      PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9179.exe
        5⤵
        
        PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12109.exe
        5⤵
        
        PID:16428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35041.exe
      4⤵
      PID:9396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58219.exe
      4⤵
      PID:9804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53797.exe
      4⤵
      PID:17060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8650.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8650.exe
    3⤵
    PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54116.exe
      4⤵
      PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15531.exe
        5⤵
        
        PID:11952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58779.exe
      4⤵
      PID:10236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
      4⤵
      PID:13156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
    3⤵
    PID:8104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48241.exe
    3⤵
    PID:10824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32746.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32746.exe
    3⤵
    PID:14492
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34682.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34682.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22940.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22940.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47260.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26996.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10379.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33156.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4915.exe
        9⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17938.exe
        9⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38234.exe
        9⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26473.exe
        8⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
        8⤵
        
        PID:11724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        8⤵
        
        PID:15432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38282.exe
        7⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
        8⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43803.exe
        8⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
        8⤵
        
        PID:15984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28393.exe
        7⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64071.exe
        8⤵
        
        PID:17196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13818.exe
        7⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45813.exe
        7⤵
        
        PID:16604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7042.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65252.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45092.exe
        8⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24276.exe
        9⤵
        
        PID:12928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31689.exe
        8⤵
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63035.exe
        8⤵
        
        PID:15728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26578.exe
        7⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8058.exe
        8⤵
        
        PID:13336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1532.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32737.exe
        7⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59749.exe
        7⤵
        
        PID:16116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17041.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18338.exe
        7⤵
        
        PID:11936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16521.exe
        7⤵
        
        PID:15864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25121.exe
        6⤵
        
        PID:9140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8322.exe
        6⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37991.exe
        6⤵
        
        PID:17068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31826.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51796.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65252.exe
        7⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17604.exe
        8⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37996.exe
        9⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40362.exe
        9⤵
        
        PID:14408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54555.exe
        8⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        8⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2346.exe
        7⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12841.exe
        7⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17762.exe
        7⤵
        
        PID:12988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37460.exe
        7⤵
        
        PID:17092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6186.exe
        6⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41068.exe
        7⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45711.exe
        8⤵
        
        PID:16604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
        8⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38426.exe
        7⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48429.exe
        7⤵
        
        PID:17008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3993.exe
        6⤵
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42258.exe
        6⤵
        
        PID:13360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21161.exe
        5⤵
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34308.exe
        6⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63932.exe
        7⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
        8⤵
        
        PID:16764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57759.exe
        8⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28898.exe
        7⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60246.exe
        7⤵
        
        PID:15848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3418.exe
        6⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43124.exe
        7⤵
        
        PID:14784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42634.exe
        6⤵
        
        PID:11464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
        6⤵
        
        PID:15184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26363.exe
        5⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19548.exe
        6⤵
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54099.exe
        6⤵
        
        PID:13848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23969.exe
        5⤵
        
        PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-922.exe
        5⤵
        
        PID:13112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62687.exe
        5⤵
        
        PID:17200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51692.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51604.exe
        6⤵
        Executes dropped EXE
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40748.exe
        7⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55076.exe
        8⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        9⤵
        
        PID:15248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41866.exe
        8⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11617.exe
        8⤵
        
        PID:13812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27530.exe
        7⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22148.exe
        8⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25844.exe
        8⤵
        
        PID:16524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57234.exe
        7⤵
        
        PID:13292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45813.exe
        7⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13394.exe
        6⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6755.exe
        7⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43316.exe
        8⤵
        
        PID:15036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36490.exe
        7⤵
        
        PID:11756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57170.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43770.exe
        6⤵
        
        PID:8536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5650.exe
        6⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45813.exe
        6⤵
        
        PID:15404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23762.exe
        5⤵
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40748.exe
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38548.exe
        7⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7347.exe
        8⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64957.exe
        8⤵
        
        PID:17296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23802.exe
        7⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54466.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1874.exe
        6⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37555.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        6⤵
        
        PID:15796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27129.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41068.exe
        6⤵
        
        PID:8212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
        6⤵
        
        PID:14260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27906.exe
        5⤵
        
        PID:10064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-603.exe
        5⤵
        
        PID:13444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21057.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35268.exe
        5⤵
        Executes dropped EXE
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16244.exe
        6⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38548.exe
        7⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50020.exe
        8⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12109.exe
        8⤵
        
        PID:16036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
        7⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51027.exe
        7⤵
        
        PID:14620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2834.exe
        6⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51188.exe
        7⤵
        
        PID:13368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
        6⤵
        
        PID:11880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29565.exe
        6⤵
        
        PID:14372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13394.exe
        5⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29060.exe
        6⤵
        
        PID:9340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4898.exe
        6⤵
        
        PID:13840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35794.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8042.exe
        5⤵
        
        PID:9352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49554.exe
        5⤵
        
        PID:12520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37261.exe
        5⤵
        
        PID:15032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37706.exe
        5⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14923.exe
        6⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4395.exe
        7⤵
        
        PID:15648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28898.exe
        6⤵
        
        PID:11448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
        6⤵
        
        PID:16256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43770.exe
        5⤵
        
        PID:8456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20732.exe
        6⤵
        
        PID:15268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13818.exe
        5⤵
        
        PID:11192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45813.exe
        5⤵
        
        PID:16724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24329.exe
      4⤵
      PID:6056
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 632
        5⤵
        Program crash
        
        PID:10032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24434.exe
      4⤵
      PID:8464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63052.exe
      4⤵
      PID:9568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35481.exe
      4⤵
      PID:15380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61795.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61795.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26700.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22580.exe
        6⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49492.exe
        7⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36244.exe
        8⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40212.exe
        9⤵
        
        PID:11308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49491.exe
        9⤵
        
        PID:14376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39650.exe
        8⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62726.exe
        8⤵
        
        PID:17340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16866.exe
        7⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
        8⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34693.exe
        8⤵
        
        PID:17016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
        7⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        7⤵
        
        PID:15752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62787.exe
        6⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 636
        7⤵
        Program crash
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2074.exe
        6⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49362.exe
        6⤵
        
        PID:10048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37261.exe
        6⤵
        
        PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2906.exe
        5⤵
        
        PID:1172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32196.exe
        6⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38548.exe
        7⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21276.exe
        8⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65531.exe
        8⤵
        
        PID:13248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56475.exe
        7⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3729.exe
        7⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46126.exe
        7⤵
        
        PID:17044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60203.exe
        6⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16023.exe
        7⤵
        
        PID:17168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16201.exe
        6⤵
        
        PID:12876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21501.exe
        6⤵
        
        PID:16728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10985.exe
        5⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63076.exe
        6⤵
        
        PID:8804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54482.exe
        6⤵
        
        PID:14516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34259.exe
        5⤵
        
        PID:8372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46474.exe
        5⤵
        
        PID:11428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64991.exe
        5⤵
        
        PID:17136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65459.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55444.exe
        5⤵
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63939.exe
        6⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20892.exe
        7⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39386.exe
        7⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
        6⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28900.exe
        7⤵
        
        PID:15228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16890.exe
        6⤵
        
        PID:13132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
        6⤵
        
        PID:16708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62490.exe
        5⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5515.exe
        6⤵
        
        PID:10084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64187.exe
        6⤵
        
        PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50123.exe
        5⤵
        
        PID:8964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25722.exe
        5⤵
        
        PID:11532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49506.exe
      4⤵
      PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50452.exe
        5⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39428.exe
        6⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29284.exe
        7⤵
        
        PID:16072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36490.exe
        6⤵
        
        PID:11696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30361.exe
        6⤵
        
        PID:15416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9090.exe
        5⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56548.exe
        6⤵
        
        PID:11080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        6⤵
        
        PID:16600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8617.exe
        5⤵
        
        PID:10968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2210.exe
        5⤵
        
        PID:15116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32803.exe
      4⤵
      PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46436.exe
        5⤵
        
        PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58307.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61882.exe
        5⤵
        
        PID:15092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62594.exe
      4⤵
      PID:7608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30890.exe
      4⤵
      PID:11688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11755.exe
      4⤵
      PID:15688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4425.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4425.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45636.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13363.exe
        5⤵
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50468.exe
        6⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29060.exe
        7⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57258.exe
        7⤵
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46387.exe
        6⤵
        
        PID:7952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        6⤵
        
        PID:13540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27042.exe
        5⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31484.exe
        6⤵
        
        PID:11304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
        5⤵
        
        PID:10088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
        5⤵
        
        PID:13480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
      4⤵
      PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2611.exe
        5⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37258.exe
        6⤵
        
        PID:11544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        6⤵
        
        PID:14868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30242.exe
        5⤵
        
        PID:9580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        5⤵
        
        PID:13532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
      4⤵
      PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33684.exe
        5⤵
        
        PID:13236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27101.exe
        5⤵
        
        PID:14360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
      4⤵
      PID:10288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10929.exe
      4⤵
      PID:13956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62091.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62091.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37868.exe
      4⤵
      PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33836.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41068.exe
        6⤵
        
        PID:8728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38426.exe
        6⤵
        
        PID:12076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49581.exe
        6⤵
        
        PID:16964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39266.exe
        5⤵
        
        PID:8452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
        5⤵
        
        PID:11500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44011.exe
        5⤵
        
        PID:14584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6290.exe
      4⤵
      PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54140.exe
        5⤵
        
        PID:10252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32666.exe
        5⤵
        
        PID:13896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43978.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42258.exe
      4⤵
      PID:13328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12025.exe
    3⤵
    PID:3288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10779.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44156.exe
        5⤵
        
        PID:10536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
        5⤵
        
        PID:14712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30242.exe
      4⤵
      PID:9260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
      4⤵
      PID:11232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
      4⤵
      PID:17052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
    3⤵
    PID:7176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62988.exe
      4⤵
      PID:10928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
      4⤵
      PID:15336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29404.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29404.exe
    3⤵
    PID:5724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22601.exe
    3⤵
    PID:13976
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32844.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21900.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13451.exe
        6⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32196.exe
        7⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63740.exe
        8⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53403.exe
        8⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
        8⤵
        
        PID:15904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3034.exe
        7⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
        7⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        7⤵
        
        PID:15220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3305.exe
        6⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44156.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        7⤵
        
        PID:14988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35707.exe
        6⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49554.exe
        6⤵
        
        PID:12924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37261.exe
        6⤵
        
        PID:17144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4442.exe
        5⤵
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33924.exe
        6⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13771.exe
        7⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36490.exe
        7⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38530.exe
        7⤵
        
        PID:15392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13314.exe
        6⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        7⤵
        
        PID:16480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32073.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22387.exe
        6⤵
        
        PID:15856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28195.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64156.exe
        6⤵
        
        PID:11812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
        5⤵
        
        PID:9388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33018.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54327.exe
        5⤵
        
        PID:17036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18946.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63716.exe
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63052.exe
        6⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22148.exe
        7⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        7⤵
        
        PID:15472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50035.exe
        6⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35506.exe
        5⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
        6⤵
        
        PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37555.exe
        5⤵
        
        PID:11816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        5⤵
        
        PID:15760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60850.exe
      4⤵
      PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12154.exe
        5⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8131.exe
        6⤵
        
        PID:13196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55130.exe
        5⤵
        
        PID:11256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2210.exe
        5⤵
        
        PID:15064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62507.exe
      4⤵
      PID:8052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        5⤵
        
        PID:13964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3705.exe
      4⤵
      PID:10840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42546.exe
      4⤵
      PID:14472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56227.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56227.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55148.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4043.exe
        5⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50468.exe
        6⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29060.exe
        7⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        7⤵
        
        PID:13804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30242.exe
        6⤵
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        6⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
        6⤵
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35210.exe
        5⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50316.exe
        6⤵
        
        PID:13080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6401.exe
        5⤵
        
        PID:8960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12185.exe
        5⤵
        
        PID:16132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21458.exe
      4⤵
      PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63052.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        6⤵
        
        PID:14892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5161.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44011.exe
        5⤵
        
        PID:14572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15609.exe
      4⤵
      PID:8032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
        5⤵
        
        PID:11276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
        5⤵
        
        PID:16444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12370.exe
      4⤵
      PID:10960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31529.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6155.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54884.exe
        5⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
        6⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50035.exe
        5⤵
        
        PID:10144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        6⤵
        
        PID:14324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62162.exe
        5⤵
        
        PID:13916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19170.exe
      4⤵
      PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        5⤵
        
        PID:13556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63874.exe
      4⤵
      PID:10876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2210.exe
      4⤵
      PID:15048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
    3⤵
    PID:6136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61732.exe
      4⤵
      PID:9052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22194.exe
      4⤵
      PID:13760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40970.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40970.exe
    3⤵
    PID:8472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51292.exe
      4⤵
      PID:14812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54155.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54155.exe
    3⤵
    PID:12256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
    3⤵
    PID:15508
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32579.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32579.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2387.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2387.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55148.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24308.exe
        5⤵
        
        PID:116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20380.exe
        6⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1763.exe
        7⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65031.exe
        8⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29105.exe
        7⤵
        
        PID:13908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23314.exe
        6⤵
        
        PID:8500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
        6⤵
        
        PID:11768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
        6⤵
        
        PID:14596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58371.exe
        5⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24674.exe
        6⤵
        
        PID:11172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
        6⤵
        
        PID:14504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4665.exe
        5⤵
        
        PID:11220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42546.exe
        5⤵
        
        PID:14440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61043.exe
      4⤵
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40778.exe
        5⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41068.exe
        6⤵
        
        PID:6816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38426.exe
        6⤵
        
        PID:11424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39877.exe
        6⤵
        
        PID:17180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18601.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57067.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
        5⤵
        
        PID:16568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52402.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53564.exe
        5⤵
        
        PID:8948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57258.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64347.exe
      4⤵
      PID:8660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
      4⤵
      PID:13148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21501.exe
      4⤵
      PID:16744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9818.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40748.exe
      4⤵
      PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36436.exe
        5⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
        6⤵
        
        PID:10904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        6⤵
        
        PID:16696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39650.exe
        5⤵
        
        PID:10132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34587.exe
        5⤵
        
        PID:11624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-722.exe
      4⤵
      PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45132.exe
        5⤵
        
        PID:13168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6505.exe
      4⤵
      PID:10932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2210.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19153.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19153.exe
    3⤵
    PID:5184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
      4⤵
      PID:7120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9978.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16521.exe
      4⤵
      PID:15884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34259.exe
    3⤵
    PID:8364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59652.exe
      4⤵
      PID:14904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5153.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5153.exe
    3⤵
    PID:12276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4485.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4485.exe
    3⤵
    PID:16496
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11266.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11266.exe
    3⤵
    PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1251.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5875.exe
        5⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
        6⤵
        
        PID:14748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-834.exe
        5⤵
        
        PID:8568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28721.exe
        5⤵
        
        PID:5872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35698.exe
      4⤵
      PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
        5⤵
        
        PID:9600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15370.exe
        5⤵
        
        PID:13880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16201.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21501.exe
      4⤵
      PID:16016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
    3⤵
    PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
      4⤵
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35148.exe
        5⤵
        
        PID:14980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43803.exe
      4⤵
      PID:12024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
      4⤵
      PID:15976
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15976 -s 468
        5⤵
        Program crash
        
        PID:17388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58946.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58946.exe
    3⤵
    PID:8656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32826.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32826.exe
    3⤵
    PID:11180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54327.exe
    3⤵
    PID:17160
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37082.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37082.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28932.exe
    3⤵
    PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27780.exe
      4⤵
      PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61644.exe
        5⤵
        
        PID:10972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        5⤵
        
        PID:15100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22354.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        5⤵
        
        PID:15492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27657.exe
      4⤵
      PID:12308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45742.exe
      4⤵
      PID:16956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26658.exe
    3⤵
    PID:6776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
      4⤵
      PID:11268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
      4⤵
      PID:17384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
    3⤵
    PID:9592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
    3⤵
    PID:13276
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5923.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5923.exe
  2⤵
  PID:5500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
    3⤵
    PID:7704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
    3⤵
    PID:11748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
    3⤵
    PID:15448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51289.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51289.exe
  2⤵
  PID:6832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50316.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50316.exe
    3⤵
    PID:12536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42861.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42861.exe
    3⤵
    PID:17024
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
  2⤵
  PID:11140
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29738.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29738.exe
  2⤵
  PID:14524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5392 -ip 5392
1⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 6056 -ip 6056
1⤵
PID:8380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4244 -ip 4244
1⤵
PID:9816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 14748 -ip 14748
1⤵
PID:12860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 8428 -ip 8428
1⤵
PID:920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 15012 -ip 15012
1⤵
PID:17304

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe

Filesize
468KB

MD5
bead6ac86b64d0ef0b7b386eee13ecfb

SHA1
e4afe5154fd741204e596d002dd79b53fe8ecce4

SHA256
f98537f3ee4e3ac136841b40604471dbb2868e8e214e44d6943e4ac40138d01f

SHA512
a9512283578b2e98ec4b237774fa5c736a089c3ba45d63a11e9d16b3b6977312a344878fda811e6003d170bcca7ea4c6463cc89c50dd059670beafd039ea9992

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe

Filesize
468KB

MD5
0c0becc26894178e8ed2955c49fba65a

SHA1
beaf4c0f6c359decadca69a7a41ea239e32a3537

SHA256
f5a68f76fb69d7b2c55ce47abc38ef4f9ab1a110c69e901ada71ae2129953328

SHA512
2f165b22cd4739a7aacb689ad206fc1e60b205bebba87800bcdb57d77eeb7ba125e3cc3367714b7b2671ea8c22a33fd41d2f9ed219410f76bd277efe42c7e6b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13515.exe

Filesize
468KB

MD5
c0e32e29f94fd8649a41e73843e8c55e

SHA1
12081bf082ba9488b561bf0bb46079136fd1927c

SHA256
7e68f631cf7108efdd5525969dca289b6943c4a6b5ac9bacbafc368519170732

SHA512
85d46cc1806d00736e8f87091687e6bf43891f2550ef5dd8b08dedacfae1f416fd8973655e7df8703ea6e079ff561ccef3808dbac8c120fb0aa0a7daa588d630

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe

Filesize
468KB

MD5
84db5db10bfb760930e17fb66b744390

SHA1
50eed2a3b29e13b31aef21c9025d48e8e66eb7e1

SHA256
3d86ec8df9b4714a92fa4e79abf1d9c289182be55e1c9e512af120b11f60e08f

SHA512
23e669c31180c6e0dcc862d84f8a7fc325b4962ceb9ea277675cd96dd2b1a931715f1d6a7f69209907311604a24aa2c35a3c39d88031abb80010466bb8575ce4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18532.exe

Filesize
468KB

MD5
c0d07796219e204ba07ea2be52ae8b2b

SHA1
6472eb26a1ea033b8367b0a1c84749d0ec3592d7

SHA256
6d9a7afc943e0befcc7d916d9373400b08924e76bb93d94ebc8d6a78513ca195

SHA512
15cde40781a3382c486e94924b1ffcf77b1d6c36370a426efc2448fb8b3c25fafe170bb4c13965f84a2f74aee4507fbef5e04d805a6085d9c454ebb7c4f873e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2122.exe

Filesize
468KB

MD5
5b15dde9a4b78543dccd4a6f1e6bf305

SHA1
4a958ed8d35d5c83ed29a61ce8cd454dce00f5a5

SHA256
ba3e2191a1ba4ef79118bd16c375bffa96f40ad28918f018fc99b9c6cdd0bd89

SHA512
d98f77bbfda0980c4d536fe4bb477b850e79614176db4b52d59117b8946b0bc9a254e960e9df68490c49dd0a22ad29624a98f52f119775ade6718b705167c072

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22668.exe

Filesize
468KB

MD5
832b469b2c7b7a830a83c1dfa7c6fc06

SHA1
110973aeee250e00240e0a4c4a24d410a02ab9f6

SHA256
068236afe013f36f824acd8bdc2ace99ecc2669659457ca67a512ced413ddab2

SHA512
db642aa205390345fd2e043f5c8241fea0a7a4ae3bcf6be31d7240c7d91ebd6c3c3f734c8f8d852f079b4c049d2640bf4bc377ffa7226551829b01ecc609d0a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22940.exe

Filesize
468KB

MD5
4bc5a6d86fc2611a3a57578a027192e8

SHA1
86babe65c057276c6fc9420356ef86194eb8c6e1

SHA256
467de33d36285ce828cd361018e505fe949b5920797a8571cc3ba5ded4f31791

SHA512
1f8cc4cb29cf619a57e6953869c5281c99b8c1328c146f1c2abcb7398dd2f844b1ecd6a3ee0a424fd50793f40e9ae44e2f0812b75281b414a7d885bed5c923cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2387.exe

Filesize
468KB

MD5
d8f5211f409c413dd1d26c45fd9d4916

SHA1
f3e66210efe936c0f74ff1d260560861044236a3

SHA256
40e1b76256660e97cd926ca23627ccf9e540124ac515258f37d50d1779af6e4d

SHA512
fde8550c66f20638710dc2e42e0f6e25c8e469c6e0b464dedfcaae06c6a867054856cd97c8fc2ca02ba7c2cc2808802b2cc16e26aba696ad580c8d20070c7fe8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26700.exe

Filesize
468KB

MD5
f37cd8fb475c80f0fdd9b0e6f81b0696

SHA1
a15f17ea01da7e7b280795f4714e905dee04259e

SHA256
693c908352272f8a82405945b0198137e4e2476c83745f7b3bff3ac226eeb51a

SHA512
49207c6468cd63306d6c555da231b191ab9886c77bee1029e6efbd998601699d12e6dabc71539cf4368a292b90cf850573290722c732664540a0336a472ba23f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26996.exe

Filesize
468KB

MD5
33f85c7c662a3b2e345d1fa9ee56c265

SHA1
26cc57ae8d038e172d55172b3e00d7e72fec4745

SHA256
29831e0f8fd480606770fbb6adab8362fd88283b3033aabc4b13f41bc35aaa73

SHA512
21454a0bf036cf0e1cb4bcd7cedafa0d511770874558575538ad2c9ee33fa5c9692ab162ad362c71592c5e40042475688403857e78476da1f99ef05356a14003

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28162.exe

Filesize
468KB

MD5
0a1803cdc6ef75476f4c4fa62e756ede

SHA1
75af4e1841a159a3938cfad3b04f0dfedecf46ec

SHA256
969af5f6d1aa250398d31fa0271b07de0eca725ed91f427cb666600e399664fd

SHA512
8a6b6b809abc60f4176c1ae575e9f35b0c5d8b69f1cf49f8dbedf3a6c7a19ab0cd240b4159a8d8087eece3cc83edeb3e610437709bd37c14f22e1bb188532dd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32579.exe

Filesize
468KB

MD5
236a1b71fe4f6526a937f056ee0fc847

SHA1
c3ff488c5b6293768aea75265d4926158956940b

SHA256
990f982b6356c1bb5366a99bb0eaf5db8ed79e8e835daad22805acef2c767cb6

SHA512
9cb8c3a8f30efb41d920a3ee0b169e9e39f32b4e10418ebd81853e12cd5c30cdd0be2c913e6ce9cb6ad3b28d4b7dc00b02be9cbb9053e06d3478c485464cc6d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32844.exe

Filesize
468KB

MD5
c2d8b672bde534a2845727f90668c9ff

SHA1
11d8d932df3c85f439e5b6f98b99c8f9be28641c

SHA256
bb328589d039128a0434d2495cc193e39e8624330ba33bf23f008f7afd1a0416

SHA512
8f789b0b1c20145cf4f9c887fd932ea870c0224148c29e66a18be6582dddbf0a834fe11084d6718649fb6b99cef9407db1e9e83acc03ea41c353af0a76ea086d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34682.exe

Filesize
468KB

MD5
2602ab42c039267cf3ac25ddad18f858

SHA1
512a9ab570f7f72d36db48d8541aa1dd476174a7

SHA256
8a99023ce1ac498d6922961f69e0ca597be949f73925703991c95d90e810dfd4

SHA512
64f100b93dfb49a25b9e2acfaecbb96da9047e34f979f0958bc70c915efa04924aac772c1bcae7ea4a044646b990ee19c3dd1302bac4363f63fd422ae6e22c37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38266.exe

Filesize
468KB

MD5
c1eef1025b27f4f8058a23faea1cfdba

SHA1
9f223d338cd7606e5c11adf485ed4947bcdb0d1f

SHA256
15d669b7766939cb30403c392bf3a37a86c24b0c57a92dc2083ebcc7cc5d8581

SHA512
428a1b7a1423fe490b18836ce73041ec5d33a6ac430b7528196f51ad4a7d82291402602c4ad44730d464ffb94815f5e2ebfd56d94afafe1c21e14b22ca1a7294

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42570.exe

Filesize
468KB

MD5
19b7f8addf62abaf6d26aec0e4d93662

SHA1
3d343fbea208a5d6e67cb1b69515f04f98af89cb

SHA256
f5dd64b781b80d99633e69f61bb132dad002129dde3e9c319a4b27d42662797f

SHA512
dc8c745dea871d67b7755ab0d96f38210f91e6877a39b22c8650d860141691e69f5ed5abf05d85eb2092201e2db830263fa4ea27436db7994bb9c327b652296f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42858.exe

Filesize
468KB

MD5
f8163252a0a294ec9db885e7f27773fb

SHA1
05e7676a65ba8d987a0c5c7000031bcd3add6048

SHA256
1c9ed3ed0498fc87ca9136e636bcc3a5fb8ac213bdbeca0e3457aa1ab68ffcde

SHA512
4ba117b10e8e50e2e742627bc4008309222a51a06e33d0d285409df94c9f3bfdab753afb3d400fea4760fe7ec2bb8b0981bb83be344426b335a8f737ac54426c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43036.exe

Filesize
468KB

MD5
62d911f7c032a2594d7407987b76abb8

SHA1
05b01f1cdf8d5f18bded32d77d8bc3fac36fcb6d

SHA256
67b719611b60030ec42f86749ed37b04c130715fefe006c3e78b485c88e8d7d8

SHA512
8f457695678af0a64a531510ea385f6ded6aec4a66f1d977961556f6bed0dbcc3410397567136b4aeb77c4fbfd2d554a92a0a5ea7bff58ecb14aead88c122194

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43972.exe

Filesize
468KB

MD5
682a97f8db8ea37e2d6d747622ae6a69

SHA1
48feb7f605894452e54effe98d5e63ced51dc46c

SHA256
5df1d0c7723d33f196adff8a040629de888331e0ba67a8fee76545a15a6938ab

SHA512
fbb90469d5d77ddf7abe9e6b3096faa4ad2c2ce5770c7459a4db0b64d61b1501638ea4b7ce9a532610b376ec6d8bf91aba2b6bc92b44b73af032ff199685c32a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44188.exe

Filesize
468KB

MD5
a4ea64889653948c8e4d82f3e034f1d0

SHA1
dc6d108dcfe11b5fa465864be0854c4b3fb70ac3

SHA256
a77377be557591b0812eef083042fb8046d9c6d9153944b884d96a18648196b4

SHA512
43660bf1b6e30f3c2376dc6f1f51fcf6353ccaf4d31ca87555ae0653342fec68b09fd5d615f7989eae354c60bbbd3dde647876d216c4d1292a86c85e04e4c8b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4425.exe

Filesize
468KB

MD5
74884b5bc76eadc8cecf003484653540

SHA1
fe3aae8de832f006ab27202732c68c4d673f7e40

SHA256
c61ced500a2996ecee512633e92e1cf9f9f7911526b95a82f370129e55c4f949

SHA512
e4f3d64cffb92e2fca0900b7665dea05add59214ea9958e17216864196908931692a748b06dff3eb6698ec54369fa6de13a54ec26cd98d55ba61ed07ce6a8f94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47260.exe

Filesize
468KB

MD5
50856e84b0dfd2b26e9bcee49357df34

SHA1
a071e14af3debe2d0e05d7451b34a66727586b9e

SHA256
cf71d6c21d64d084c0e84dc8b2c7ce751de77b0ecfb13f8c67460eecbf2fc0a5

SHA512
d983a8e236ef5112fbb0671b99bfec1d10e3271d0c61c72df4b32b480c1ec536b367cc31c254f57e00bcc7c6e7e10341eb02488ead7dbf6ce409c51eca8202d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49402.exe

Filesize
468KB

MD5
5000a3f966a79c925a3a40938c306873

SHA1
67d44728ef573cf6782b3023914424c217bf33b5

SHA256
0cf671d8d78db243761ec0e23dac8963dfda2d3f82b5614302127671aeca57e4

SHA512
861e135539af9c7b0a187ea8233ca93ab28ea8fa863a2b5bb06fa103e872644022ad6a52a33341e6923782496aaa95910bb0265658f72a24df366d829a725bc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56227.exe

Filesize
468KB

MD5
900da67c7667687a8f5bd00a838b0a08

SHA1
6d9c03792923d6a013bf38d05cb8a741741c29c2

SHA256
4f8d41a9297d35f8e351c990bea71393e41f20e4c8a5044b9f98991a9015c46d

SHA512
b9a18bc4685d5259dd6349566fa5e8a015ca730ff3deb744d2079399a9e85e80de04a65a650aa945774912fd6f884c847ec641885797eb5497ecf8d38be35bfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe

Filesize
468KB

MD5
1aaad822522b04aad589f8b3ca59d606

SHA1
cef7a03e62504611f76c61eb1f08ef0cf934ccbf

SHA256
24815cfdce0b2f3d20ea526ec0f42393af9535af172705dd34c364ce99e59e95

SHA512
53e0a7b0f4278778fc33ef3de639de53bc97d67e98b2e84aeaad09fdd79dd61ef887e5b64e544a2a73140555b6dc4c3e9be05841bf6c33df733d97b8de779355

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe

Filesize
468KB

MD5
6618acc28a128e530c55eb1cd9b8df1d

SHA1
c083f88a887f56ba1e093450cf849c01aae6c160

SHA256
5f1d50684ea256ffd31de861fed7d005cf41fb6f5dc34ca2a14ebf6c96500e17

SHA512
efddbd2c6898a6eb295c97bcf675208e1c38d6a74d7087fd3060a639e68f26fdc68c14a350dcd76e5002c98473358e85cda5a9d740c948e4c5fe03e206ebd7e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58132.exe

Filesize
468KB

MD5
0578523a5ad927cab2d27aa2593c9489

SHA1
3b2c4d97e30f1d2eeaca8c471c3a5b6929a1f188

SHA256
16711de359b1c04f049cfcc09871cc81c5f0cb288e0c759ab835da413d1f85ef

SHA512
d73b5d0230c68a4212557f1c45e20bcfdce200ef637a758291a7b1e09380d9118038ebb5ab09ad76c0e06d8a030609402e8c11075ba3504d9236d5900daed6f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61795.exe

Filesize
468KB

MD5
f88c2349fd848de5a8cbecd238c36475

SHA1
875f5fe609fcf71d7bf5e110c028fad4fa718f19

SHA256
115a5133b592d7273ab55894954d22e603c6e8c37c0d3c2de88293fad377c2be

SHA512
16559c00d06d81cfaf75b5417824587a84ec605dc10f6f71bfed60703fa6e61213ea3c2a6ca29447af5ae6fc36ffa3ac21d35a0c1b19cda9afc00edebe1b22a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe

Filesize
468KB

MD5
a8f8ae040f0ac3b8b05954a8b371c3e2

SHA1
964a1907509b7b91b654806d0f37b19b67022f54

SHA256
b12060be01ee626ff5a750932aec74faad1f9c69a64b7294526dd186c5a088d1

SHA512
053fad35a1a39fc5792b6fc99bd9d2273fca449d671a7d5935f8bcbb39503ff1085e66a21860f53db4c8233085a94b25654d96884178e30e832d51307b7a2d43

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7955.exe

Filesize
468KB

MD5
bbf3ff01c0d5dc6c4e2eddc7cb2a8e24

SHA1
1e95fd9465987ac487e3cfb8515ba7aa4f53c0ee

SHA256
a5cc406dcceddf6dfccd6e108efc02a1235794379d04538f9e3d9f5d0705c2b1

SHA512
293d38215c2e1da79fa743b675741dee6bd4df2876fe2e186191ef26f440002c792032c7252fb0a59124daf37e234129c9754594f9e45ae850c3df5f26b78769

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads