5b70a365b859125dff59c826d581f5c7987efb1e8173d6207bc8e1a1ca7969b6

Analysis

max time kernel
118s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 10:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b70a365b859125dff59c826d581f5c7987efb1e8173d6207bc8e1a1ca7969b6N.exe
Size

468KB
MD5

5df9002a5f88bf92b64c3fed7805e090
SHA1

11ee9ce754bac8802d8a05d7f690ebb0f76d127e
SHA256

5b70a365b859125dff59c826d581f5c7987efb1e8173d6207bc8e1a1ca7969b6
SHA512

dc5c9d6f6ddafdb08851287b9e1ca5409eade94abecca52198f80c2f278d5828f4163053a3949ad554e926da26069bdd3527ca766469c77234f58dc5383e27c4
SSDEEP

3072:KbIKog/nI95UtFYhPAtjcf8/qCMSCzgpacDHeGVf99Lu8m56uOwlG:KbloJ7UtAPsjcf9cEs9Lny6uO

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1620	Unicorn-10297.exe
2404	Unicorn-41154.exe
2380	Unicorn-17204.exe
1732	Unicorn-39182.exe
4888	Unicorn-39182.exe
1976	Unicorn-11148.exe
1524	Unicorn-24883.exe
4672	Unicorn-5881.exe
4780	Unicorn-30386.exe
2664	Unicorn-10520.exe
2480	Unicorn-22218.exe
2692	Unicorn-2352.exe
712	Unicorn-46457.exe
1828	Unicorn-40592.exe
3524	Unicorn-41568.exe
3860	Unicorn-52690.exe
3536	Unicorn-44522.exe
1748	Unicorn-56012.exe
3172	Unicorn-64942.exe
4412	Unicorn-58865.exe
1500	Unicorn-7063.exe
3236	Unicorn-13193.exe
856	Unicorn-13193.exe
5020	Unicorn-37433.exe
428	Unicorn-17832.exe
2116	Unicorn-37698.exe
4084	Unicorn-37698.exe
5096	Unicorn-19315.exe
4816	Unicorn-5580.exe
3264	Unicorn-28827.exe
2472	Unicorn-34958.exe
4600	Unicorn-52254.exe
2276	Unicorn-27920.exe
4948	Unicorn-47786.exe
912	Unicorn-60593.exe
1660	Unicorn-9876.exe
4292	Unicorn-35342.exe
4300	Unicorn-35342.exe
4728	Unicorn-53716.exe
4452	Unicorn-63930.exe
3596	Unicorn-39980.exe
1396	Unicorn-34639.exe
4732	Unicorn-36686.exe
4744	Unicorn-40008.exe
1596	Unicorn-48938.exe
3068	Unicorn-65274.exe
880	Unicorn-24242.exe
2220	Unicorn-24242.exe
1760	Unicorn-40313.exe
2408	Unicorn-40578.exe
4460	Unicorn-46700.exe
4080	Unicorn-28880.exe
1984	Unicorn-3364.exe
4916	Unicorn-3629.exe
432	Unicorn-3629.exe
3632	Unicorn-27811.exe
1552	Unicorn-27811.exe
1364	Unicorn-49301.exe
3944	Unicorn-48409.exe
2880	Unicorn-28866.exe
2104	Unicorn-4916.exe
1992	Unicorn-16348.exe
2124	Unicorn-13489.exe
4376	Unicorn-55077.exe

Program crash 9 IoCs

pid	pid_target	Process	procid_target
8028	5680	WerFault.exe	226
11032	10008	WerFault.exe	453
10248	10016	WerFault.exe	452
10864	7272	WerFault.exe	329
15624	17316	WerFault.exe	855
16732	11588	WerFault.exe	695
9296	5224	Process not Found	1080
9544	2564	Process not Found	999
18096	18356	Process not Found	1159

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28542.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4696.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32346.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53436.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18571.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30473.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17147.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39182.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9555.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59028.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33912.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4703.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30473.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13401.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56585.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48973.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16704.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52560.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21728.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37714.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9876.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61590.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13639.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50476.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25256.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	17852	Process not Found
Token: SeChangeNotifyPrivilege	17852	Process not Found
Token: 33	17852	Process not Found
Token: SeIncBasePriorityPrivilege	17852	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3164	5b70a365b859125dff59c826d581f5c7987efb1e8173d6207bc8e1a1ca7969b6N.exe
1620	Unicorn-10297.exe
2404	Unicorn-41154.exe
2380	Unicorn-17204.exe
4888	Unicorn-39182.exe
1732	Unicorn-39182.exe
1976	Unicorn-11148.exe
1524	Unicorn-24883.exe
4780	Unicorn-30386.exe
2664	Unicorn-10520.exe
4672	Unicorn-5881.exe
2480	Unicorn-22218.exe
1828	Unicorn-40592.exe
712	Unicorn-46457.exe
2692	Unicorn-2352.exe
3524	Unicorn-41568.exe
3860	Unicorn-52690.exe
1748	Unicorn-56012.exe
3536	Unicorn-44522.exe
3172	Unicorn-64942.exe
5020	Unicorn-37433.exe
856	Unicorn-13193.exe
3236	Unicorn-13193.exe
4412	Unicorn-58865.exe
1500	Unicorn-7063.exe
428	Unicorn-17832.exe
5096	Unicorn-19315.exe
2116	Unicorn-37698.exe
4084	Unicorn-37698.exe
4816	Unicorn-5580.exe
3264	Unicorn-28827.exe
2472	Unicorn-34958.exe
4600	Unicorn-52254.exe
2276	Unicorn-27920.exe
4948	Unicorn-47786.exe
912	Unicorn-60593.exe
1660	Unicorn-9876.exe
4300	Unicorn-35342.exe
4292	Unicorn-35342.exe
4452	Unicorn-63930.exe
4728	Unicorn-53716.exe
3596	Unicorn-39980.exe
4732	Unicorn-36686.exe
1396	Unicorn-34639.exe
4744	Unicorn-40008.exe
880	Unicorn-24242.exe
3068	Unicorn-65274.exe
2220	Unicorn-24242.exe
1596	Unicorn-48938.exe
2408	Unicorn-40578.exe
4916	Unicorn-3629.exe
1760	Unicorn-40313.exe
4460	Unicorn-46700.exe
4080	Unicorn-28880.exe
3632	Unicorn-27811.exe
1364	Unicorn-49301.exe
1552	Unicorn-27811.exe
1984	Unicorn-3364.exe
432	Unicorn-3629.exe
3944	Unicorn-48409.exe
2880	Unicorn-28866.exe
2104	Unicorn-4916.exe
1992	Unicorn-16348.exe
2124	Unicorn-13489.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3164 wrote to memory of 1620	3164	5b70a365b859125dff59c826d581f5c7987efb1e8173d6207bc8e1a1ca7969b6N.exe	86
PID 3164 wrote to memory of 1620	3164	5b70a365b859125dff59c826d581f5c7987efb1e8173d6207bc8e1a1ca7969b6N.exe	86
PID 3164 wrote to memory of 1620	3164	5b70a365b859125dff59c826d581f5c7987efb1e8173d6207bc8e1a1ca7969b6N.exe	86
PID 1620 wrote to memory of 2404	1620	Unicorn-10297.exe	87
PID 1620 wrote to memory of 2404	1620	Unicorn-10297.exe	87
PID 1620 wrote to memory of 2404	1620	Unicorn-10297.exe	87
PID 3164 wrote to memory of 2380	3164	5b70a365b859125dff59c826d581f5c7987efb1e8173d6207bc8e1a1ca7969b6N.exe	88
PID 3164 wrote to memory of 2380	3164	5b70a365b859125dff59c826d581f5c7987efb1e8173d6207bc8e1a1ca7969b6N.exe	88
PID 3164 wrote to memory of 2380	3164	5b70a365b859125dff59c826d581f5c7987efb1e8173d6207bc8e1a1ca7969b6N.exe	88
PID 2404 wrote to memory of 4888	2404	Unicorn-41154.exe	90
PID 2404 wrote to memory of 4888	2404	Unicorn-41154.exe	90
PID 2404 wrote to memory of 4888	2404	Unicorn-41154.exe	90
PID 2380 wrote to memory of 1732	2380	Unicorn-17204.exe	89
PID 2380 wrote to memory of 1732	2380	Unicorn-17204.exe	89
PID 2380 wrote to memory of 1732	2380	Unicorn-17204.exe	89
PID 1620 wrote to memory of 1976	1620	Unicorn-10297.exe	92
PID 1620 wrote to memory of 1976	1620	Unicorn-10297.exe	92
PID 1620 wrote to memory of 1976	1620	Unicorn-10297.exe	92
PID 3164 wrote to memory of 1524	3164	5b70a365b859125dff59c826d581f5c7987efb1e8173d6207bc8e1a1ca7969b6N.exe	91
PID 3164 wrote to memory of 1524	3164	5b70a365b859125dff59c826d581f5c7987efb1e8173d6207bc8e1a1ca7969b6N.exe	91
PID 3164 wrote to memory of 1524	3164	5b70a365b859125dff59c826d581f5c7987efb1e8173d6207bc8e1a1ca7969b6N.exe	91
PID 4888 wrote to memory of 4672	4888	Unicorn-39182.exe	93
PID 4888 wrote to memory of 4672	4888	Unicorn-39182.exe	93
PID 4888 wrote to memory of 4672	4888	Unicorn-39182.exe	93
PID 1976 wrote to memory of 4780	1976	Unicorn-11148.exe	94
PID 1976 wrote to memory of 4780	1976	Unicorn-11148.exe	94
PID 1976 wrote to memory of 4780	1976	Unicorn-11148.exe	94
PID 2380 wrote to memory of 2664	2380	Unicorn-17204.exe	95
PID 2380 wrote to memory of 2664	2380	Unicorn-17204.exe	95
PID 2380 wrote to memory of 2664	2380	Unicorn-17204.exe	95
PID 1524 wrote to memory of 2480	1524	Unicorn-24883.exe	96
PID 1524 wrote to memory of 2480	1524	Unicorn-24883.exe	96
PID 1524 wrote to memory of 2480	1524	Unicorn-24883.exe	96
PID 2404 wrote to memory of 2692	2404	Unicorn-41154.exe	97
PID 2404 wrote to memory of 2692	2404	Unicorn-41154.exe	97
PID 2404 wrote to memory of 2692	2404	Unicorn-41154.exe	97
PID 3164 wrote to memory of 712	3164	5b70a365b859125dff59c826d581f5c7987efb1e8173d6207bc8e1a1ca7969b6N.exe	99
PID 3164 wrote to memory of 712	3164	5b70a365b859125dff59c826d581f5c7987efb1e8173d6207bc8e1a1ca7969b6N.exe	99
PID 3164 wrote to memory of 712	3164	5b70a365b859125dff59c826d581f5c7987efb1e8173d6207bc8e1a1ca7969b6N.exe	99
PID 1620 wrote to memory of 1828	1620	Unicorn-10297.exe	98
PID 1620 wrote to memory of 1828	1620	Unicorn-10297.exe	98
PID 1620 wrote to memory of 1828	1620	Unicorn-10297.exe	98
PID 1732 wrote to memory of 3524	1732	Unicorn-39182.exe	100
PID 1732 wrote to memory of 3524	1732	Unicorn-39182.exe	100
PID 1732 wrote to memory of 3524	1732	Unicorn-39182.exe	100
PID 712 wrote to memory of 3860	712	Unicorn-46457.exe	101
PID 712 wrote to memory of 3860	712	Unicorn-46457.exe	101
PID 712 wrote to memory of 3860	712	Unicorn-46457.exe	101
PID 4780 wrote to memory of 3536	4780	Unicorn-30386.exe	102
PID 4780 wrote to memory of 3536	4780	Unicorn-30386.exe	102
PID 4780 wrote to memory of 3536	4780	Unicorn-30386.exe	102
PID 3164 wrote to memory of 1748	3164	5b70a365b859125dff59c826d581f5c7987efb1e8173d6207bc8e1a1ca7969b6N.exe	103
PID 3164 wrote to memory of 1748	3164	5b70a365b859125dff59c826d581f5c7987efb1e8173d6207bc8e1a1ca7969b6N.exe	103
PID 3164 wrote to memory of 1748	3164	5b70a365b859125dff59c826d581f5c7987efb1e8173d6207bc8e1a1ca7969b6N.exe	103
PID 2664 wrote to memory of 3172	2664	Unicorn-10520.exe	104
PID 2664 wrote to memory of 3172	2664	Unicorn-10520.exe	104
PID 2664 wrote to memory of 3172	2664	Unicorn-10520.exe	104
PID 2380 wrote to memory of 1500	2380	Unicorn-17204.exe	106
PID 2380 wrote to memory of 1500	2380	Unicorn-17204.exe	106
PID 2380 wrote to memory of 1500	2380	Unicorn-17204.exe	106
PID 1976 wrote to memory of 4412	1976	Unicorn-11148.exe	105
PID 1976 wrote to memory of 4412	1976	Unicorn-11148.exe	105
PID 1976 wrote to memory of 4412	1976	Unicorn-11148.exe	105
PID 4672 wrote to memory of 856	4672	Unicorn-5881.exe	108

C:\Users\Admin\AppData\Local\Temp\5b70a365b859125dff59c826d581f5c7987efb1e8173d6207bc8e1a1ca7969b6N.exe
"C:\Users\Admin\AppData\Local\Temp\5b70a365b859125dff59c826d581f5c7987efb1e8173d6207bc8e1a1ca7969b6N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10297.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10297.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41154.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39182.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5881.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13193.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24242.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        8⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26614.exe
        9⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23542.exe
        10⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14120.exe
        10⤵
        
        PID:15560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33867.exe
        10⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5404.exe
        9⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
        9⤵
        
        PID:16056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        9⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49509.exe
        8⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        9⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14120.exe
        9⤵
        
        PID:15572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
        9⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44412.exe
        8⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24873.exe
        8⤵
        
        PID:14640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43.exe
        8⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52337.exe
        7⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60822.exe
        8⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        9⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31106.exe
        10⤵
        
        PID:14904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33160.exe
        10⤵
        
        PID:17400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9495.exe
        9⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30100.exe
        8⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19007.exe
        8⤵
        
        PID:14700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17147.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55652.exe
        7⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7789.exe
        8⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31941.exe
        8⤵
        
        PID:14992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42220.exe
        8⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3632.exe
        7⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55808.exe
        7⤵
        
        PID:15912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        7⤵
        
        PID:17184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49301.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6665.exe
        7⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57122.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43578.exe
        9⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9495.exe
        9⤵
        
        PID:12372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52761.exe
        9⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14487.exe
        8⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35117.exe
        8⤵
        
        PID:14568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34324.exe
        7⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44878.exe
        8⤵
        
        PID:12728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47369.exe
        8⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
        7⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10085.exe
        7⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
        6⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
        7⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54242.exe
        8⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5272.exe
        8⤵
        
        PID:14648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        8⤵
        
        PID:16964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35972.exe
        7⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47596.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30473.exe
        7⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23059.exe
        6⤵
        
        PID:8572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14560.exe
        6⤵
        
        PID:11908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52840.exe
        6⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65274.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58798.exe
        7⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        8⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe
        9⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
        10⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30804.exe
        10⤵
        
        PID:17384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:13296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20099.exe
        8⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24873.exe
        8⤵
        
        PID:14616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49509.exe
        7⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47662.exe
        8⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29915.exe
        8⤵
        
        PID:12956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17147.exe
        8⤵
        
        PID:17480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39752.exe
        7⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62205.exe
        7⤵
        
        PID:13204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4703.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52337.exe
        6⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37086.exe
        7⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56585.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        7⤵
        
        PID:13304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62377.exe
        7⤵
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33259.exe
        6⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
        7⤵
        
        PID:16996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
        7⤵
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
        6⤵
        
        PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47698.exe
        6⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20366.exe
        7⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39494.exe
        8⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29915.exe
        8⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26016.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
        7⤵
        
        PID:16064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        7⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
        6⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29554.exe
        7⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44873.exe
        7⤵
        
        PID:15996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        7⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
        6⤵
        
        PID:12564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25832.exe
        6⤵
        
        PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39073.exe
        5⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
        6⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe
        7⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13705.exe
        8⤵
        
        PID:13020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37908.exe
        8⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe
        7⤵
        
        PID:13856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50405.exe
        7⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8144.exe
        6⤵
        
        PID:8964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61436.exe
        6⤵
        
        PID:13568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53328.exe
        6⤵
        
        PID:1272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33583.exe
        5⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32538.exe
        6⤵
        
        PID:13232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59305.exe
        6⤵
        
        PID:9184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31524.exe
        5⤵
        
        PID:11160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56338.exe
        5⤵
        
        PID:16376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30863.exe
        5⤵
        
        PID:16624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58740.exe
        5⤵
        
        PID:17348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2352.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3629.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39722.exe
        7⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62721.exe
        8⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47662.exe
        9⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        9⤵
        
        PID:13196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43836.exe
        8⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62205.exe
        8⤵
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21880.exe
        7⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18062.exe
        8⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5272.exe
        8⤵
        
        PID:14692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65469.exe
        7⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36155.exe
        7⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27138.exe
        7⤵
        
        PID:16300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57599.exe
        7⤵
        
        PID:17552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35512.exe
        6⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 640
        7⤵
        Program crash
        
        PID:8028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18704.exe
        6⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44546.exe
        7⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44873.exe
        7⤵
        
        PID:16024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32775.exe
        7⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39256.exe
        6⤵
        
        PID:13160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23095.exe
        6⤵
        
        PID:17352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46473.exe
        6⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53889.exe
        7⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32199.exe
        8⤵
        
        PID:17612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37508.exe
        7⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8256.exe
        7⤵
        
        PID:17028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25091.exe
        6⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34650.exe
        7⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61733.exe
        7⤵
        
        PID:17272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
        7⤵
        
        PID:17296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22273.exe
        6⤵
        
        PID:10628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28563.exe
        6⤵
        
        PID:16744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57057.exe
        6⤵
        
        PID:16988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28674.exe
        6⤵
        
        PID:16860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53436.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45254.exe
        6⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29427.exe
        6⤵
        
        PID:12412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33860.exe
        6⤵
        
        PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47293.exe
        5⤵
        
        PID:7232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65262.exe
        6⤵
        
        PID:16596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe
        6⤵
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33067.exe
        5⤵
        
        PID:11948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39758.exe
        5⤵
        
        PID:16984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56348.exe
        5⤵
        
        PID:17452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19315.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24242.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42388.exe
        6⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5565.exe
        7⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42758.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1572.exe
        8⤵
        
        PID:12716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17147.exe
        8⤵
        
        PID:17512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53461.exe
        7⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8055.exe
        7⤵
        
        PID:16924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18572.exe
        7⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62965.exe
        6⤵
        
        PID:8296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40188.exe
        6⤵
        
        PID:13420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27086.exe
        6⤵
        
        PID:312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23364.exe
        5⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18010.exe
        6⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16704.exe
        7⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51977.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12480.exe
        6⤵
        
        PID:11728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41428.exe
        5⤵
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
        6⤵
        
        PID:17000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
        5⤵
        
        PID:11996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61684.exe
        5⤵
        
        PID:17492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3364.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64034.exe
        5⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
        6⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2545.exe
        7⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28542.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43284.exe
        8⤵
        
        PID:16256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        7⤵
        
        PID:12196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13063.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21932.exe
        6⤵
        
        PID:9820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56340.exe
        6⤵
        
        PID:14492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25237.exe
        6⤵
        
        PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2228.exe
        5⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2216.exe
        6⤵
        
        PID:17260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23423.exe
        5⤵
        
        PID:10408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        5⤵
        
        PID:15292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        5⤵
        
        PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30215.exe
      4⤵
      PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61590.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43578.exe
        6⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33055.exe
        7⤵
        
        PID:532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe
        6⤵
        
        PID:13152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54664.exe
        6⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46425.exe
        6⤵
        
        PID:17472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5935.exe
        5⤵
        
        PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2828.exe
        5⤵
        
        PID:16132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        5⤵
        
        PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1288.exe
      4⤵
      PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44738.exe
        5⤵
        
        PID:10884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44873.exe
        5⤵
        
        PID:15988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        5⤵
        
        PID:5524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9477.exe
      4⤵
      PID:11832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
      4⤵
      PID:16448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17876.exe
      4⤵
      PID:16624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11148.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30386.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44522.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17936.exe
        6⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52358.exe
        7⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65290.exe
        8⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2480.exe
        9⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3543.exe
        9⤵
        
        PID:17284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
        8⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40737.exe
        8⤵
        
        PID:15616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47020.exe
        8⤵
        
        PID:12456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
        7⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37582.exe
        8⤵
        
        PID:14908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31015.exe
        7⤵
        
        PID:12088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33145.exe
        7⤵
        
        PID:16664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1111.exe
        6⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19982.exe
        7⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe
        8⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61873.exe
        8⤵
        
        PID:11896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33055.exe
        8⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
        7⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        7⤵
        
        PID:14812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59161.exe
        6⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
        7⤵
        
        PID:16712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8947.exe
        6⤵
        
        PID:11816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15152.exe
        6⤵
        
        PID:16464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14065.exe
        6⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25026.exe
        8⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
        9⤵
        
        PID:16608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20683.exe
        8⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49430.exe
        9⤵
        
        PID:16980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-280.exe
        8⤵
        
        PID:16784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12480.exe
        7⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
        7⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43156.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        7⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4909.exe
        8⤵
        
        PID:14708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2200.exe
        7⤵
        
        PID:13976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36372.exe
        7⤵
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38600.exe
        6⤵
        
        PID:9448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36357.exe
        6⤵
        
        PID:11916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64509.exe
        6⤵
        
        PID:17356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62372.exe
        5⤵
        
        PID:896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50770.exe
        6⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
        7⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36809.exe
        7⤵
        
        PID:17104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28564.exe
        6⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15935.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52560.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
        5⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39494.exe
        6⤵
        
        PID:8348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
        6⤵
        
        PID:13176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52761.exe
        6⤵
        
        PID:17280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36951.exe
        5⤵
        
        PID:9796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37004.exe
        5⤵
        
        PID:10248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46074.exe
        5⤵
        
        PID:8628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58865.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35342.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14065.exe
        6⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13437.exe
        7⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24066.exe
        8⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
        9⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21659.exe
        9⤵
        
        PID:16172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49253.exe
        9⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43564.exe
        8⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        8⤵
        
        PID:16144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
        7⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16704.exe
        8⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1047.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59061.exe
        8⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42308.exe
        7⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53461.exe
        7⤵
        
        PID:14768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58756.exe
        7⤵
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        6⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61782.exe
        7⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13401.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38520.exe
        8⤵
        
        PID:14484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31815.exe
        8⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12236.exe
        7⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        7⤵
        
        PID:15608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        7⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41620.exe
        6⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
        7⤵
        
        PID:14236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37649.exe
        6⤵
        
        PID:11976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22692.exe
        6⤵
        
        PID:12456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
        5⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
        6⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28956.exe
        7⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58608.exe
        7⤵
        
        PID:16340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30473.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50476.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57545.exe
        6⤵
        
        PID:14760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28143.exe
        6⤵
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55652.exe
        5⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37582.exe
        6⤵
        
        PID:14580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2480.exe
        5⤵
        
        PID:10256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44508.exe
        5⤵
        
        PID:16976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53716.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53681.exe
        5⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5565.exe
        6⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37338.exe
        7⤵
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17628.exe
        7⤵
        
        PID:16764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38712.exe
        7⤵
        
        PID:17120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21172.exe
        6⤵
        
        PID:10396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7131.exe
        6⤵
        
        PID:16140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62965.exe
        5⤵
        
        PID:8368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32019.exe
        5⤵
        
        PID:12960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6400.exe
      4⤵
      PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23298.exe
        5⤵
        
        PID:3748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4836.exe
        6⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29251.exe
        6⤵
        
        PID:14896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12252.exe
        6⤵
        
        PID:17292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61688.exe
        6⤵
        
        PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6172.exe
        5⤵
        
        PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19007.exe
        5⤵
        
        PID:14668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61993.exe
        5⤵
        
        PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12587.exe
      4⤵
      PID:7248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
        5⤵
        
        PID:9744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42604.exe
        5⤵
        
        PID:14356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47476.exe
      4⤵
      PID:9784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49410.exe
      4⤵
      PID:14804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45923.exe
      4⤵
      PID:3416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40592.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40592.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3629.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10749.exe
        6⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28918.exe
        7⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
        8⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21659.exe
        8⤵
        
        PID:16204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48973.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53077.exe
        7⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
        7⤵
        
        PID:15020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52560.exe
        7⤵
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        6⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45174.exe
        7⤵
        
        PID:13940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        6⤵
        
        PID:12384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19280.exe
        5⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40978.exe
        6⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        7⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
        7⤵
        
        PID:13104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54944.exe
        6⤵
        
        PID:10376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        6⤵
        
        PID:16368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58756.exe
        6⤵
        
        PID:17176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52144.exe
        5⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8549.exe
        6⤵
        
        PID:9340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16948.exe
        6⤵
        
        PID:14172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13403.exe
        6⤵
        
        PID:16952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30877.exe
        5⤵
        
        PID:8952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48880.exe
        5⤵
        
        PID:14784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34192.exe
        5⤵
        
        PID:17368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
        5⤵
        
        PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64034.exe
        5⤵
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19022.exe
        6⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14309.exe
        7⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        8⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51033.exe
        8⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41844.exe
        8⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63549.exe
        7⤵
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34487.exe
        7⤵
        
        PID:16456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-612.exe
        7⤵
        
        PID:17440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35528.exe
        6⤵
        
        PID:8280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        6⤵
        
        PID:12544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62913.exe
        5⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41208.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62500.exe
        6⤵
        
        PID:16180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exe
        6⤵
        
        PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65469.exe
        5⤵
        
        PID:11736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32071.exe
        5⤵
        
        PID:15596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21608.exe
        5⤵
        
        PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33015.exe
      4⤵
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9523.exe
        5⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54022.exe
        6⤵
        
        PID:16684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5744.exe
        5⤵
        
        PID:10636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4827.exe
        5⤵
        
        PID:17252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        5⤵
        
        PID:17128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21252.exe
      4⤵
      PID:7260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25256.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8447.exe
        5⤵
        
        PID:15444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30473.exe
        5⤵
        
        PID:1468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7603.exe
      4⤵
      PID:10456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54649.exe
      4⤵
      PID:15384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37433.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37433.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36686.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39722.exe
        5⤵
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37728.exe
        6⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exe
        7⤵
        
        PID:16652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
        6⤵
        
        PID:11184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54028.exe
        6⤵
        
        PID:17316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17316 -s 72
        7⤵
        Program crash
        
        PID:15624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3580.exe
        6⤵
        
        PID:16460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exe
        6⤵
        
        PID:17020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21880.exe
        5⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
        6⤵
        
        PID:9724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21659.exe
        6⤵
        
        PID:16216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exe
        6⤵
        
        PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57300.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57545.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
        5⤵
        
        PID:6072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15388.exe
      4⤵
      PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36126.exe
        5⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-381.exe
        6⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38884.exe
        7⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41644.exe
        6⤵
        
        PID:14040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47397.exe
        5⤵
        
        PID:9956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
        5⤵
        
        PID:16080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21615.exe
        5⤵
        
        PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47759.exe
      4⤵
      PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5444.exe
        5⤵
        
        PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
      4⤵
      PID:11308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59700.exe
      4⤵
      PID:16100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
      4⤵
      PID:5184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40008.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40008.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38570.exe
      4⤵
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42026.exe
        5⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18010.exe
        6⤵
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27996.exe
        6⤵
        
        PID:9804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        6⤵
        
        PID:13288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27692.exe
        5⤵
        
        PID:7268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64826.exe
        6⤵
        
        PID:13624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35868.exe
        5⤵
        
        PID:12272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21608.exe
        5⤵
        
        PID:12908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19576.exe
      4⤵
      PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21622.exe
        5⤵
        
        PID:9036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28262.exe
        6⤵
        
        PID:12596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19947.exe
        6⤵
        
        PID:17624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29828.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17795.exe
      4⤵
      PID:9004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        5⤵
        
        PID:14732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30716.exe
        5⤵
        
        PID:16612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1764.exe
      4⤵
      PID:13552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28283.exe
      4⤵
      PID:17224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34140.exe
      4⤵
      PID:17244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9980.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9980.exe
    3⤵
    PID:1480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
      4⤵
      PID:6848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48822.exe
        5⤵
        
        PID:11176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
        5⤵
        
        PID:16636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17147.exe
        5⤵
        
        PID:17524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22463.exe
      4⤵
      PID:10640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14312.exe
      4⤵
      PID:15408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38143.exe
      4⤵
      PID:3656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53382.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53382.exe
    3⤵
    PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24510.exe
      4⤵
      PID:10656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60249.exe
      4⤵
      PID:12972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
      4⤵
      PID:7208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64392.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64392.exe
    3⤵
    PID:10324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
    3⤵
    PID:15368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52956.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52956.exe
    3⤵
    PID:16756
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39182.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39182.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41568.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34958.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48409.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25668.exe
        7⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53889.exe
        8⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29340.exe
        8⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7131.exe
        8⤵
        
        PID:16724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14540.exe
        8⤵
        
        PID:17012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54818.exe
        8⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12839.exe
        7⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26549.exe
        7⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28563.exe
        7⤵
        
        PID:16776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35616.exe
        6⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19214.exe
        7⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        8⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2200.exe
        8⤵
        
        PID:13676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        8⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6172.exe
        7⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19007.exe
        7⤵
        
        PID:14684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50405.exe
        7⤵
        
        PID:464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7219.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41806.exe
        7⤵
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48765.exe
        7⤵
        
        PID:16160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44281.exe
        6⤵
        
        PID:11136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55808.exe
        6⤵
        
        PID:15928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33860.exe
        6⤵
        
        PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4916.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59566.exe
        6⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19214.exe
        7⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47662.exe
        8⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29915.exe
        8⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18571.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18780.exe
        7⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
        6⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 488
        7⤵
        Program crash
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13911.exe
        6⤵
        
        PID:11100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        6⤵
        
        PID:16332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        6⤵
        
        PID:16716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1687.exe
        5⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
        6⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9720.exe
        7⤵
        
        PID:17280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42501.exe
        6⤵
        
        PID:10892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4827.exe
        6⤵
        
        PID:17244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
        6⤵
        
        PID:14828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60448.exe
        5⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23690.exe
        6⤵
        
        PID:11884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
        6⤵
        
        PID:17188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        6⤵
        
        PID:17340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7603.exe
        5⤵
        
        PID:10432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54649.exe
        5⤵
        
        PID:15480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38674.exe
        5⤵
        
        PID:17016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28827.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28866.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
        6⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53422.exe
        7⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56954.exe
        8⤵
        
        PID:16724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57457.exe
        8⤵
        
        PID:16868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
        8⤵
        
        PID:17160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62205.exe
        7⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41120.exe
        7⤵
        
        PID:15636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46809.exe
        7⤵
        
        PID:10216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35860.exe
        6⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
        7⤵
        
        PID:16304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16439.exe
        7⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12480.exe
        6⤵
        
        PID:12872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51864.exe
        6⤵
        
        PID:16892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53897.exe
        6⤵
        
        PID:1844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53489.exe
        5⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7345.exe
        6⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        7⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57597.exe
        7⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64488.exe
        7⤵
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43312.exe
        6⤵
        
        PID:9980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56340.exe
        6⤵
        
        PID:14396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45849.exe
        6⤵
        
        PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63820.exe
        5⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9317.exe
        6⤵
        
        PID:9520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38520.exe
        6⤵
        
        PID:14412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7119.exe
        6⤵
        
        PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31837.exe
        5⤵
        
        PID:9708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48880.exe
        5⤵
        
        PID:14792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35712.exe
        5⤵
        
        PID:17368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53515.exe
        5⤵
        
        PID:17596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16348.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7817.exe
        5⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23298.exe
        6⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        7⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27354.exe
        8⤵
        
        PID:16688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16564.exe
        7⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        7⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6172.exe
        6⤵
        
        PID:8944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19007.exe
        6⤵
        
        PID:14676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37079.exe
        6⤵
        
        PID:17292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1652.exe
        5⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11681.exe
        6⤵
        
        PID:12200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
        6⤵
        
        PID:16928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38416.exe
        5⤵
        
        PID:11144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        5⤵
        
        PID:15944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
        5⤵
        
        PID:752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
      4⤵
      PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16474.exe
        5⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        6⤵
        
        PID:11688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7627.exe
        6⤵
        
        PID:17228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2968.exe
        6⤵
        
        PID:16256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35972.exe
        5⤵
        
        PID:9276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        5⤵
        
        PID:16168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29975.exe
        5⤵
        
        PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe
      4⤵
      PID:7368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11681.exe
        5⤵
        
        PID:12208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9931.exe
        5⤵
        
        PID:16436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32830.exe
      4⤵
      PID:11576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34423.exe
      4⤵
      PID:16232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26224.exe
      4⤵
      PID:8888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64942.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35342.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14065.exe
        6⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17522.exe
        7⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25026.exe
        8⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48032.exe
        9⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60529.exe
        9⤵
        
        PID:15960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57929.exe
        8⤵
        
        PID:10804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38188.exe
        8⤵
        
        PID:15880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22305.exe
        8⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        7⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21643.exe
        7⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17576.exe
        7⤵
        
        PID:17208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
        7⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59877.exe
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23438.exe
        7⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33358.exe
        8⤵
        
        PID:11616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17644.exe
        8⤵
        
        PID:17584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22132.exe
        7⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30211.exe
        7⤵
        
        PID:16556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4696.exe
        7⤵
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3239.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
        6⤵
        
        PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6260.exe
        5⤵
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33474.exe
        6⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20942.exe
        7⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
        8⤵
        
        PID:12924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52989.exe
        8⤵
        
        PID:14812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58016.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30115.exe
        7⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4696.exe
        7⤵
        
        PID:17460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        6⤵
        
        PID:8252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33895.exe
        6⤵
        
        PID:11900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17576.exe
        6⤵
        
        PID:17216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
        5⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
        6⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53150.exe
        7⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        7⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe
        6⤵
        
        PID:13860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38376.exe
        6⤵
        
        PID:16896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41844.exe
        6⤵
        
        PID:17008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48165.exe
        5⤵
        
        PID:9008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43254.exe
        6⤵
        
        PID:14300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30228.exe
        6⤵
        
        PID:544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58636.exe
        5⤵
        
        PID:14044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58069.exe
        5⤵
        
        PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39980.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5705.exe
        5⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        6⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
        7⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
        7⤵
        
        PID:12444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9931.exe
        7⤵
        
        PID:16324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        6⤵
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61436.exe
        6⤵
        
        PID:13560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43852.exe
        6⤵
        
        PID:9268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49509.exe
        5⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37722.exe
        6⤵
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
        7⤵
        
        PID:16500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48765.exe
        6⤵
        
        PID:16120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1535.exe
        6⤵
        
        PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40964.exe
        5⤵
        
        PID:9560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57545.exe
        5⤵
        
        PID:14740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41740.exe
        5⤵
        
        PID:15660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29315.exe
      4⤵
      PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
        5⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57545.exe
        6⤵
        
        PID:11060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58608.exe
        6⤵
        
        PID:15980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exe
        6⤵
        
        PID:17172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40056.exe
        5⤵
        
        PID:8828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        5⤵
        
        PID:16244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33505.exe
      4⤵
      PID:7448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56938.exe
        5⤵
        
        PID:12864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32299.exe
      4⤵
      PID:11620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe
      4⤵
      PID:16288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10085.exe
      4⤵
      PID:9688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7063.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7063.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48938.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23194.exe
        5⤵
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22530.exe
        6⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
        7⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
        7⤵
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        7⤵
        
        PID:16620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        7⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65321.exe
        6⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19710.exe
        7⤵
        
        PID:11132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24105.exe
        6⤵
        
        PID:13200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10020.exe
        6⤵
        
        PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40847.exe
        5⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-508.exe
        6⤵
        
        PID:12632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
        6⤵
        
        PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38992.exe
        5⤵
        
        PID:10752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44053.exe
        5⤵
        
        PID:15860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50396.exe
        5⤵
        
        PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15388.exe
      4⤵
      PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37086.exe
        5⤵
        
        PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32080.exe
        5⤵
        
        PID:10608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7131.exe
        5⤵
        
        PID:15592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
      4⤵
      PID:7408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        5⤵
        
        PID:60
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
      4⤵
      PID:12004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
      4⤵
      PID:16576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44626.exe
      4⤵
      PID:16832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40313.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40313.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6665.exe
      4⤵
      PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19214.exe
        5⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
        6⤵
        
        PID:9148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
        6⤵
        
        PID:13372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65321.exe
        5⤵
        
        PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28379.exe
        5⤵
        
        PID:13600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
        5⤵
        
        PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
      4⤵
      PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16704.exe
        5⤵
        
        PID:11464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
        5⤵
        
        PID:16772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        5⤵
        
        PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1275.exe
      4⤵
      PID:9776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57545.exe
      4⤵
      PID:14776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13336.exe
      4⤵
      PID:16984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50636.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50636.exe
    3⤵
    PID:5292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45254.exe
      4⤵
      PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37714.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5272.exe
        5⤵
        
        PID:14660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24607.exe
        5⤵
        
        PID:1912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53077.exe
      4⤵
      PID:10124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
      4⤵
      PID:1800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22092.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22092.exe
    3⤵
    PID:7280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
      4⤵
      PID:16312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24607.exe
      4⤵
      PID:2848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33598.exe
    3⤵
    PID:11956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32067.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32067.exe
    3⤵
    PID:16840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
    3⤵
    PID:16776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24883.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24883.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22218.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22218.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13193.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40578.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35638.exe
        6⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
        7⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        8⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17208.exe
        9⤵
        
        PID:17004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2200.exe
        8⤵
        
        PID:13960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30943.exe
        8⤵
        
        PID:16640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63733.exe
        7⤵
        
        PID:10008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10008 -s 212
        8⤵
        Program crash
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
        7⤵
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
        7⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22648.exe
        6⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36710.exe
        7⤵
        
        PID:12752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43284.exe
        7⤵
        
        PID:16560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63304.exe
        6⤵
        
        PID:11196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        6⤵
        
        PID:15892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        6⤵
        
        PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19472.exe
        5⤵
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5565.exe
        6⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46074.exe
        7⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21659.exe
        7⤵
        
        PID:16036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4836.exe
        6⤵
        
        PID:10464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8447.exe
        6⤵
        
        PID:15748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30473.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1547.exe
        5⤵
        
        PID:8456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65158.exe
        6⤵
        
        PID:11168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48765.exe
        6⤵
        
        PID:16196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32775.exe
        6⤵
        
        PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3815.exe
        5⤵
        
        PID:12980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35328.exe
        5⤵
        
        PID:17036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28880.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35638.exe
        5⤵
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7537.exe
        6⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15373.exe
        7⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14120.exe
        7⤵
        
        PID:15780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13639.exe
        7⤵
        
        PID:16864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47397.exe
        6⤵
        
        PID:9948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
        6⤵
        
        PID:16048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        6⤵
        
        PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37640.exe
        5⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11733.exe
        6⤵
        
        PID:11628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38992.exe
        5⤵
        
        PID:10760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
        5⤵
        
        PID:15536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13639.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29123.exe
      4⤵
      PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20750.exe
        5⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-301.exe
        6⤵
        
        PID:11056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61733.exe
        6⤵
        
        PID:17244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12480.exe
        5⤵
        
        PID:11904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14620.exe
      4⤵
      PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45942.exe
        5⤵
        
        PID:14524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33067.exe
      4⤵
      PID:11936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10876.exe
      4⤵
      PID:16528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5580.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5580.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63930.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46738.exe
        5⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13437.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20558.exe
        7⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
        8⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-633.exe
        9⤵
        
        PID:14996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30908.exe
        9⤵
        
        PID:17324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29828.exe
        8⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24173.exe
        8⤵
        
        PID:17232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28564.exe
        7⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17022.exe
        8⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48592.exe
        7⤵
        
        PID:16964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13967.exe
        7⤵
        
        PID:15620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
        6⤵
        
        PID:12536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10085.exe
        6⤵
        
        PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17500.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4413.exe
        6⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19776.exe
        7⤵
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
        7⤵
        
        PID:512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12480.exe
        6⤵
        
        PID:11828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61848.exe
        5⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23860.exe
        6⤵
        
        PID:12364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38143.exe
        6⤵
        
        PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36881.exe
        5⤵
        
        PID:11640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28314.exe
        6⤵
        
        PID:16824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55424.exe
        5⤵
        
        PID:16276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
        5⤵
        
        PID:5160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15580.exe
      4⤵
      PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
        5⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28210.exe
        6⤵
        
        PID:10768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57125.exe
        6⤵
        
        PID:15964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        6⤵
        
        PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43076.exe
        5⤵
        
        PID:10536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-231.exe
        5⤵
        
        PID:16608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55652.exe
      4⤵
      PID:6256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24437.exe
      4⤵
      PID:10564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5647.exe
      4⤵
      PID:15416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
      4⤵
      PID:8596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34639.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34639.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22737.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22737.exe
    3⤵
    PID:208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60822.exe
      4⤵
      PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        5⤵
        
        PID:8832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18239.exe
        5⤵
        
        PID:10016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4696.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63733.exe
      4⤵
      PID:10016
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10016 -s 212
        5⤵
        Program crash
        
        PID:10248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15307.exe
      4⤵
      PID:11588
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11588 -s 464
        5⤵
        Program crash
        
        PID:16732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
      4⤵
      PID:1244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52852.exe
    3⤵
    PID:6252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
      4⤵
      PID:13284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64773.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64773.exe
    3⤵
    PID:10480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
    3⤵
    PID:15376
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46457.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46457.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52690.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52690.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52254.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13489.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
        6⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
        7⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        8⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
        9⤵
        
        PID:16700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10296.exe
        9⤵
        
        PID:17504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2200.exe
        8⤵
        
        PID:13688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50125.exe
        8⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59028.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        7⤵
        
        PID:16348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        7⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
        6⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31015.exe
        6⤵
        
        PID:11632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
        6⤵
        
        PID:16260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
        6⤵
        
        PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7988.exe
        5⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5565.exe
        6⤵
        
        PID:7136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
        6⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58608.exe
        6⤵
        
        PID:16356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30473.exe
        6⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62965.exe
        5⤵
        
        PID:8300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14472.exe
        5⤵
        
        PID:12892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55077.exe
      4⤵
      Executes dropped EXE
      PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3349.exe
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57506.exe
        6⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12480.exe
        6⤵
        
        PID:10584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35860.exe
        5⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52854.exe
        6⤵
        
        PID:12884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35868.exe
        5⤵
        
        PID:12268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61105.exe
        5⤵
        
        PID:12772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27560.exe
        5⤵
        
        PID:17040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38060.exe
      4⤵
      PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20366.exe
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25270.exe
        6⤵
        
        PID:9840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1239.exe
        6⤵
        
        PID:16008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51557.exe
        6⤵
        
        PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39864.exe
        5⤵
        
        PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
        5⤵
        
        PID:15008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34557.exe
        5⤵
        
        PID:5484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13084.exe
      4⤵
      PID:7312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36710.exe
        5⤵
        
        PID:12780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47369.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29897.exe
        5⤵
        
        PID:17416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32299.exe
      4⤵
      PID:11568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe
      4⤵
      PID:16248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10085.exe
      4⤵
      PID:5408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27920.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27920.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
      4⤵
      PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28814.exe
        5⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49338.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23690.exe
        7⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
        7⤵
        
        PID:17200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24607.exe
        7⤵
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16704.exe
        6⤵
        
        PID:11472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1047.exe
        6⤵
        
        PID:16148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7016.exe
        6⤵
        
        PID:7288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31776.exe
        5⤵
        
        PID:7192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24074.exe
        6⤵
        
        PID:12948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21728.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64457.exe
        5⤵
        
        PID:13180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4864.exe
      4⤵
      PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45254.exe
        5⤵
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15521.exe
        6⤵
        
        PID:13208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16704.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1047.exe
        5⤵
        
        PID:16188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exe
        5⤵
        
        PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41428.exe
      4⤵
      PID:4920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
      4⤵
      PID:11204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28563.exe
      4⤵
      PID:16752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
    3⤵
    PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46302.exe
      4⤵
      PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29686.exe
        5⤵
        
        PID:7400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62057.exe
        5⤵
        
        PID:8780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-633.exe
        6⤵
        
        PID:14972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9180.exe
        6⤵
        
        PID:17040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24503.exe
        6⤵
        
        PID:16656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        5⤵
        
        PID:13276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
        5⤵
        
        PID:8792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11356.exe
      4⤵
      PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45942.exe
        5⤵
        
        PID:14532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36564.exe
        5⤵
        
        PID:16924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12480.exe
      4⤵
      PID:10912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
      4⤵
      PID:3120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16976.exe
    3⤵
    PID:6780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43578.exe
      4⤵
      PID:8424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34266.exe
        5⤵
        
        PID:15268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63773.exe
        5⤵
        
        PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54909.exe
      4⤵
      PID:13240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54664.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64773.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64773.exe
    3⤵
    PID:10276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10645.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10645.exe
    3⤵
    PID:14980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58175.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58175.exe
    3⤵
    PID:3280
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56012.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56012.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47786.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47786.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
      4⤵
      PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8393.exe
        5⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19982.exe
        6⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        7⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14120.exe
        7⤵
        
        PID:15792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13639.exe
        7⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30676.exe
        6⤵
        
        PID:9052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
        6⤵
        
        PID:14872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15796.exe
        6⤵
        
        PID:16968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44096.exe
        6⤵
        
        PID:11528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48113.exe
        5⤵
        
        PID:7640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19776.exe
        6⤵
        
        PID:12392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
        6⤵
        
        PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
        5⤵
        
        PID:12556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50520.exe
        5⤵
        
        PID:16708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
      4⤵
      PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45254.exe
        5⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36430.exe
        6⤵
        
        PID:13228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8920.exe
        5⤵
        
        PID:8968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33335.exe
        5⤵
        
        PID:14612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22305.exe
        5⤵
        
        PID:4148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41428.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
      4⤵
      PID:11988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51377.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51377.exe
    3⤵
    PID:5064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38518.exe
      4⤵
      PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9457.exe
        5⤵
        
        PID:7196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
        6⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28366.exe
        7⤵
        
        PID:16860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40928.exe
        7⤵
        
        PID:10264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57597.exe
        6⤵
        
        PID:11540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52044.exe
        6⤵
        
        PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56201.exe
        5⤵
        
        PID:9468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
        5⤵
        
        PID:14884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48113.exe
      4⤵
      PID:7648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41334.exe
        5⤵
        
        PID:12068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
      4⤵
      PID:12572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2480.exe
      4⤵
      PID:8160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22403.exe
    3⤵
    PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32094.exe
      4⤵
      PID:9128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14120.exe
      4⤵
      PID:15552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
      4⤵
      PID:5540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
    3⤵
    PID:10148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16207.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16207.exe
    3⤵
    PID:14628
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9876.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9876.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6089.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6089.exe
    3⤵
    PID:1380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33.exe
      4⤵
      PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28918.exe
        5⤵
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61754.exe
        6⤵
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61733.exe
        6⤵
        
        PID:16692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38536.exe
        6⤵
        
        PID:17184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8920.exe
        5⤵
        
        PID:10300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
        5⤵
        
        PID:14968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17156.exe
        5⤵
        
        PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11356.exe
      4⤵
      PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8640.exe
        5⤵
        
        PID:17080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64457.exe
      4⤵
      PID:13168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
      4⤵
      PID:5740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65290.exe
      4⤵
      PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3513.exe
        5⤵
        
        PID:10448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64996.exe
        5⤵
        
        PID:17268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27228.exe
      4⤵
      PID:9572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
      4⤵
      PID:16300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27639.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27639.exe
    3⤵
    PID:7380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17022.exe
      4⤵
      PID:13260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41312.exe
      4⤵
      PID:17236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36881.exe
    3⤵
    PID:11608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
    3⤵
    PID:16808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10085.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10085.exe
    3⤵
    PID:17248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
  2⤵
  PID:3688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2685.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2685.exe
    3⤵
    PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16085.exe
      4⤵
      PID:9196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        5⤵
        
        PID:16828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45781.exe
      4⤵
      PID:12376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9931.exe
      4⤵
      PID:13812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61237.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61237.exe
    3⤵
    PID:7304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1371.exe
    3⤵
    PID:15584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5272.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5272.exe
    3⤵
    PID:17140
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52847.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52847.exe
  2⤵
  PID:6752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
    3⤵
    PID:11220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44873.exe
    3⤵
    PID:4604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24607.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24607.exe
    3⤵
    PID:3240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12596.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12596.exe
  2⤵
  PID:10780
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16184.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16184.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:15648
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
  2⤵
  PID:17300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5680 -ip 5680
1⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 10016 -ip 10016
1⤵
PID:10160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 10008 -ip 10008
1⤵
PID:10104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 7272 -ip 7272
1⤵
PID:12692

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:16580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10297.exe

Filesize
468KB

MD5
8153b0550dbd5a8d51241778bcf201d8

SHA1
c196c494d128de81b81624061ef8673af7a239fc

SHA256
e92ce4487a595325020928c72cf7b25417d86a64bc0281d8b413b570c453557a

SHA512
76f155105085f0b9f162a21ee13acbb409a0b4ed71f387524842f4d738996ef4bf1fee6c44897b1b9ce01ec0f0095cc9b86da9c1018a9402bf8263ce838c5a0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe

Filesize
468KB

MD5
7eac469dc107a59eac94538ace0cc544

SHA1
5f418092921b8199c438fa6cb0914715c0a7f18a

SHA256
6167cc93c6c76fbacc22454eeb590d442ada97a9d71c6a446809fcce55abad65

SHA512
eda81d9dee6484cf9a3a3441b8cd3c937efe576d79aca88c195c053bddc02844d56dd9a063d6d0e9eff36c66019ae7e5481a0913f96af9b7f597a13514afa665

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11148.exe

Filesize
468KB

MD5
bc8cc37a7a8966cae301b51aa7ca8b7e

SHA1
c2445275c523a7b0f3059dc62785b8e0f1af408f

SHA256
e544eb04292761ddcf9d31004702958487b7f5c424d607b4f872f23ea24fe1d5

SHA512
16b89a7c823cf0cb941f2d7cfef602649d5abf18b4775285df353dbf37e02d607e381bba2abc8fff53bf493e950f8ca5c13873c92ff177b63ea293a680102c0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13193.exe

Filesize
468KB

MD5
98cd004975c9450ba16d36599571da61

SHA1
a8d5ef44846c82b9ccb43fbbe074b37d6e135de1

SHA256
5924e826d2c575349217bc50bb894915455412b8530144e9c8ab75881635011f

SHA512
c2f66e5ce72f22f9cf687102d637898d02a75b5c12ae179e30b092604e3ed3e4896dc3c434f9e5c8e672ebbdaaec7106634c1db83aac63e1c7d86ea51daf595e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe

Filesize
468KB

MD5
5f03999c0b87d6c2341d78a692d62219

SHA1
e4ddd99076d5573653c3d936342c9971ab84b722

SHA256
928e1f10c40c92393507998beb36e33643f66e319cd7347c66b992ed4ae6561f

SHA512
fe2cb05606e00ad7fcec826cd1f570186d816b875302c7249807aac3ba22055fd2a9f28319788229374536c0377700ac9196c33e63afbc1e912cd01e812949fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe

Filesize
468KB

MD5
9cff09c7bd28ee822c5c73887e2bf4e5

SHA1
d17a99cb5a49e155f8d7ee1630e824655cfd92ce

SHA256
040486d3a3a6cb440eb13a227d52c271c77745322a497ab9d112e3fefa60b060

SHA512
631c32137f5c3c5b95a5e8f20e52c9ec7d57a45d404a9ed8db5c04995153fbf87f9f1f9e2db79c553c41828ad2f6bb65b659d560ea17a2de72c698a9e22533d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19315.exe

Filesize
468KB

MD5
167ae09fc538107953cf20ab01518ba9

SHA1
00ed1f03d42ec833644ed66b4bd9a4b373269717

SHA256
e731697ba43f86c69d00092fe42a61e889b939635e8ddf8d6912c4cc8a9751f2

SHA512
a0f867b308767b387836a32fcfba71c943681b464fd1597289e42952164ba0f36d1940fdb0a3cad1e32b74f7d83145c2eb50bd55dfb1864a1f7f5383c47fb425

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22218.exe

Filesize
468KB

MD5
38ee0ab8b6bd6b7722f34eba274ba4c4

SHA1
ab38f72a72e6b2c0aa55fbc88d0d31dc0bcb6e21

SHA256
8fd1e216b8d983da35f046efc3a86f21e14fa896fd523db5a21af9dfe26c6ce8

SHA512
055c65d69a4149b91edb160dc738f0afd85f95aacd8ac88cd29c38afa35a3bc82df90e0d5bebe9dc71530b9e2a4cc6909b9b9e2a1eb6ceca190b7db6591d31b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2352.exe

Filesize
468KB

MD5
0f30576545a12a9314fd9cd7de04b237

SHA1
7ef8e4ec322229c58e22fb2f13b6af53b8ccd928

SHA256
fc16496b47f460fd31663777997b981b4a4f88aa858278d1d918fc35ebd66f26

SHA512
f4430a0c3a4a86edecef90e66c9d4c5cd73d8ed85a526e37afe6007023fb2ff8bd040043964fe8a09fa6e285c443e8aa182e7c3c03d4af901e4b4b53347a81ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24883.exe

Filesize
468KB

MD5
d893085dd227af720dc3ae6eb54e14d9

SHA1
23adf5f516cc1449f1c213157b0460d0ff876347

SHA256
cc0025f08c31751a0e7c3ec318a6bda7a79eb53747c4d4b9d55d895652130666

SHA512
0d8f143a71845383c5c17a7eaf63c7a4e2a5358616668604a34af5776e57d6189d79a20ee78e787f2c4faac13cc5890cfd87d2271e294ef1c09a4158d12a04b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27920.exe

Filesize
468KB

MD5
59d61be6251351aa0d4ab0c5dcd7c4b5

SHA1
3fa5d96458ece9681ec350e1adffa769b952b2c6

SHA256
d1909b844d42c9d5810bf16aadd7ffc73352d1604c29b04b6918717b07b24fce

SHA512
39c9708e38275727ce980008ef40bdb571bdbec3570f8915336cbc5d5a249168a036bd8ff51315ff043956df0a87387c219db47427e11828cd3a1c6da72b8df5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28827.exe

Filesize
468KB

MD5
f274ebc7f209532ba63d4ce593a163f6

SHA1
6b82e530a91a7c1b0dba9db4b47a003f77f2f22a

SHA256
6d0e34b5a737755f903790aa539a20f4052a69dd5e42fd9a69ded699c3616717

SHA512
6dc7c8994bac19cc5defd2765d96af9e804ffafe767ca01e045252750706fa1f7296d4d4ca39ccc90d06033f31c69d4f3821e2a96eb3afd6a917fbe7f527b7d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30386.exe

Filesize
468KB

MD5
85b93f6df2bc69a263bffa5ffa19e8bd

SHA1
cfeffbc66a692794df0b80b4883aacc939194093

SHA256
70e304ec1f14cd91560485c577a248c37265b2e5cc8be312b50cbb484a8288c7

SHA512
ed65b92fa4b7fe7536ab299bee8a641ca0adc10606a344c4d951e6406ea863ecf5a0af6a8b5b0dab9c59636810217c65d8fb29a4b8a0227692c558f2beb7cdb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34958.exe

Filesize
468KB

MD5
e4224645704eb743c42f46358bc57a1f

SHA1
7eda980e5ec753052beb4ea398a29793c73d69b1

SHA256
be9cc358ae8abdaa8bd5ac44ab24000331a25539a3eb88839d9a611a74488a08

SHA512
d82af7134258bb979b358c5a2b10e5f3f8c68bc48112c0588cf39860a33cdad36bc409fb9d9dda490a07391ef6f5a2fe86e239fcd747956d6bb274872d8523e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37433.exe

Filesize
468KB

MD5
c68b45e5b7f097274c6be01c4c98747f

SHA1
942ee4609d4bf8c5b5422c38da298f5fea88643c

SHA256
a3d1592c50f7372dfb9a9f15eb8c57b807dcdca55e6c1226bc2cd2b38749f4b2

SHA512
871f69b7181f0a9b53379ac3f4625754840a7b06964b87e77b974d3a6598ca3d9c862e09f24be8dabd3069ddf865f29c3257e5a2b6d045a0ade7b05c4b09fac0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe

Filesize
468KB

MD5
736b708f6d1cc36c2681734f2aa03f78

SHA1
e330f57524ba81068a62b25b25639b0ccdf4337b

SHA256
eece97e60ecc1aec029795e84a18f061b2fd8bfdfadb6c8d006f7548d837719e

SHA512
69cd5d8fb971b9f2dedecd5ce16d37fb79b65963625a9b899c2821847138fe2fb8d7f187fe369432402282d1924f9e6116dfa3eb77f86b016fa2b00df1523815

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39182.exe

Filesize
468KB

MD5
04e9ab2e32a702f1788228707468d28b

SHA1
37e8de890a52dda3014e1d2eebbea3ffe386859f

SHA256
32fdaf80d549c4aef7d47e1e82525c6b84df59f51231c064a44f34682cef780b

SHA512
f5df4d7a4edb958959a3aa99b535c2216fd4f191301f8dcf30611d8f15d81fdbe8a726d399b7c4272dff8a5f8cf6e052578fb64e781790103b666ba4507fa40c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40592.exe

Filesize
468KB

MD5
2120d2d53c78c31b427e3078c36db03a

SHA1
d08e7b6c6838371661045ddf81c360d747966e1e

SHA256
609280039034db4c548d7b1007de9ab54d41e41f39ae83bcc788e1a6a60ec077

SHA512
2e1c3d3d2345f8b530e9dd073c5de65d4417e8d79d8623975124bd1e2e40139822f1aab9523ea9198c64c8ed8c7aec58d3bde6d8c5ef62854faf6ec8bfe11b8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe

Filesize
468KB

MD5
53a27bd47efecf21c211238c5347ecd3

SHA1
f8c67ebda1710dafa6b49b4f63360508b83b3639

SHA256
e860ebc413811450a6964612477fa91a1b9cd7acbfa65cf9a162383a4674eed4

SHA512
2827fe89de2f674e9478ce2dda6f9edceb70ddd8f8092b8340865f38a730a084a71a86e181497f41baf4ff402cc2556f01bf6f886cd2765a471e26cebbcfe61a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41154.exe

Filesize
468KB

MD5
8d0f7ec24c5d9b5cca4084cf9d922c54

SHA1
60720e3e437181231a541a3762486908995a5775

SHA256
e4c5fd7498fa64bd95231d3b23f196a68b4516dc77e40d98c8d0b513466c8d70

SHA512
b3606f21567fbfbce9b1ea50bca1b7d55062a40849f230cf9fda8a3b5191bdde181efd702d4ec40a0863a591f66f207c6c54dd664b4546972f80b1bf0a2bd68b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41568.exe

Filesize
468KB

MD5
bafecce827c46826359607754fcce738

SHA1
95f45bb12e6ae6a2e6b455c2f62e3c88ab5883c4

SHA256
6ee3656e6ddd913e220c187ee519789407ea31a2e084af7f5dae25c9a018b4a9

SHA512
c9ce6eebf4005d93f52a107b0172026f80bc35cbe17a7712ff5462aee3e3a3689b464f21af61358aea6c284db7abbcbff248e6012abaf29af70387833df1ea1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41740.exe

Filesize
468KB

MD5
e5d708d7c9e77e67d3064f55128a8816

SHA1
31c52987d40dfda0857a9685c7e514fab1e3b00f

SHA256
4a74af7ce8df99c53fa7b768de51622f37cb8108ce4a5baede26814d680901bb

SHA512
cec8421a94f1e548afc100991983dc3e446efc477d8ec6d13879aac44de148635242b8d7aaf5bfc5b6da766d0fef72b168dd4bb9a2b817bec2bfca260ae57fb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42758.exe

Filesize
468KB

MD5
b7a91429c97355ec32eca57fd9c53ee6

SHA1
c835f05320260e5663982cb8ba316992a36d4fc3

SHA256
064f28664d224764de3c6df90deaca650655207444d4a784720dd193b2c7fd07

SHA512
4265727ded62ecd943b45979ee733d55d3dad63e166a94a1f5d63a3b9a0a910b62310e065f17bdd4f100f33ec8235954d88b44c7aba2b92f08154476de65e2a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44522.exe

Filesize
468KB

MD5
da339fb081c7cfac07a9dd9dec3c81a4

SHA1
001fea623a4dd78b8827a6a14b4ffd27204bfd9f

SHA256
490cda00b578e33ff1edfcafcbe8cb1cd4e5acb6226037edc8c383da3734df8c

SHA512
9467c818fddd5b601b18c80505f38086037591634209595196bdbd13e2d6ce0388452100adc6bde94806efc35257420f17a50e58c4d3393480b257966417fb41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46457.exe

Filesize
468KB

MD5
143dd339d5b9a242caa45ec87f151f31

SHA1
bd67f2eb6bf87e8d96befbc1cb1ff9f987c5def0

SHA256
8cb06b7f8ae603c75582b22ceb95435e640963c8e53ce6f105df8dc491bf081b

SHA512
6bcb4a7bac3a4a53cc8ff6b1ff81df0ae66e8b30b951ce8bf9030796aaa07bdfe0d466f1af72d0d5428fb5e98b8e6135f81475cc78590a68f693a38253c058e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47786.exe

Filesize
468KB

MD5
91ebbe2f30525776e299a41c3c9c7c4f

SHA1
0696036f731a98b52c004f7c85dc0c71fc1246cf

SHA256
06d9ceb4c196c62dbda4124975328b29bbf97f3c19ba47eeeba7f5b2d044b140

SHA512
9c11247c695a6476f174e9b373c00701a0e5249c71515412d0325bba4ab3fe52c8ae96180ad4e573978c0c6385ee15667c2dc1835aae71ee6ed4a20c6b7324c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49301.exe

Filesize
468KB

MD5
ec58754b5384896efea5c51127cfd1d2

SHA1
aff70c791ab13e47bb83758d0a30f775a6b0ba0f

SHA256
3d589db179bccff38af961988b025625b3654ef8e9490c2c48b60b17f469b5d3

SHA512
438333a03998f4a8fca7140d1b827c59ea00b931e4d3dd0a5256ce3525d3439d180e8bfa011379d70166337e97cac279b166f0e74ad7dfbdd0cb8b18d57da18c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52254.exe

Filesize
468KB

MD5
4c1a3c4696c1f0ac64cded2aa1e1b650

SHA1
bf334b9b925037ea083c43063a6115d3d1e928a0

SHA256
ad96b256672e7c7b8c79c9383910b54ba61b89028ec88fccce540c403f178c00

SHA512
7f248357d73a487c8499dfb0cb3fd4d42dfd7d1a92e3305a7494ec59f5677a6f4aa99a4255df1b6b0e2e7d79b3e714889e0a3d6e48b8da5cd96065a2070773c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52690.exe

Filesize
468KB

MD5
0b7f1fbf65ff8d721c208a3e1792931b

SHA1
048453219c0817ab1f5f38443308e4b91f75fa4d

SHA256
018192821c95db9716e1f941d92a1c7b1b02468418a39a3200c20852ba7fe8c3

SHA512
7eb31fe4a4a4dfbb6c03bed4e44bdbcb36918fd447d0ba93222e91f13b32f04ddd810f24a9d80705f66e4a9a1f845b529b5c095789400e0b5fbe48dd711c52c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5580.exe

Filesize
468KB

MD5
8e6ecf7752b23951d62e6ea4571ceba7

SHA1
c66c31ba9b2dffadb33cea6456b19a44c1c3c134

SHA256
ac2824582ef083e90d691102b5c458cf22edb6a6add8acd51a3d4a2743f58809

SHA512
1865d65735e1436a4c1ed3bb74e220a380176f9711d61666be145230a4f606a385f5160b722277189b8327e06c8155181a2a6bf89e0d5629b360912ac250b0bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56012.exe

Filesize
468KB

MD5
fa6ea9335366ad7dfa8f1b2ceb2c87bc

SHA1
7e4441f7a52824d2d86d9b710210e5c1155eb491

SHA256
43d28708191a600013617c6277195f879f3afca776c6533815a7dd266ef64fb6

SHA512
85c1abf071d3e2740f15856b953185a2eb5ef4cc32a3b935181b9fe55219ca5484a075bc7a0a8601b66970ec291505b082a16c4b90a01f3b7bd23d5f97929e32

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5881.exe

Filesize
468KB

MD5
e1b66295954e96e1dfdb1440df975968

SHA1
e5aedcbb7d3f5f71158941562f75b6dde8506ab3

SHA256
ead0b30b01c2a2c7713d364a2abee08132ad5d1773f118e04c4a273b854850dc

SHA512
bb0d998f686cf90ddbcdc031aa1332b1e35c5774aa719db9079f40534dbdb85ad8af3a95b2aeb8ff7b5371c1486338787d9379487f192ef78a55e4fe136f80e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58865.exe

Filesize
468KB

MD5
f585d7bd32f2ed49e686fb2270f7c53f

SHA1
d36f8d36304d2a7b7cd5ed8a5885eb7a6feb36e6

SHA256
08b4db1b67bb87ef34ab72162a690f9f50c6b48385f6af40a5c87387f1485e1d

SHA512
7d37f796f3602ff78391e9dd707ba8fc1586e9a1a82dcd655b42b54a00b3cc7026ad1328851eefed40b354baddc1d1bfa6ea6551afc2d6912824078e5dfc2bc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe

Filesize
468KB

MD5
413c5c21e8912cf01ec72410a21efaa9

SHA1
42aed43898ce234043103f667e8590c710ff1b0b

SHA256
f54ef4467a24bc4bd9f7b3c8f4a8e84c5d407e5760166408f812bb09d52be042

SHA512
22e489c36b28ed744358467287ee19f47dc5904080259ed2dfbd47e4a981a365f19e9414edb20f69566d32977a2e0ee1bd6ff20acb9b38b4b8c293f70709a47a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64942.exe

Filesize
468KB

MD5
72f609f63fc186963aa455acb72b8e19

SHA1
a8a5c5c49af75c3abc40cb4a90b5dbb8987f1331

SHA256
d8b7394b7e78d2c4984f5c5f1b74ca3abb5c873a5ec4ee5f1a88007b171f5d8c

SHA512
5da3ebde70bcbbe8a9a46ecc0bc4df270aedf38de41e3c21706c0a7ac1cc5bbcd8b442877a15446354062a9bac501836c86580e9cfa9827db95dcb7149d099b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7063.exe

Filesize
468KB

MD5
2864043847a4ff15b2afc92e0e938e4f

SHA1
7e1d41fb84c1c4c685ac8988496e7e494c4caf6e

SHA256
af624a3bb18bb38517180dd784a294d84581f10e21548bcd943bb4bdac53ff04

SHA512
d66c836139b72d118aece93f96be9387732ff075764a53773ee6f60468d4fecb15135e1c716e39dd8415f80332f2690acd8800d5e2d86dc9dac21de198c9fb62

Download Submit
memory/5160-4124-0x00007FF8382B0000-0x00007FF8384A5000-memory.dmp

Filesize
2.0MB

Download
memory/16928-2575-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads