3dc4b67cbd7b1496a940e3dc11d844a58c4d4a92e2bafe77912e2bedabb1ae78

Analysis

max time kernel
117s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2024, 06:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3dc4b67cbd7b1496a940e3dc11d844a58c4d4a92e2bafe77912e2bedabb1ae78N.exe
Size

468KB
MD5

b60f8059b328809fcfac58757cb93270
SHA1

e50dfdfc10fd3e2d7ea11c04490e85477d455ef0
SHA256

3dc4b67cbd7b1496a940e3dc11d844a58c4d4a92e2bafe77912e2bedabb1ae78
SHA512

6447677399f19dcbdf2baa1828f90ee7ac2520013ddc48283aa0c50196aea54c2bc31f1d7e231e5b285f23db671a33fb713e66646a655ce5c6593700aeff9b47
SSDEEP

3072:4belogxaIU57fbYZPzcfmbfD/c2Dns7H/QmyeQVqAEtKkki3uxulI:4b4oCc7fCP4fmbfKT1wEtD73ux

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2400	Unicorn-40503.exe
4584	Unicorn-7358.exe
3180	Unicorn-11997.exe
3176	Unicorn-3606.exe
3440	Unicorn-3606.exe
1676	Unicorn-653.exe
4532	Unicorn-14388.exe
1964	Unicorn-47431.exe
1552	Unicorn-39263.exe
1956	Unicorn-11613.exe
3984	Unicorn-11613.exe
1704	Unicorn-31214.exe
1636	Unicorn-25348.exe
408	Unicorn-4522.exe
2256	Unicorn-4522.exe
3732	Unicorn-7667.exe
2168	Unicorn-61699.exe
4576	Unicorn-16028.exe
2540	Unicorn-36810.exe
2320	Unicorn-48508.exe
872	Unicorn-15073.exe
4304	Unicorn-40340.exe
1320	Unicorn-52658.exe
1596	Unicorn-9587.exe
1824	Unicorn-11817.exe
2716	Unicorn-17682.exe
4800	Unicorn-563.exe
3160	Unicorn-17092.exe
1548	Unicorn-2793.exe
4376	Unicorn-40828.exe
1428	Unicorn-47579.exe
2756	Unicorn-47579.exe
1556	Unicorn-59276.exe
4944	Unicorn-18436.exe
3920	Unicorn-55747.exe
412	Unicorn-45362.exe
4608	Unicorn-9499.exe
4624	Unicorn-50148.exe
1332	Unicorn-30282.exe
1020	Unicorn-58316.exe
2372	Unicorn-25644.exe
1156	Unicorn-39026.exe
2432	Unicorn-11921.exe
3916	Unicorn-50532.exe
4244	Unicorn-30666.exe
3536	Unicorn-9691.exe
2012	Unicorn-9426.exe
3148	Unicorn-26028.exe
4616	Unicorn-3443.exe
216	Unicorn-3178.exe
4852	Unicorn-60050.exe
4084	Unicorn-35346.exe
3572	Unicorn-25483.exe
4824	Unicorn-57844.exe
3184	Unicorn-667.exe
8	Unicorn-667.exe
4804	Unicorn-5306.exe
900	Unicorn-21450.exe
1952	Unicorn-41051.exe
4884	Unicorn-35260.exe
4912	Unicorn-31730.exe
2992	Unicorn-26324.exe
3764	Unicorn-1819.exe
4240	Unicorn-9795.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
13840	12524	WerFault.exe	603
16544	15072	WerFault.exe	709
7712	16628	WerFault.exe	875
8272	17064	WerFault.exe	912

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57796.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28970.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46916.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2603.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17433.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47618.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41706.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16505.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10441.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21860.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31017.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31450.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32521.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47579.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3606.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39275.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52011.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64802.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16218.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37241.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57675.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19708.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19708.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52243.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19657.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21106.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55211.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9795.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34905.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17738.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33986.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61627.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58683.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58018.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34817.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49204.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6178.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	3356	dwm.exe
Token: SeChangeNotifyPrivilege	3356	dwm.exe
Token: 33	3356	dwm.exe
Token: SeIncBasePriorityPrivilege	3356	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
532	3dc4b67cbd7b1496a940e3dc11d844a58c4d4a92e2bafe77912e2bedabb1ae78N.exe
2400	Unicorn-40503.exe
3180	Unicorn-11997.exe
4584	Unicorn-7358.exe
3176	Unicorn-3606.exe
4532	Unicorn-14388.exe
3440	Unicorn-3606.exe
1676	Unicorn-653.exe
1964	Unicorn-47431.exe
1552	Unicorn-39263.exe
1704	Unicorn-31214.exe
1956	Unicorn-11613.exe
1636	Unicorn-25348.exe
3984	Unicorn-11613.exe
408	Unicorn-4522.exe
2256	Unicorn-4522.exe
3732	Unicorn-7667.exe
2168	Unicorn-61699.exe
4576	Unicorn-16028.exe
2320	Unicorn-48508.exe
4304	Unicorn-40340.exe
2540	Unicorn-36810.exe
1596	Unicorn-9587.exe
1320	Unicorn-52658.exe
1824	Unicorn-11817.exe
872	Unicorn-15073.exe
2716	Unicorn-17682.exe
4800	Unicorn-563.exe
3160	Unicorn-17092.exe
1548	Unicorn-2793.exe
4376	Unicorn-40828.exe
1556	Unicorn-59276.exe
1428	Unicorn-47579.exe
4944	Unicorn-18436.exe
2756	Unicorn-47579.exe
3920	Unicorn-55747.exe
412	Unicorn-45362.exe
4624	Unicorn-50148.exe
4608	Unicorn-9499.exe
1332	Unicorn-30282.exe
1020	Unicorn-58316.exe
2432	Unicorn-11921.exe
1156	Unicorn-39026.exe
3536	Unicorn-9691.exe
2372	Unicorn-25644.exe
3916	Unicorn-50532.exe
216	Unicorn-3178.exe
4616	Unicorn-3443.exe
4244	Unicorn-30666.exe
4852	Unicorn-60050.exe
3148	Unicorn-26028.exe
4084	Unicorn-35346.exe
2012	Unicorn-9426.exe
3572	Unicorn-25483.exe
4824	Unicorn-57844.exe
8	Unicorn-667.exe
3184	Unicorn-667.exe
900	Unicorn-21450.exe
4804	Unicorn-5306.exe
1952	Unicorn-41051.exe
4912	Unicorn-31730.exe
4884	Unicorn-35260.exe
3764	Unicorn-1819.exe
2992	Unicorn-26324.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 532 wrote to memory of 2400	532	3dc4b67cbd7b1496a940e3dc11d844a58c4d4a92e2bafe77912e2bedabb1ae78N.exe	86
PID 532 wrote to memory of 2400	532	3dc4b67cbd7b1496a940e3dc11d844a58c4d4a92e2bafe77912e2bedabb1ae78N.exe	86
PID 532 wrote to memory of 2400	532	3dc4b67cbd7b1496a940e3dc11d844a58c4d4a92e2bafe77912e2bedabb1ae78N.exe	86
PID 2400 wrote to memory of 4584	2400	Unicorn-40503.exe	87
PID 2400 wrote to memory of 4584	2400	Unicorn-40503.exe	87
PID 2400 wrote to memory of 4584	2400	Unicorn-40503.exe	87
PID 532 wrote to memory of 3180	532	3dc4b67cbd7b1496a940e3dc11d844a58c4d4a92e2bafe77912e2bedabb1ae78N.exe	88
PID 532 wrote to memory of 3180	532	3dc4b67cbd7b1496a940e3dc11d844a58c4d4a92e2bafe77912e2bedabb1ae78N.exe	88
PID 532 wrote to memory of 3180	532	3dc4b67cbd7b1496a940e3dc11d844a58c4d4a92e2bafe77912e2bedabb1ae78N.exe	88
PID 3180 wrote to memory of 3176	3180	Unicorn-11997.exe	90
PID 3180 wrote to memory of 3176	3180	Unicorn-11997.exe	90
PID 3180 wrote to memory of 3176	3180	Unicorn-11997.exe	90
PID 4584 wrote to memory of 3440	4584	Unicorn-7358.exe	89
PID 4584 wrote to memory of 3440	4584	Unicorn-7358.exe	89
PID 4584 wrote to memory of 3440	4584	Unicorn-7358.exe	89
PID 2400 wrote to memory of 1676	2400	Unicorn-40503.exe	92
PID 2400 wrote to memory of 1676	2400	Unicorn-40503.exe	92
PID 2400 wrote to memory of 1676	2400	Unicorn-40503.exe	92
PID 532 wrote to memory of 4532	532	3dc4b67cbd7b1496a940e3dc11d844a58c4d4a92e2bafe77912e2bedabb1ae78N.exe	91
PID 532 wrote to memory of 4532	532	3dc4b67cbd7b1496a940e3dc11d844a58c4d4a92e2bafe77912e2bedabb1ae78N.exe	91
PID 532 wrote to memory of 4532	532	3dc4b67cbd7b1496a940e3dc11d844a58c4d4a92e2bafe77912e2bedabb1ae78N.exe	91
PID 3440 wrote to memory of 1964	3440	Unicorn-3606.exe	93
PID 3440 wrote to memory of 1964	3440	Unicorn-3606.exe	93
PID 3440 wrote to memory of 1964	3440	Unicorn-3606.exe	93
PID 4532 wrote to memory of 1552	4532	Unicorn-14388.exe	94
PID 4532 wrote to memory of 1552	4532	Unicorn-14388.exe	94
PID 4532 wrote to memory of 1552	4532	Unicorn-14388.exe	94
PID 4584 wrote to memory of 3984	4584	Unicorn-7358.exe	96
PID 4584 wrote to memory of 3984	4584	Unicorn-7358.exe	96
PID 4584 wrote to memory of 3984	4584	Unicorn-7358.exe	96
PID 3180 wrote to memory of 1956	3180	Unicorn-11997.exe	95
PID 3180 wrote to memory of 1956	3180	Unicorn-11997.exe	95
PID 3180 wrote to memory of 1956	3180	Unicorn-11997.exe	95
PID 532 wrote to memory of 1704	532	3dc4b67cbd7b1496a940e3dc11d844a58c4d4a92e2bafe77912e2bedabb1ae78N.exe	97
PID 532 wrote to memory of 1704	532	3dc4b67cbd7b1496a940e3dc11d844a58c4d4a92e2bafe77912e2bedabb1ae78N.exe	97
PID 532 wrote to memory of 1704	532	3dc4b67cbd7b1496a940e3dc11d844a58c4d4a92e2bafe77912e2bedabb1ae78N.exe	97
PID 2400 wrote to memory of 1636	2400	Unicorn-40503.exe	98
PID 2400 wrote to memory of 1636	2400	Unicorn-40503.exe	98
PID 2400 wrote to memory of 1636	2400	Unicorn-40503.exe	98
PID 3176 wrote to memory of 2256	3176	Unicorn-3606.exe	100
PID 3176 wrote to memory of 2256	3176	Unicorn-3606.exe	100
PID 3176 wrote to memory of 2256	3176	Unicorn-3606.exe	100
PID 1676 wrote to memory of 408	1676	Unicorn-653.exe	99
PID 1676 wrote to memory of 408	1676	Unicorn-653.exe	99
PID 1676 wrote to memory of 408	1676	Unicorn-653.exe	99
PID 1552 wrote to memory of 3732	1552	Unicorn-39263.exe	101
PID 1552 wrote to memory of 3732	1552	Unicorn-39263.exe	101
PID 1552 wrote to memory of 3732	1552	Unicorn-39263.exe	101
PID 4532 wrote to memory of 2168	4532	Unicorn-14388.exe	102
PID 4532 wrote to memory of 2168	4532	Unicorn-14388.exe	102
PID 4532 wrote to memory of 2168	4532	Unicorn-14388.exe	102
PID 1964 wrote to memory of 4576	1964	Unicorn-47431.exe	103
PID 1964 wrote to memory of 4576	1964	Unicorn-47431.exe	103
PID 1964 wrote to memory of 4576	1964	Unicorn-47431.exe	103
PID 3440 wrote to memory of 2540	3440	Unicorn-3606.exe	104
PID 3440 wrote to memory of 2540	3440	Unicorn-3606.exe	104
PID 3440 wrote to memory of 2540	3440	Unicorn-3606.exe	104
PID 1704 wrote to memory of 2320	1704	Unicorn-31214.exe	105
PID 1704 wrote to memory of 2320	1704	Unicorn-31214.exe	105
PID 1704 wrote to memory of 2320	1704	Unicorn-31214.exe	105
PID 532 wrote to memory of 872	532	3dc4b67cbd7b1496a940e3dc11d844a58c4d4a92e2bafe77912e2bedabb1ae78N.exe	106
PID 532 wrote to memory of 872	532	3dc4b67cbd7b1496a940e3dc11d844a58c4d4a92e2bafe77912e2bedabb1ae78N.exe	106
PID 532 wrote to memory of 872	532	3dc4b67cbd7b1496a940e3dc11d844a58c4d4a92e2bafe77912e2bedabb1ae78N.exe	106
PID 1956 wrote to memory of 4304	1956	Unicorn-11613.exe	107

C:\Users\Admin\AppData\Local\Temp\3dc4b67cbd7b1496a940e3dc11d844a58c4d4a92e2bafe77912e2bedabb1ae78N.exe
"C:\Users\Admin\AppData\Local\Temp\3dc4b67cbd7b1496a940e3dc11d844a58c4d4a92e2bafe77912e2bedabb1ae78N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7358.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7358.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3606.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47431.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16028.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18436.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64315.exe
        8⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe
        9⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12907.exe
        10⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28603.exe
        11⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26306.exe
        10⤵
        
        PID:15140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20144.exe
        10⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33882.exe
        9⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48402.exe
        9⤵
        
        PID:14812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17201.exe
        9⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10313.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30427.exe
        8⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        8⤵
        
        PID:16888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-987.exe
        8⤵
        
        PID:16872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49907.exe
        8⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41242.exe
        7⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
        8⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        9⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44458.exe
        9⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51107.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:17036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24872.exe
        9⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
        8⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        8⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58450.exe
        7⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16380.exe
        8⤵
        
        PID:12264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4856.exe
        8⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16177.exe
        7⤵
        
        PID:11680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55747.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9795.exe
        7⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36516.exe
        8⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44819.exe
        9⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2065.exe
        9⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23323.exe
        9⤵
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4066.exe
        8⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1371.exe
        9⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44283.exe
        9⤵
        
        PID:16828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27672.exe
        9⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47618.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54267.exe
        8⤵
        
        PID:14796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50387.exe
        7⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8195.exe
        8⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58891.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25217.exe
        7⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3914.exe
        7⤵
        
        PID:14948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        6⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14507.exe
        7⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28260.exe
        8⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62316.exe
        9⤵
        
        PID:14612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1441.exe
        9⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5922.exe
        8⤵
        
        PID:12600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49953.exe
        8⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        7⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21106.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36451.exe
        7⤵
        
        PID:11580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6562.exe
        6⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
        7⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23500.exe
        8⤵
        
        PID:16636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38714.exe
        8⤵
        
        PID:17160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        8⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51667.exe
        7⤵
        
        PID:14052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26330.exe
        7⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22225.exe
        6⤵
        
        PID:10044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14331.exe
        6⤵
        
        PID:16760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20481.exe
        6⤵
        
        PID:16152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5913.exe
        6⤵
        
        PID:7972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36810.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25644.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36028.exe
        7⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14507.exe
        8⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63724.exe
        9⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50956.exe
        10⤵
        
        PID:11328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28906.exe
        10⤵
        
        PID:16152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27058.exe
        10⤵
        
        PID:16420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63571.exe
        9⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22849.exe
        9⤵
        
        PID:16640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17969.exe
        9⤵
        
        PID:12216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48658.exe
        8⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1314.exe
        8⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-361.exe
        8⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52499.exe
        7⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34346.exe
        8⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40130.exe
        8⤵
        
        PID:13880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9865.exe
        8⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21849.exe
        7⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24667.exe
        7⤵
        
        PID:12704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33673.exe
        7⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41050.exe
        6⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56884.exe
        7⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20132.exe
        9⤵
        
        PID:14672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20514.exe
        9⤵
        
        PID:17148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        8⤵
        
        PID:12120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2056.exe
        8⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39250.exe
        7⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
        7⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17081.exe
        7⤵
        
        PID:10028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34905.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11923.exe
        7⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34512.exe
        7⤵
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12338.exe
        6⤵
        
        PID:4792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32529.exe
        6⤵
        
        PID:12272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16914.exe
        6⤵
        
        PID:16004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11921.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20844.exe
        6⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        7⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
        8⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        8⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1330.exe
        8⤵
        
        PID:17140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16666.exe
        7⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21682.exe
        7⤵
        
        PID:13856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61627.exe
        6⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        7⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        7⤵
        
        PID:14988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64354.exe
        7⤵
        
        PID:17136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49761.exe
        7⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47618.exe
        6⤵
        
        PID:10296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54267.exe
        6⤵
        
        PID:14732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60075.exe
        5⤵
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7107.exe
        6⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11923.exe
        7⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61947.exe
        7⤵
        
        PID:14224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        7⤵
        
        PID:10476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
        6⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55684.exe
        7⤵
        
        PID:15292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        6⤵
        
        PID:11356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49633.exe
        6⤵
        
        PID:15452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22785.exe
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53164.exe
        6⤵
        
        PID:9396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
        6⤵
        
        PID:13888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33040.exe
        6⤵
        
        PID:11116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20690.exe
        5⤵
        
        PID:9744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55260.exe
        5⤵
        
        PID:14484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4512.exe
        5⤵
        
        PID:7420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11613.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9587.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9499.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42114.exe
        7⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14523.exe
        8⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64132.exe
        9⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22274.exe
        9⤵
        
        PID:16704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62419.exe
        8⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6897.exe
        8⤵
        
        PID:16340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26522.exe
        8⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27521.exe
        7⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9954.exe
        7⤵
        
        PID:12432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14905.exe
        7⤵
        
        PID:12772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33763.exe
        7⤵
        
        PID:10724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8954.exe
        6⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        7⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45468.exe
        8⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
        8⤵
        
        PID:13220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46394.exe
        8⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20081.exe
        8⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        7⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40514.exe
        7⤵
        
        PID:13988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34905.exe
        6⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46916.exe
        7⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe
        7⤵
        
        PID:14192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40106.exe
        7⤵
        
        PID:15988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        7⤵
        
        PID:10784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21194.exe
        6⤵
        
        PID:9416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
        6⤵
        
        PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30282.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44772.exe
        6⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        7⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
        8⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61947.exe
        8⤵
        
        PID:14240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
        8⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39250.exe
        7⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
        7⤵
        
        PID:15160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2473.exe
        7⤵
        
        PID:9088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44715.exe
        6⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15395.exe
        7⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49659.exe
        7⤵
        
        PID:15048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        7⤵
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47042.exe
        6⤵
        
        PID:9900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65403.exe
        6⤵
        
        PID:16676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36544.exe
        6⤵
        
        PID:8432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29897.exe
        5⤵
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46412.exe
        6⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31436.exe
        7⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2746.exe
        7⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17073.exe
        7⤵
        
        PID:15960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exe
        6⤵
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63068.exe
        7⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3338.exe
        7⤵
        
        PID:15972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41946.exe
        6⤵
        
        PID:10304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62539.exe
        6⤵
        
        PID:15080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38467.exe
        5⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46916.exe
        6⤵
        
        PID:9508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe
        6⤵
        
        PID:14184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43178.exe
        6⤵
        
        PID:380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42361.exe
        6⤵
        
        PID:10676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53562.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40308.exe
        6⤵
        
        PID:15780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6345.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38194.exe
        5⤵
        
        PID:14476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49587.exe
        5⤵
        
        PID:13556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11817.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
        6⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7107.exe
        7⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29354.exe
        8⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4281.exe
        8⤵
        
        PID:12540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
        8⤵
        
        PID:17096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2473.exe
        8⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        7⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17842.exe
        7⤵
        
        PID:13380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8792.exe
        7⤵
        
        PID:13040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34817.exe
        6⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
        7⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        7⤵
        
        PID:16616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50258.exe
        7⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
        6⤵
        
        PID:10660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48290.exe
        6⤵
        
        PID:15872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
        5⤵
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5099.exe
        6⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20092.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54547.exe
        7⤵
        
        PID:10144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
        6⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11491.exe
        7⤵
        
        PID:17104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
        7⤵
        
        PID:7312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59939.exe
        6⤵
        
        PID:13996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33872.exe
        6⤵
        
        PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32601.exe
        5⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43652.exe
        6⤵
        
        PID:456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57530.exe
        6⤵
        
        PID:14512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33986.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23299.exe
        5⤵
        
        PID:10236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
        5⤵
        
        PID:1384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33417.exe
        5⤵
        
        PID:11184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3178.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3739.exe
        5⤵
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48140.exe
        6⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24036.exe
        7⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7547.exe
        8⤵
        
        PID:16916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49187.exe
        8⤵
        
        PID:16128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
        8⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35714.exe
        7⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51065.exe
        7⤵
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37906.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58683.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
        6⤵
        
        PID:13020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50330.exe
        6⤵
        
        PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20594.exe
        5⤵
        
        PID:6924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
        6⤵
        
        PID:10668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        6⤵
        
        PID:14804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58426.exe
        6⤵
        
        PID:8832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17250.exe
        5⤵
        
        PID:11812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
        5⤵
        
        PID:16756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-634.exe
        5⤵
        
        PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59763.exe
        5⤵
        
        PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37569.exe
      4⤵
      PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        5⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
        6⤵
        
        PID:10944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        6⤵
        
        PID:16712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36698.exe
        6⤵
        
        PID:9264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43770.exe
        5⤵
        
        PID:9644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6985.exe
        5⤵
        
        PID:14468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1441.exe
        5⤵
        
        PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54299.exe
      4⤵
      PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
        5⤵
        
        PID:8516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20132.exe
        6⤵
        
        PID:14704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47954.exe
        6⤵
        
        PID:10680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57530.exe
        5⤵
        
        PID:14572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1441.exe
        5⤵
        
        PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15163.exe
      4⤵
      PID:10200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33729.exe
      4⤵
      PID:14404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
      4⤵
      PID:3320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-653.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-653.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4522.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3459.exe
        7⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38082.exe
        8⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44636.exe
        9⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        8⤵
        
        PID:11448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33114.exe
        8⤵
        
        PID:17152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58611.exe
        8⤵
        
        PID:17076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34817.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30427.exe
        7⤵
        
        PID:12168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32779.exe
        7⤵
        
        PID:15512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31450.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38924.exe
        7⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27300.exe
        8⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61947.exe
        8⤵
        
        PID:14232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13018.exe
        7⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17236.exe
        8⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19657.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19913.exe
        6⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17324.exe
        7⤵
        
        PID:11940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
        6⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21860.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56485.exe
        7⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45602.exe
        6⤵
        
        PID:14728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21450.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44995.exe
        6⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-683.exe
        7⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        8⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21770.exe
        7⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58402.exe
        7⤵
        
        PID:16796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10074.exe
        7⤵
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19545.exe
        6⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40308.exe
        7⤵
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55802.exe
        7⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10146.exe
        6⤵
        
        PID:12524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12524 -s 464
        7⤵
        Program crash
        
        PID:13840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37978.exe
        5⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14523.exe
        6⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13218.exe
        6⤵
        
        PID:10108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58298.exe
        6⤵
        
        PID:16724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1633.exe
        6⤵
        
        PID:9620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33387.exe
        5⤵
        
        PID:8408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25212.exe
        6⤵
        
        PID:12060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
        6⤵
        
        PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1289.exe
        5⤵
        
        PID:12424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28760.exe
        5⤵
        
        PID:9424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60252.exe
        6⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
        7⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        8⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
        8⤵
        
        PID:16764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25505.exe
        8⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
        7⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-161.exe
        7⤵
        
        PID:15012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26010.exe
        7⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61627.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5331.exe
        7⤵
        
        PID:14956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55890.exe
        7⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17250.exe
        6⤵
        
        PID:11836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46056.exe
        6⤵
        
        PID:9768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40770.exe
        5⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38082.exe
        6⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        6⤵
        
        PID:12140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33114.exe
        6⤵
        
        PID:13840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43427.exe
        6⤵
        
        PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58450.exe
        5⤵
        
        PID:668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23564.exe
        6⤵
        
        PID:10216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51963.exe
        6⤵
        
        PID:15044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16177.exe
        5⤵
        
        PID:11672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55979.exe
        5⤵
        
        PID:16136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58540.exe
        5⤵
        
        PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62929.exe
        5⤵
        
        PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52276.exe
        5⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49204.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        7⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        7⤵
        
        PID:16704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11769.exe
        6⤵
        
        PID:10460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6121.exe
        6⤵
        
        PID:14412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21658.exe
        5⤵
        
        PID:8028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33380.exe
        6⤵
        
        PID:12096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35506.exe
        5⤵
        
        PID:11564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        5⤵
        
        PID:16836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42386.exe
      4⤵
      PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7315.exe
        5⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63219.exe
        6⤵
        
        PID:16272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36097.exe
        6⤵
        
        PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55211.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-649.exe
        5⤵
        
        PID:16776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35658.exe
      4⤵
      PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
        5⤵
        
        PID:15144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
        5⤵
        
        PID:8792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe
      4⤵
      PID:12128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25348.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26324.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
        6⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44212.exe
        7⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        7⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
        7⤵
        
        PID:16420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49633.exe
        7⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        6⤵
        
        PID:8392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11209.exe
        6⤵
        
        PID:13116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14523.exe
        6⤵
        
        PID:7820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54251.exe
        6⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23233.exe
        6⤵
        
        PID:16360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33538.exe
        6⤵
        
        PID:10888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19353.exe
        5⤵
        
        PID:8372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16010.exe
        5⤵
        
        PID:12332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14507.exe
        5⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16724.exe
        6⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        7⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31977.exe
        7⤵
        
        PID:14980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59002.exe
        7⤵
        
        PID:9616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
        6⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57530.exe
        6⤵
        
        PID:14424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40106.exe
        6⤵
        
        PID:13032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45011.exe
        5⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31977.exe
        6⤵
        
        PID:15288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40794.exe
        5⤵
        
        PID:11104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39275.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17664.exe
        5⤵
        
        PID:7376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6562.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64980.exe
        5⤵
        
        PID:9832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16794.exe
        5⤵
        
        PID:14992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22225.exe
      4⤵
      PID:10052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44058.exe
      4⤵
      PID:15108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17682.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26028.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
        5⤵
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31804.exe
        6⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27876.exe
        7⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31076.exe
        8⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20074.exe
        8⤵
        
        PID:14668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        7⤵
        
        PID:12512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        7⤵
        
        PID:16916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39250.exe
        6⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46379.exe
        6⤵
        
        PID:13972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34817.exe
        5⤵
        
        PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46763.exe
        5⤵
        
        PID:12200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        5⤵
        
        PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18.exe
      4⤵
      PID:1128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        5⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38564.exe
        7⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4490.exe
        7⤵
        
        PID:15836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51857.exe
        7⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
        6⤵
        
        PID:11016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        6⤵
        
        PID:16736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17201.exe
        6⤵
        
        PID:6472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39250.exe
        5⤵
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5730.exe
        5⤵
        
        PID:14020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26977.exe
        5⤵
        
        PID:11444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34905.exe
      4⤵
      PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14443.exe
        5⤵
        
        PID:11240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20058.exe
        5⤵
        
        PID:16092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21808.exe
        5⤵
        
        PID:8948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62227.exe
      4⤵
      PID:9228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
      4⤵
      PID:14888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60050.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-122.exe
      4⤵
      PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14523.exe
        5⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59420.exe
        6⤵
        
        PID:12456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21226.exe
        6⤵
        
        PID:14400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58810.exe
        6⤵
        
        PID:9964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62419.exe
        5⤵
        
        PID:10232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6897.exe
        5⤵
        
        PID:16348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57722.exe
        5⤵
        
        PID:7364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46355.exe
      4⤵
      PID:8768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58186.exe
      4⤵
      PID:13512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42507.exe
      4⤵
      PID:13320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51787.exe
    3⤵
    PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64668.exe
      4⤵
      PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3947.exe
        5⤵
        
        PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61947.exe
        5⤵
        
        PID:14216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11497.exe
        5⤵
        
        PID:9316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
      4⤵
      PID:8692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18801.exe
      4⤵
      PID:13208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27755.exe
      4⤵
      PID:15992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49057.exe
      4⤵
      PID:7340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8323.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8323.exe
    3⤵
    PID:7128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53164.exe
      4⤵
      PID:9436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7915.exe
        5⤵
        
        PID:9148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29953.exe
      4⤵
      PID:14156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2361.exe
      4⤵
      PID:16884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32561.exe
    3⤵
    PID:756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28394.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28394.exe
    3⤵
    PID:14436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11997.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11997.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3606.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3606.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4522.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57844.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
        7⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        8⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3603.exe
        9⤵
        
        PID:14896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50258.exe
        9⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22921.exe
        8⤵
        
        PID:10356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        8⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        8⤵
        
        PID:16100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        7⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57308.exe
        8⤵
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48386.exe
        7⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29753.exe
        7⤵
        
        PID:16900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
        7⤵
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40386.exe
        6⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47092.exe
        7⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46916.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe
        8⤵
        
        PID:14068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21192.exe
        8⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52707.exe
        7⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-161.exe
        7⤵
        
        PID:15412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26010.exe
        7⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58450.exe
        6⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44996.exe
        7⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
        7⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29552.exe
        7⤵
        
        PID:8336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exe
        6⤵
        
        PID:9856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37241.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5306.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44995.exe
        6⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2131.exe
        7⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48491.exe
        7⤵
        
        PID:12848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
        7⤵
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
        7⤵
        
        PID:9232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29353.exe
        6⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32908.exe
        7⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38714.exe
        7⤵
        
        PID:16596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62225.exe
        7⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46379.exe
        6⤵
        
        PID:13944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54506.exe
        5⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7211.exe
        6⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9067.exe
        7⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34306.exe
        7⤵
        
        PID:12036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60586.exe
        6⤵
        
        PID:11768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56635.exe
        5⤵
        
        PID:7192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39516.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49659.exe
        6⤵
        
        PID:15092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53291.exe
        5⤵
        
        PID:16236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44619.exe
        5⤵
        
        PID:9200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13059.exe
        5⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64668.exe
        6⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56900.exe
        7⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16276.exe
        8⤵
        
        PID:12384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12616.exe
        8⤵
        
        PID:15304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        7⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27073.exe
        7⤵
        
        PID:13228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64034.exe
        6⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1299.exe
        7⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52243.exe
        6⤵
        
        PID:13744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9072.exe
        6⤵
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34817.exe
        5⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        6⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31977.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
        5⤵
        
        PID:10064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55498.exe
        5⤵
        
        PID:16204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
      4⤵
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29412.exe
        5⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
        6⤵
        
        PID:8696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51667.exe
        6⤵
        
        PID:13980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        6⤵
        
        PID:13040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41706.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45115.exe
        5⤵
        
        PID:9808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13809.exe
        5⤵
        
        PID:14744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57538.exe
        5⤵
        
        PID:6936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15570.exe
      4⤵
      PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49628.exe
        5⤵
        
        PID:12720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8154.exe
        5⤵
        
        PID:15624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37564.exe
      4⤵
      PID:9272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33729.exe
      4⤵
      PID:14492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39953.exe
      4⤵
      PID:8656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11613.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40340.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4123.exe
        6⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14699.exe
        7⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14523.exe
        8⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
        9⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:14808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8713.exe
        9⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35034.exe
        8⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18225.exe
        8⤵
        
        PID:15812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5618.exe
        7⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10145.exe
        7⤵
        
        PID:12340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42410.exe
        6⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43060.exe
        7⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55476.exe
        8⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20250.exe
        8⤵
        
        PID:15728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe
        8⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53099.exe
        7⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7473.exe
        7⤵
        
        PID:14364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51642.exe
        6⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42700.exe
        7⤵
        
        PID:12468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49835.exe
        6⤵
        
        PID:12688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
        5⤵
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15187.exe
        6⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        7⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        7⤵
        
        PID:16696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11482.exe
        6⤵
        
        PID:9984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63586.exe
        6⤵
        
        PID:14960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        6⤵
        
        PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1377.exe
        5⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47300.exe
        6⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58787.exe
        6⤵
        
        PID:14452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12680.exe
        6⤵
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47427.exe
        5⤵
        
        PID:10584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        5⤵
        
        PID:15824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30666.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60724.exe
        5⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
        6⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
        7⤵
        
        PID:12148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39169.exe
        7⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56362.exe
        6⤵
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45907.exe
        6⤵
        
        PID:15388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42897.exe
        6⤵
        
        PID:14916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
        5⤵
        
        PID:8088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28108.exe
        6⤵
        
        PID:14788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3553.exe
        6⤵
        
        PID:11424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41371.exe
        5⤵
        
        PID:11552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56706.exe
      4⤵
      PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        5⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40564.exe
        6⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46916.exe
        7⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe
        7⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4664.exe
        7⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52139.exe
        6⤵
        
        PID:10468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33985.exe
        6⤵
        
        PID:15716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28338.exe
        6⤵
        
        PID:9560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55866.exe
        5⤵
        
        PID:9048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52243.exe
        5⤵
        
        PID:13760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
        5⤵
        
        PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23849.exe
      4⤵
      PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20132.exe
        5⤵
        
        PID:14684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5226.exe
      4⤵
      PID:12160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33740.exe
      4⤵
      PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62059.exe
      4⤵
      PID:16544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52658.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50532.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3547.exe
        5⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        6⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22066.exe
        7⤵
        
        PID:12736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49569.exe
        7⤵
        
        PID:11260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45123.exe
        6⤵
        
        PID:10400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29362.exe
        6⤵
        
        PID:16960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58075.exe
        6⤵
        
        PID:8440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61627.exe
        5⤵
        
        PID:7040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13883.exe
        6⤵
        
        PID:15556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-914.exe
        5⤵
        
        PID:11760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23313.exe
        5⤵
        
        PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24946.exe
        5⤵
        
        PID:16572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49307.exe
        5⤵
        
        PID:7992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42970.exe
      4⤵
      PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        5⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41460.exe
        6⤵
        
        PID:12316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37313.exe
        6⤵
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58042.exe
        6⤵
        
        PID:11168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22921.exe
        5⤵
        
        PID:10364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe
        5⤵
        
        PID:16952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-361.exe
        5⤵
        
        PID:11152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34329.exe
      4⤵
      PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        5⤵
        
        PID:10088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31977.exe
        5⤵
        
        PID:16516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26522.exe
        5⤵
        
        PID:7588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57786.exe
      4⤵
      PID:11800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14562.exe
      4⤵
      PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18467.exe
      4⤵
      PID:15896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
      4⤵
      PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47948.exe
        5⤵
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51036.exe
        6⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        7⤵
        
        PID:14836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26138.exe
        7⤵
        
        PID:7976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12833.exe
        6⤵
        
        PID:12912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55866.exe
        5⤵
        
        PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52243.exe
        5⤵
        
        PID:13736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57801.exe
        5⤵
        
        PID:13036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21170.exe
      4⤵
      PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39516.exe
        5⤵
        
        PID:10076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49659.exe
        5⤵
        
        PID:15100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17664.exe
        5⤵
        
        PID:9876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15329.exe
      4⤵
      PID:9348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13225.exe
      4⤵
      PID:16876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37569.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37569.exe
    3⤵
    PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64668.exe
      4⤵
      PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12115.exe
        5⤵
        
        PID:7692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40284.exe
        6⤵
        
        PID:9892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60323.exe
        6⤵
        
        PID:15184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51857.exe
        6⤵
        
        PID:7388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12642.exe
        5⤵
        
        PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58298.exe
        5⤵
        
        PID:16224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59002.exe
        5⤵
        
        PID:9684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33770.exe
      4⤵
      PID:8360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
      4⤵
      PID:12476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50147.exe
      4⤵
      PID:16628
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16628 -s 84
        5⤵
        Program crash
        
        PID:7712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
      4⤵
      PID:6204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64195.exe
    3⤵
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50339.exe
      4⤵
      PID:16548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45348.exe
    3⤵
    PID:9276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
    3⤵
    PID:14588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23617.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23617.exe
    3⤵
    PID:10456
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39263.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7667.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40828.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35260.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19604.exe
        7⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41036.exe
        8⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57796.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8154.exe
        9⤵
        
        PID:16140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61457.exe
        9⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34650.exe
        8⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57530.exe
        8⤵
        
        PID:14544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17858.exe
        8⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
        8⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21658.exe
        7⤵
        
        PID:512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        8⤵
        
        PID:14692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57426.exe
        7⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19281.exe
        7⤵
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57107.exe
        6⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22780.exe
        7⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24716.exe
        8⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49244.exe
        9⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
        9⤵
        
        PID:16564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
        9⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56083.exe
        8⤵
        
        PID:12560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34961.exe
        8⤵
        
        PID:17120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57545.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59811.exe
        7⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38978.exe
        7⤵
        
        PID:13656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2361.exe
        7⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25969.exe
        6⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2539.exe
        7⤵
        
        PID:13308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60881.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57786.exe
        6⤵
        
        PID:11792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25610.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34036.exe
        6⤵
        
        PID:16544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52472.exe
        6⤵
        
        PID:16756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31730.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        6⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30948.exe
        7⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51036.exe
        8⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38964.exe
        9⤵
        
        PID:15440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64674.exe
        9⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43690.exe
        8⤵
        
        PID:12256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
        8⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33424.exe
        8⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46075.exe
        7⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43970.exe
        7⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
        7⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28283.exe
        7⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4258.exe
        6⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6075.exe
        7⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29452.exe
        8⤵
        
        PID:14536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe
        7⤵
        
        PID:14164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44282.exe
        7⤵
        
        PID:14916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1401.exe
        7⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-914.exe
        6⤵
        
        PID:11776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45186.exe
        5⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22780.exe
        6⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
        7⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        7⤵
        
        PID:15788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33107.exe
        7⤵
        
        PID:9156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11482.exe
        6⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12155.exe
        7⤵
        
        PID:15276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
        7⤵
        
        PID:8352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        6⤵
        
        PID:16660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64315.exe
        5⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17236.exe
        6⤵
        
        PID:10900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58578.exe
        6⤵
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25064.exe
        6⤵
        
        PID:11080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44242.exe
        5⤵
        
        PID:9824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
        5⤵
        
        PID:15204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9795.exe
        5⤵
        
        PID:1352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29500.exe
        6⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49204.exe
        7⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53188.exe
        8⤵
        
        PID:15196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
        8⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11769.exe
        7⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13883.exe
        8⤵
        
        PID:15580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32577.exe
        8⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28715.exe
        7⤵
        
        PID:16648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21658.exe
        6⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
        7⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        7⤵
        
        PID:14680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51026.exe
        7⤵
        
        PID:10648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50027.exe
        6⤵
        
        PID:12628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50443.exe
        6⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14344.exe
        6⤵
        
        PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42410.exe
        5⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39530.exe
        6⤵
        
        PID:8956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52243.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59810.exe
        5⤵
        
        PID:8772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41667.exe
        5⤵
        
        PID:12724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12409.exe
      4⤵
      PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29500.exe
        5⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41036.exe
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        7⤵
        
        PID:14652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52178.exe
        7⤵
        
        PID:9740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17738.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26363.exe
        7⤵
        
        PID:1904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57530.exe
        6⤵
        
        PID:14524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25441.exe
        6⤵
        
        PID:7500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21658.exe
        5⤵
        
        PID:8044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28492.exe
        6⤵
        
        PID:15020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
        6⤵
        
        PID:7848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41859.exe
        5⤵
        
        PID:12644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56474.exe
        5⤵
        
        PID:17148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62011.exe
      4⤵
      PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        5⤵
        
        PID:10276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19940.exe
        6⤵
        
        PID:14928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1825.exe
        6⤵
        
        PID:9756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31977.exe
        5⤵
        
        PID:14920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
        5⤵
        
        PID:9124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56050.exe
      4⤵
      PID:9800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15716.exe
        5⤵
        
        PID:17092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22570.exe
        5⤵
        
        PID:16804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36097.exe
        5⤵
        
        PID:7004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60011.exe
      4⤵
      PID:14736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34612.exe
      4⤵
      PID:4444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61699.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61699.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59276.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1819.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35172.exe
        6⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60771.exe
        7⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47116.exe
        8⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
        8⤵
        
        PID:16016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53329.exe
        8⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe
        7⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22939.exe
        7⤵
        
        PID:15952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17344.exe
        7⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6178.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
        7⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        7⤵
        
        PID:15116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9081.exe
        6⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
        7⤵
        
        PID:16844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48227.exe
        7⤵
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39851.exe
        6⤵
        
        PID:15740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17418.exe
        5⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6827.exe
        6⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55852.exe
        7⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18714.exe
        7⤵
        
        PID:15072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15072 -s 452
        8⤵
        Program crash
        
        PID:16544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
        7⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11290.exe
        6⤵
        
        PID:10032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63394.exe
        6⤵
        
        PID:15056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19913.exe
        5⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65284.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        6⤵
        
        PID:15268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1249.exe
        6⤵
        
        PID:8464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4474.exe
        5⤵
        
        PID:10316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45602.exe
        5⤵
        
        PID:15036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42626.exe
        5⤵
        
        PID:17120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55851.exe
      4⤵
      PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54004.exe
        5⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64684.exe
        6⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33380.exe
        7⤵
        
        PID:11932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
        6⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31977.exe
        6⤵
        
        PID:14944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49427.exe
        5⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41460.exe
        6⤵
        
        PID:9404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45889.exe
        6⤵
        
        PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2745.exe
        5⤵
        
        PID:11004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41777.exe
        5⤵
        
        PID:7996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        5⤵
        
        PID:10312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        5⤵
        
        PID:15496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
      4⤵
      PID:9652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4185.exe
      4⤵
      PID:14460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45362.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45362.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9795.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28924.exe
        5⤵
        
        PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5218.exe
        5⤵
        
        PID:7352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
        6⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34548.exe
        7⤵
        
        PID:16632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22570.exe
        7⤵
        
        PID:17096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52433.exe
        7⤵
        
        PID:16572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        6⤵
        
        PID:16720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3553.exe
        6⤵
        
        PID:12068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49730.exe
        5⤵
        
        PID:10568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52011.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64684.exe
        5⤵
        
        PID:7776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
        5⤵
        
        PID:10344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7089.exe
        5⤵
        
        PID:16264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63162.exe
      4⤵
      PID:8232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8610.exe
      4⤵
      PID:10152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36339.exe
    3⤵
    PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32380.exe
      4⤵
      PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44788.exe
        5⤵
        
        PID:7240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54547.exe
        5⤵
        
        PID:12228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
        5⤵
        
        PID:10596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17242.exe
      4⤵
      PID:8532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2657.exe
      4⤵
      PID:11808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52259.exe
      4⤵
      PID:16192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
      4⤵
      PID:6416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39314.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39314.exe
    3⤵
    PID:6456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
      4⤵
      PID:11056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
      4⤵
      PID:14592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25562.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45002.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45002.exe
    3⤵
    PID:9472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55260.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55260.exe
    3⤵
    PID:14444
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31214.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31214.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48508.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48508.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61108.exe
        5⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31804.exe
        6⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24228.exe
        7⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61179.exe
        7⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        7⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50105.exe
        7⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46843.exe
        6⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13883.exe
        7⤵
        
        PID:15568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4281.exe
        6⤵
        
        PID:12532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34817.exe
        5⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12808.exe
        6⤵
        
        PID:8756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17201.exe
        6⤵
        
        PID:10496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46763.exe
        5⤵
        
        PID:12192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43970.exe
        5⤵
        
        PID:17068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28371.exe
        5⤵
        
        PID:9552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40474.exe
      4⤵
      PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31804.exe
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        6⤵
        
        PID:8216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        6⤵
        
        PID:12268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
        6⤵
        
        PID:16624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23297.exe
        5⤵
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
        5⤵
        
        PID:14416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32521.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17993.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57308.exe
        5⤵
        
        PID:12392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42819.exe
        5⤵
        
        PID:17352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57786.exe
      4⤵
      PID:11752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23500.exe
        5⤵
        
        PID:16200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30546.exe
        5⤵
        
        PID:16940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13216.exe
        5⤵
        
        PID:5160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9147.exe
      4⤵
      PID:16132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62201.exe
      4⤵
      PID:5848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39026.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39026.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53324.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        5⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3371.exe
        6⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15716.exe
        7⤵
        
        PID:17068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52818.exe
        6⤵
        
        PID:13476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1401.exe
        6⤵
        
        PID:16812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41362.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36660.exe
        6⤵
        
        PID:15164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23146.exe
        6⤵
        
        PID:17352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        5⤵
        
        PID:11848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18392.exe
        5⤵
        
        PID:5308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61627.exe
      4⤵
      PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14443.exe
        5⤵
        
        PID:11064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
        5⤵
        
        PID:16000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
        5⤵
        
        PID:8060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17250.exe
      4⤵
      PID:11820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31971.exe
      4⤵
      PID:17064
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17064 -s 80
        5⤵
        Program crash
        
        PID:8272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54210.exe
    3⤵
    PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64668.exe
      4⤵
      PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-683.exe
        5⤵
        
        PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21770.exe
        5⤵
        
        PID:11540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58018.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
      4⤵
      PID:8580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17842.exe
      4⤵
      PID:13372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34920.exe
      4⤵
      PID:4420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23859.exe
    3⤵
    PID:6864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
      4⤵
      PID:10352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40146.exe
      4⤵
      PID:15064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36506.exe
      4⤵
      PID:9488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
    3⤵
    PID:5060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29066.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29066.exe
    3⤵
    PID:14848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15073.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15073.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3443.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3443.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11715.exe
      4⤵
      PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6562.exe
        5⤵
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17236.exe
        6⤵
        
        PID:12008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26330.exe
        6⤵
        
        PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9081.exe
        5⤵
        
        PID:10548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39851.exe
        5⤵
        
        PID:15752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8536.exe
        5⤵
        
        PID:8320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34817.exe
      4⤵
      PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42547.exe
        5⤵
        
        PID:11628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46763.exe
      4⤵
      PID:12208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
      4⤵
      PID:4684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26634.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26634.exe
    3⤵
    PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
      4⤵
      PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46916.exe
        5⤵
        
        PID:9496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
        5⤵
        
        PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28970.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-161.exe
      4⤵
      PID:14384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
      4⤵
      PID:2736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9825.exe
    3⤵
    PID:7000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57786.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57786.exe
    3⤵
    PID:11784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30898.exe
    3⤵
    PID:15904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42012.exe
    3⤵
    PID:15532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35346.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35346.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3739.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3739.exe
    3⤵
    PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23060.exe
      4⤵
      PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
        5⤵
        
        PID:6708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22762.exe
        6⤵
        
        PID:16908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61073.exe
        6⤵
        
        PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        5⤵
        
        PID:12584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        5⤵
        
        PID:15920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18392.exe
        5⤵
        
        PID:1508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39250.exe
      4⤵
      PID:760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5730.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
      4⤵
      PID:15512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16889.exe
      4⤵
      PID:12508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10698.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10698.exe
    3⤵
    PID:6928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43652.exe
      4⤵
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15716.exe
        5⤵
        
        PID:14400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
        5⤵
        
        PID:16680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29552.exe
        5⤵
        
        PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57530.exe
      4⤵
      PID:14628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17433.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17433.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
    3⤵
    PID:14972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1129.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1129.exe
    3⤵
    PID:2752
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38100.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38100.exe
  2⤵
  PID:3812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39780.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39780.exe
    3⤵
    PID:6084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44212.exe
      4⤵
      PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25212.exe
        5⤵
        
        PID:11900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34945.exe
      4⤵
      PID:11360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
      4⤵
      PID:16580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34920.exe
      4⤵
      PID:960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31081.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31081.exe
    3⤵
    PID:9024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
    3⤵
    PID:15084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17337.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17337.exe
    3⤵
    PID:6220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
  2⤵
  PID:6788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
    3⤵
    PID:13276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40129.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40129.exe
    3⤵
    PID:2544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45482.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45482.exe
  2⤵
  PID:10968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57675.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57675.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:15940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 12524 -ip 12524
1⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 15020 -ip 15020
1⤵
PID:17064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 16628 -ip 16628
1⤵
PID:2708

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11613.exe

Filesize
468KB

MD5
37826e2c12258e3e061fe8c63b26993e

SHA1
d1f69e4d3029ba6ad50309ca4ba4a7913c783fe6

SHA256
f8b64545cb237fb8315c46673f75bfc5b963c1b0d28a0bf961b6ddc9659b60aa

SHA512
65ef9d661ae56960117ff1d6ead769610ed10807db1b42f5171bcfbcd26a94d95e588c73f6ec1dd1a4c00264934e7e3e55de970844ccade5ba5dd44b6ae5a4f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11817.exe

Filesize
468KB

MD5
556830924d7c81b4974d9b6d7f20b384

SHA1
b1c4e76c0383e88ea6e54df6cb88805b6aa027b8

SHA256
c72067874d0127ff0260ffef00cefe1162e9fa709343a89f6c06ede7d65ed41a

SHA512
f53bd0a94918c75342c8a5499fe0eaee7ed88ce1c61762b197ca8227cf65515dd49086ad3b6f246791f229ccd4bdc780c30d5d5a9223dff245a4a186f713d2d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11997.exe

Filesize
468KB

MD5
4481f293a817db3be8a190d7ba30e26a

SHA1
238dda7a86b2ea831d1b8a726d737cd77bcc8f2a

SHA256
7c05ef28df6043e2554c7019c1d9b471bf495ea01457831755f0a41355334a81

SHA512
c25c5667acb40c468b59634729c06883a17945c53bf350a35c1502d8a79ac44ff15e2b07034892b6ad4a29fa4881ee50e837215fcc31bc0b54f36a51481b2e98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe

Filesize
468KB

MD5
ed3c5ab04cb10484d24538cbabc71a02

SHA1
5fceb565dcc481d18c44d8c7f853fc888edc3e1b

SHA256
1f8d2d400b8767ae0e4c193eac3949f4b289647ee5757534b5ebe474faab2b36

SHA512
2660abefb55bad3cbe11dc1fe78cd65d58ca3138de3dd90f97978d164daa25488b23945406d36c166c559ffb9b96eee70e2c75bb8c9cbd026f31706584ab28d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15073.exe

Filesize
468KB

MD5
c827750b564ed4c2dbb06bb94096d1e0

SHA1
43a3124adcfcce46f1cc01e987aaaf61433ff28b

SHA256
aa54013129a04d835510848dae053077e6264a3353904baac124a982d5cfd5f7

SHA512
9e7c664e1651a146e1afddeb054678da31936f9be6f5f99c5bfa46a3a0169ed92fee3dbbaaf4f88d9608c44193e21930ef01f81916b12c12fd8731361ef0727a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16028.exe

Filesize
468KB

MD5
54d18bc025865bcae751b7b2acca52f7

SHA1
14578564e10cfd0614d06560ca7e520c09031ffe

SHA256
72bbfdd64e6f9ad9afdf362be0f2b5e997f158def6d8cb237545f789a666df01

SHA512
1a1acbb71582aae5125af38d54ddcd2a7006fe772e4f72d861d1854fcb10171ada855deec90b39d1b3aa654c635ab5339da1cb9b5f597aa03e0c884f007fa740

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe

Filesize
468KB

MD5
2267e0c7a76d689955959b19fcdff6bf

SHA1
d64de495b77ba77d9e7fd1ff0020138ca2f0e67e

SHA256
e6fbb650a4efa38667cd68953efacca5033f573589429add43883891776c3f3a

SHA512
fe206ecd7e9ca4a4eab303cd8475a74c11310f24e968a53ec391a5f6e84858e386c64f5322946146f6f4cfeb8f8e0d2a274a80fde7bb64d078c683ab0015a9bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17682.exe

Filesize
468KB

MD5
8e8c07ae2fef88fbbd62fd658c604137

SHA1
6ac65a066b82542645c0ef89615ba5d8c96f0a67

SHA256
a9c1a7d05d71761ee3c33749de9781109c0af4510ff3255d5844d36eda653c6d

SHA512
8a63f66471b3a6ee586ff756e2132611a5e53732350bf85c56bd2ee9adf9ed7c615655dd2da97af5e78e2dd3179febcea356207d8d52acbdc601d33b5591fc1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21682.exe

Filesize
468KB

MD5
3670ac98dbcba221624dcbf78ada140d

SHA1
ce04b4a98303d5b7cc4f1b1dfa932c26ca71de78

SHA256
dae40039d1f41fea93c502f9b59e3bf0b8b51a1cf47142e4bed09229a4f07be5

SHA512
e2affd2ca84a164ba7abb27e79987f6ad25c8906d51c7f7fac8eeec2ffaea8b9e963526143928d1644ed1e58c52be1fea4684b1604bbdfcbef9e395d5c6a9620

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25348.exe

Filesize
468KB

MD5
08be91d70a9744e6f89aa8ddf03f175c

SHA1
38490acabf8d5938dff822ce7da724ef6a562585

SHA256
f8edae9fe22c17b2a6db129bf99ea0594b83e775824d76c4e091d2b90ffc245b

SHA512
ea9cf1dffa635883b65cd873daf6212a0676710ecf735eade2c43f644ad35871ec9836e20da989678a89c37a1f90e001fe8290b44c065a12b1ee4427c527e84d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2746.exe

Filesize
468KB

MD5
782afc6a43fed9f08e45f06cb60cdf86

SHA1
2db382ec02ae4858561405f8aad10271da0e0187

SHA256
733233e11564b49cb72783ed7309900ccf6d75b7bc2bb988402825bb6e86e644

SHA512
3bb3e20d776642116a629af2030ef0b62b30dc87c7324d3b36ff3e9d77e1bc1c4560b7a15dda1144980214b1a55b2a621a7b67884479fa3278681f8b091f6ba9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe

Filesize
468KB

MD5
983cc19ff3ef74132eecdd930cf3906e

SHA1
5a54d845aa3ebbb37228a872efb4f5562e45140b

SHA256
b586914e7831319ff9a82c6044f223dc04ef2f81a0e2b120a92e0da4386d1f07

SHA512
0d5f9c8f9be84e042c0bf72ee161dfac80d4e3cad7cd3643e419197ac98ca477ad753b4fdcfe15be229ddbfae5c1498ff7bfcaf291d67d0be16a4b8cbba24897

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe

Filesize
468KB

MD5
423f4cdb928acbe58610eb3101aadd3f

SHA1
92c866b233415e62e088f319d574c6dea2c4a500

SHA256
1e0b1c239328890898245764a29cc6db979973aa7dc79e9bd1b5797ced548b17

SHA512
c6c9f830e32c103f00eeb8fb96d05eb476905db6fec8f00a3cad4270913fd3cf0baed7822daac6f08e54b726e20e00e514c6557f1cf5fdc42740659661159337

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31214.exe

Filesize
468KB

MD5
ba9d2063128af1794ef8b6dd517f9718

SHA1
0df22387ea31a0d736ccb471ce5cb305458aa36c

SHA256
19d3829fca4c96cb3e1c2ea5b4556be483a3b7ebc30f37431cefe4a249dff0c8

SHA512
83af107323ed747d0f1633e073fb7efdad318f536cd5cd9d005b4b43327ca113d9633f384c9a7e35ac2f9cc4a9314b3a6edb196225a8c163b2bb7d43667eaef4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3606.exe

Filesize
468KB

MD5
e61221f49be1668d4e7d25d883e2818f

SHA1
3fc67afc5bcdbb6d7a902dd3a82876fa017b0632

SHA256
24954b2ef6786adde1e1edee2d95cb827cfbb83b6a7e9044e3b7bb7fb2d293be

SHA512
d7fd4fe2908d55585a3b38f6f1984ea02643918144fff4f01908acae91a306aeeee449ed6065b2940cdbc3dc64392a87cd3b18fffb0c6a6b9c129037aa57ae91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36810.exe

Filesize
468KB

MD5
3aec6fabc37a3cd0b4047125bdde8e0d

SHA1
f15935fdde5ea5b9615b73591831c36363a096df

SHA256
994006eb8a00cf94f83f99c0d0511e0b729a5b492fbaa7d8e6383dcbc62fd240

SHA512
7dca2ba65e44953d0309727dd3d1570995ac83af0c06bb854fb623ebaf032c4d869a1310cacb5c243c73eae10c426f3598ace09ecc77a72595a690d357c4966d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39263.exe

Filesize
468KB

MD5
82b4ce0cb7051a92e27b9ca25be15a2b

SHA1
5e561da86ecf85e439e3111c04384b741576167f

SHA256
a74bf6b431dec9203bb379706b79849de4c457b1b24174238cdc5f71f51421f2

SHA512
7fed49dcc2b9be6e490b20e9326f8c4b6e09a0ee00a222512d1c72f6bab879af069144a9a0dfaf71b8bef65567d65619532ed3a95c1c12316c326a55447876bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40340.exe

Filesize
468KB

MD5
091b6d3c60ae9d02e2b12e2e534ef3b8

SHA1
47e5180ba1de56924507a6f3b7a291f44724ffcf

SHA256
7a51178a2e0b30df84f520409cb07004796171422139f2996e47f03f6b8f6d7a

SHA512
ed662c5a5a8b583f9b1aff0de5cacddc023ecd1a7674122197ebe779a41ba4f5cf1573a1fa369eb8ec77538809b8a8e2c544d52aaf1aeed628cf86d4be0cb0b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe

Filesize
468KB

MD5
2440f8c49fa1230bb262a1d112dcf18b

SHA1
1aeaba445679bf66c0063a9295a8776f3447efc2

SHA256
9beb06b37590af0b5df5b9c66e6a66e1d09eb3d62a51e3c4735782462dca0426

SHA512
49613e28b373b548316c546ae1d2381d35d90f7fff78ad5d8155ef741a601a6c41fbac5170d67c01c69bc9cf5f7b0e5e875353503538f5471548989d53b6ac19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40828.exe

Filesize
468KB

MD5
adcce0791d0bfa5abeaae0b375355fff

SHA1
59e31a100bd8ceea6ff52feb6f584be0073a1584

SHA256
2e65ab8253553211e083a68ce40c1a41fae61ae74c2a7f9b678f8f78ed2377b8

SHA512
69de2690c56d095b069a5090f07f6924807538d4bcbb24208571ce7d0051ef9cc4bd791b1621c417b6ecb2f00d630b7c55a6a012df43c648de7aaa7d1ad92447

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4522.exe

Filesize
468KB

MD5
0be1135f8376ebf3ba0f0f199615c746

SHA1
cae25ce9fc698c594c1dc97de69150c90727fac5

SHA256
2c56971f92e744a9869965837b2c8de77cfb28f2f93a2aefbcdb237cc85f3f88

SHA512
c4f68a4bfccd4ac6db79a94308ecc7e7606d5421b3fc2f10d7a2e1b01a86a99160295efb203d39a74f41e0f5e40c9b5f582dab2576d52910d7a8eef87c8939c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47431.exe

Filesize
468KB

MD5
5202748fb03a0a774847a6517855c0cf

SHA1
84a6fdeb085c7fa83695e5c503f6f681b4493861

SHA256
2aaf1480e47a4160f2fd5e55132ebd41797f6f41bb4e0094f2c344d34ce60ef6

SHA512
b1ae8d0a2c481b68653bc1cda6f5fcba53da56218ad8cde02d477f339e581f23e4453cc18d2817f13801142d1b0812e63ddb4567e1f92d8eb63c538a361fdc41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe

Filesize
468KB

MD5
aa4c02ffc0227f2909f7262a34b03077

SHA1
b3ca5758b2dc7a5270a7bf0ee2b69c5a3477eb36

SHA256
23e65743d71533670d36bfc2773969fe17f619d24dfce507573a4294b9e23a65

SHA512
db30be0d2a2be63d06a5c6c4f9b88d72afc86547919835ecc950f83502a4ba874abd1be9ea732a9bb924994b09c893f4c0dca48de54838b444c82d8f2d6d24bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48508.exe

Filesize
468KB

MD5
f84167a874f7dec83ceb80c294b494b0

SHA1
b25ee939d40f73297d744ff0d42efe2015dff6ea

SHA256
7a86ef400927697ee3fa528e553f5c03888625fe685a47e67b7a7686418e5d1a

SHA512
ab2acac8ce8bea01953afbe9f475f9e62b96454cf10364b3a35d0f072dc23654187d746241c89c18f1c87b1d1bb18a939c9100048e614ff4af74f7f2eb51a3a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52658.exe

Filesize
468KB

MD5
64b64c73c75644e95494f612abafdbc7

SHA1
4b743ae29a275fc7c4a9b4aef3eedf9b5bb5239e

SHA256
a782d5084ba7adf5850c1fad4bfe6178974f7980e14a8ae57f37ebbfff83a0ec

SHA512
b5d80c3aef60a36ee29bb665073755021b0d7fc7d0a0f37344ebdf6e0db6c672b498eed3cee81ce25bb576a8a5bcedc02f2e796619193d5356aec965473c78a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe

Filesize
468KB

MD5
39d3b6efd2caf702194856d487bc09d9

SHA1
17f3a14cc8df5d4b14458e45bda48e2c1e9ce716

SHA256
71887e9d55a943845f99ec93c5a6e44503b9e1572f4307b60958e5badf5f5082

SHA512
320337bbc234272f5c2ff3cb51df173b9c5cd347dd4c64da154f8a73bdb6b9028bedf62e025a0755b1f50c13b7863295e3adf80a4d5c52624f618eb45bfc97e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59276.exe

Filesize
468KB

MD5
7e310232981e4eb43ee7ecadb82cec50

SHA1
b3f80dcc66762bb97f2ed7a17383f67c669226f9

SHA256
6a4d76e538946231316c32c1c31971abc46147738fe7df72b230cdd0e0043c3a

SHA512
16058f734f86df4c13d13621b120d6eaa7c3459994f1c54c9aa8f3733a3c92114006a2da1aba4ecb521c377a626ef0306e955934439e36c4967f88d24c8fa8d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61699.exe

Filesize
468KB

MD5
acd3a587212ab8408c3b1da9f1700102

SHA1
ce21a549016fce4199d8c5db91c3aa56b44d5498

SHA256
9b90045ebda943cc337321431efe3912494aceec276914bc7089ae05aa343c37

SHA512
0aff069bc22598c2fc202ab342f71c6de0bd697b79fc4b7f157f52bf59c2dbe18bd08fd4bec8a3b4eb45d0b0f6006cccb51a41e9e9711e4a10c58c5728787710

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-653.exe

Filesize
468KB

MD5
33b89a1c21030114c299b152897a6c74

SHA1
7fe9a73b8185d06752bc23c7f2334db8f2566ff2

SHA256
becf32ee26fddb6bc7da0aabbc63b8b717f3d9af7fc54fe2a6f5daef79abe676

SHA512
ffe78b383a654139c667d7f5c228beb291f9b86bac60a7ae5a9cf534f725c06aca10ca11ffe240b9827cf9614d219e4393f45cddf6df5fe328e56e95044a5bf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7358.exe

Filesize
468KB

MD5
99d4b240a0d802a3be35494355fb9978

SHA1
0fa886ff93c8539014bc65f675ab7921d4aa592a

SHA256
5f6498ea2d6e568080ff4e36128cacdb3280cd440c26231379b069adb307df7c

SHA512
ef8c40dec94ac7e9f79c922741be27c6471e9091765c52533707a3119fa6be3d7b731fee0ab1078a06180ef8aece098584f36cd56949ff6c8eca5a05ab55c0a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7667.exe

Filesize
468KB

MD5
1a4bf60c8a9bc45ccc1bc7c334e37035

SHA1
f951fd227de1dc1bba868886a0ac0f939e44cba6

SHA256
03be31c49215367ae785b1d6ad216d1e5a412ccfb5d00f19d24b18482719b07c

SHA512
9618bcbcd7c0868ed9a7e5fb6f3e7091f16555b1068cde500fcaddfaa9959044670153028e59d7a756db5fb240b824f71de1252fce4f3968936c52e7c1901517

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9587.exe

Filesize
468KB

MD5
6b025d2138b99d671baa4c6c767bec20

SHA1
22b046b07823ded41b2ff7d8ecc145b8d6112ef4

SHA256
92f199b0ea003ff1817cdc37c53f21aab119f15b8c9f8317241ebf6c93d708ef

SHA512
9071cb46b3ef896695b7cc6b12951c2f557e9ada5625a5fda3c816fa146c53e1e745d7b150c41e01195c2e86275af8f4539a63630535daa2ecb9ead13987a208

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads