6997ce96e1b92203f1798e216db2199370fb6953fb95fcaa1f7fa602b55808b3

Analysis

max time kernel
120s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 05:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6997ce96e1b92203f1798e216db2199370fb6953fb95fcaa1f7fa602b55808b3N.exe
Size

468KB
MD5

596c61e956d282fd083449cf407ae1d0
SHA1

5dd0b5249907683f93390c92d60a0a7b202fe37d
SHA256

6997ce96e1b92203f1798e216db2199370fb6953fb95fcaa1f7fa602b55808b3
SHA512

6b8342cbfabdc55f3cb7e88994f1ffe30cb4af35d7ad21bf44e7d3d546576db2c30d9f465ff35d0a6bdd7cce874dab18002b27e4e28d8099d89f221633197949
SSDEEP

3072:7+mnogdhj28UWby9Pt3/8f8/oDhjycplPmHBNTd+A6L+YTO/XKlx:7+Wo2XUWkPF/8fkQsuA6KaO/X

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2904	Unicorn-47250.exe
640	Unicorn-59834.exe
1364	Unicorn-48137.exe
3012	Unicorn-52538.exe
3180	Unicorn-57369.exe
3632	Unicorn-11697.exe
5020	Unicorn-5567.exe
3032	Unicorn-14489.exe
4624	Unicorn-46202.exe
4908	Unicorn-45937.exe
4328	Unicorn-62730.exe
3488	Unicorn-56600.exe
3028	Unicorn-59201.exe
3016	Unicorn-13529.exe
2268	Unicorn-26144.exe
8	Unicorn-10296.exe
2712	Unicorn-30162.exe
5056	Unicorn-8537.exe
1060	Unicorn-21152.exe
1308	Unicorn-8345.exe
1852	Unicorn-14791.exe
116	Unicorn-56586.exe
3608	Unicorn-7385.exe
3620	Unicorn-23530.exe
4904	Unicorn-23530.exe
3520	Unicorn-31433.exe
2264	Unicorn-31698.exe
348	Unicorn-25567.exe
5084	Unicorn-50264.exe
1372	Unicorn-36528.exe
2828	Unicorn-39202.exe
1256	Unicorn-44033.exe
4276	Unicorn-57768.exe
5108	Unicorn-63898.exe
1800	Unicorn-32378.exe
2944	Unicorn-20680.exe
2820	Unicorn-42584.exe
876	Unicorn-24594.exe
3188	Unicorn-24594.exe
3132	Unicorn-47681.exe
2236	Unicorn-3855.exe
812	Unicorn-2393.exe
2092	Unicorn-34104.exe
3868	Unicorn-10369.exe
3192	Unicorn-58610.exe
1624	Unicorn-55081.exe
548	Unicorn-287.exe
4420	Unicorn-19999.exe
1684	Unicorn-58994.exe
3976	Unicorn-25938.exe
2728	Unicorn-50634.exe
4112	Unicorn-58802.exe
4932	Unicorn-58802.exe
880	Unicorn-19882.exe
1688	Unicorn-32880.exe
1196	Unicorn-52481.exe
4080	Unicorn-55273.exe
3648	Unicorn-16352.exe
4048	Unicorn-32880.exe
4916	Unicorn-52481.exe
3904	Unicorn-25658.exe
3112	Unicorn-30488.exe
4156	Unicorn-50354.exe
2400	Unicorn-8361.exe

Program crash 5 IoCs

pid	pid_target	Process	procid_target
9900	7212	WerFault.exe	307
10724	5640	WerFault.exe	274
15584	12516	WerFault.exe	738
15904	14068	WerFault.exe	661
15244	15904	WerFault.exe	757

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40128.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-287.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41890.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26012.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60139.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25652.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34472.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27555.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63148.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64889.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37441.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19728.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64424.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64737.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21696.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57768.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20880.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29050.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51883.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6997ce96e1b92203f1798e216db2199370fb6953fb95fcaa1f7fa602b55808b3N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14296.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47250.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52421.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13289.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25845.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24594.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53378.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42188.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43746.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55090.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53289.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30986.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41030.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59141.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	1172	dwm.exe
Token: SeChangeNotifyPrivilege	1172	dwm.exe
Token: 33	1172	dwm.exe
Token: SeIncBasePriorityPrivilege	1172	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2840	6997ce96e1b92203f1798e216db2199370fb6953fb95fcaa1f7fa602b55808b3N.exe
2904	Unicorn-47250.exe
640	Unicorn-59834.exe
1364	Unicorn-48137.exe
3012	Unicorn-52538.exe
5020	Unicorn-5567.exe
3180	Unicorn-57369.exe
3632	Unicorn-11697.exe
3032	Unicorn-14489.exe
4624	Unicorn-46202.exe
4908	Unicorn-45937.exe
3488	Unicorn-56600.exe
4328	Unicorn-62730.exe
3016	Unicorn-13529.exe
3028	Unicorn-59201.exe
2268	Unicorn-26144.exe
8	Unicorn-10296.exe
2712	Unicorn-30162.exe
5056	Unicorn-8537.exe
1060	Unicorn-21152.exe
1308	Unicorn-8345.exe
1852	Unicorn-14791.exe
3520	Unicorn-31433.exe
5084	Unicorn-50264.exe
4904	Unicorn-23530.exe
348	Unicorn-25567.exe
3608	Unicorn-7385.exe
116	Unicorn-56586.exe
3620	Unicorn-23530.exe
2264	Unicorn-31698.exe
2828	Unicorn-39202.exe
5108	Unicorn-63898.exe
1256	Unicorn-44033.exe
4276	Unicorn-57768.exe
2944	Unicorn-20680.exe
1800	Unicorn-32378.exe
2820	Unicorn-42584.exe
876	Unicorn-24594.exe
3188	Unicorn-24594.exe
3132	Unicorn-47681.exe
2236	Unicorn-3855.exe
812	Unicorn-2393.exe
2092	Unicorn-34104.exe
3868	Unicorn-10369.exe
3192	Unicorn-58610.exe
4420	Unicorn-19999.exe
1624	Unicorn-55081.exe
2884	Unicorn-41890.exe
548	Unicorn-287.exe
1684	Unicorn-58994.exe
4112	Unicorn-58802.exe
4932	Unicorn-58802.exe
880	Unicorn-19882.exe
4916	Unicorn-52481.exe
4048	Unicorn-32880.exe
1688	Unicorn-32880.exe
1196	Unicorn-52481.exe
2728	Unicorn-50634.exe
3976	Unicorn-25938.exe
4080	Unicorn-55273.exe
3648	Unicorn-16352.exe
3904	Unicorn-25658.exe
2400	Unicorn-8361.exe
2340	Unicorn-8361.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 2904	2840	6997ce96e1b92203f1798e216db2199370fb6953fb95fcaa1f7fa602b55808b3N.exe	86
PID 2840 wrote to memory of 2904	2840	6997ce96e1b92203f1798e216db2199370fb6953fb95fcaa1f7fa602b55808b3N.exe	86
PID 2840 wrote to memory of 2904	2840	6997ce96e1b92203f1798e216db2199370fb6953fb95fcaa1f7fa602b55808b3N.exe	86
PID 2904 wrote to memory of 640	2904	Unicorn-47250.exe	87
PID 2904 wrote to memory of 640	2904	Unicorn-47250.exe	87
PID 2904 wrote to memory of 640	2904	Unicorn-47250.exe	87
PID 2840 wrote to memory of 1364	2840	6997ce96e1b92203f1798e216db2199370fb6953fb95fcaa1f7fa602b55808b3N.exe	88
PID 2840 wrote to memory of 1364	2840	6997ce96e1b92203f1798e216db2199370fb6953fb95fcaa1f7fa602b55808b3N.exe	88
PID 2840 wrote to memory of 1364	2840	6997ce96e1b92203f1798e216db2199370fb6953fb95fcaa1f7fa602b55808b3N.exe	88
PID 1364 wrote to memory of 3012	1364	Unicorn-48137.exe	89
PID 1364 wrote to memory of 3012	1364	Unicorn-48137.exe	89
PID 1364 wrote to memory of 3012	1364	Unicorn-48137.exe	89
PID 2904 wrote to memory of 3180	2904	Unicorn-47250.exe	90
PID 2904 wrote to memory of 3180	2904	Unicorn-47250.exe	90
PID 2904 wrote to memory of 3180	2904	Unicorn-47250.exe	90
PID 640 wrote to memory of 3632	640	Unicorn-59834.exe	91
PID 640 wrote to memory of 3632	640	Unicorn-59834.exe	91
PID 640 wrote to memory of 3632	640	Unicorn-59834.exe	91
PID 2840 wrote to memory of 5020	2840	6997ce96e1b92203f1798e216db2199370fb6953fb95fcaa1f7fa602b55808b3N.exe	92
PID 2840 wrote to memory of 5020	2840	6997ce96e1b92203f1798e216db2199370fb6953fb95fcaa1f7fa602b55808b3N.exe	92
PID 2840 wrote to memory of 5020	2840	6997ce96e1b92203f1798e216db2199370fb6953fb95fcaa1f7fa602b55808b3N.exe	92
PID 5020 wrote to memory of 3032	5020	Unicorn-5567.exe	93
PID 5020 wrote to memory of 3032	5020	Unicorn-5567.exe	93
PID 5020 wrote to memory of 3032	5020	Unicorn-5567.exe	93
PID 3180 wrote to memory of 4624	3180	Unicorn-57369.exe	94
PID 3180 wrote to memory of 4624	3180	Unicorn-57369.exe	94
PID 3180 wrote to memory of 4624	3180	Unicorn-57369.exe	94
PID 2840 wrote to memory of 4908	2840	6997ce96e1b92203f1798e216db2199370fb6953fb95fcaa1f7fa602b55808b3N.exe	95
PID 2840 wrote to memory of 4908	2840	6997ce96e1b92203f1798e216db2199370fb6953fb95fcaa1f7fa602b55808b3N.exe	95
PID 2840 wrote to memory of 4908	2840	6997ce96e1b92203f1798e216db2199370fb6953fb95fcaa1f7fa602b55808b3N.exe	95
PID 2904 wrote to memory of 3488	2904	Unicorn-47250.exe	96
PID 2904 wrote to memory of 3488	2904	Unicorn-47250.exe	96
PID 2904 wrote to memory of 3488	2904	Unicorn-47250.exe	96
PID 3632 wrote to memory of 4328	3632	Unicorn-11697.exe	97
PID 3632 wrote to memory of 4328	3632	Unicorn-11697.exe	97
PID 3632 wrote to memory of 4328	3632	Unicorn-11697.exe	97
PID 640 wrote to memory of 3028	640	Unicorn-59834.exe	98
PID 640 wrote to memory of 3028	640	Unicorn-59834.exe	98
PID 640 wrote to memory of 3028	640	Unicorn-59834.exe	98
PID 3012 wrote to memory of 3016	3012	Unicorn-52538.exe	99
PID 3012 wrote to memory of 3016	3012	Unicorn-52538.exe	99
PID 3012 wrote to memory of 3016	3012	Unicorn-52538.exe	99
PID 1364 wrote to memory of 2268	1364	Unicorn-48137.exe	100
PID 1364 wrote to memory of 2268	1364	Unicorn-48137.exe	100
PID 1364 wrote to memory of 2268	1364	Unicorn-48137.exe	100
PID 5020 wrote to memory of 8	5020	Unicorn-5567.exe	101
PID 5020 wrote to memory of 8	5020	Unicorn-5567.exe	101
PID 5020 wrote to memory of 8	5020	Unicorn-5567.exe	101
PID 3032 wrote to memory of 2712	3032	Unicorn-14489.exe	102
PID 3032 wrote to memory of 2712	3032	Unicorn-14489.exe	102
PID 3032 wrote to memory of 2712	3032	Unicorn-14489.exe	102
PID 4624 wrote to memory of 5056	4624	Unicorn-46202.exe	103
PID 4624 wrote to memory of 5056	4624	Unicorn-46202.exe	103
PID 4624 wrote to memory of 5056	4624	Unicorn-46202.exe	103
PID 3180 wrote to memory of 1060	3180	Unicorn-57369.exe	104
PID 3180 wrote to memory of 1060	3180	Unicorn-57369.exe	104
PID 3180 wrote to memory of 1060	3180	Unicorn-57369.exe	104
PID 4908 wrote to memory of 1308	4908	Unicorn-45937.exe	105
PID 4908 wrote to memory of 1308	4908	Unicorn-45937.exe	105
PID 4908 wrote to memory of 1308	4908	Unicorn-45937.exe	105
PID 2840 wrote to memory of 1852	2840	6997ce96e1b92203f1798e216db2199370fb6953fb95fcaa1f7fa602b55808b3N.exe	106
PID 2840 wrote to memory of 1852	2840	6997ce96e1b92203f1798e216db2199370fb6953fb95fcaa1f7fa602b55808b3N.exe	106
PID 2840 wrote to memory of 1852	2840	6997ce96e1b92203f1798e216db2199370fb6953fb95fcaa1f7fa602b55808b3N.exe	106
PID 2268 wrote to memory of 116	2268	Unicorn-26144.exe	107

C:\Users\Admin\AppData\Local\Temp\6997ce96e1b92203f1798e216db2199370fb6953fb95fcaa1f7fa602b55808b3N.exe
"C:\Users\Admin\AppData\Local\Temp\6997ce96e1b92203f1798e216db2199370fb6953fb95fcaa1f7fa602b55808b3N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47250.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47250.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11697.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62730.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31698.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58802.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29882.exe
        8⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15281.exe
        9⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50954.exe
        10⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        10⤵
        
        PID:11652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
        10⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40128.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
        9⤵
        
        PID:13444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59287.exe
        9⤵
        
        PID:17624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53273.exe
        8⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28474.exe
        9⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
        9⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        9⤵
        
        PID:15852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43672.exe
        9⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24751.exe
        8⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
        8⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26228.exe
        8⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42112.exe
        7⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54306.exe
        8⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
        9⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
        9⤵
        
        PID:13768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        9⤵
        
        PID:15568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42188.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
        8⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
        9⤵
        
        PID:15064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        9⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30042.exe
        8⤵
        
        PID:14396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27387.exe
        8⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36256.exe
        7⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38562.exe
        8⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
        8⤵
        
        PID:14472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53925.exe
        8⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
        7⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46075.exe
        7⤵
        
        PID:14228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34750.exe
        7⤵
        
        PID:15580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10237.exe
        7⤵
        
        PID:10116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32880.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54002.exe
        7⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
        8⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6289.exe
        9⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49588.exe
        9⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        9⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64737.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57755.exe
        8⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23112.exe
        7⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29847.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55063.exe
        7⤵
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28712.exe
        6⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49890.exe
        7⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27706.exe
        8⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14666.exe
        8⤵
        
        PID:14076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3651.exe
        8⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2691.exe
        8⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28976.exe
        7⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17574.exe
        8⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17909.exe
        8⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46187.exe
        7⤵
        
        PID:14952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        7⤵
        
        PID:11192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8696.exe
        6⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22626.exe
        7⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64087.exe
        7⤵
        
        PID:15592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8371.exe
        7⤵
        
        PID:9240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27239.exe
        6⤵
        
        PID:11588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38590.exe
        6⤵
        
        PID:15548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36528.exe
        5⤵
        Executes dropped EXE
        
        PID:1372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41890.exe
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20178.exe
        7⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22402.exe
        8⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11753.exe
        9⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58.exe
        9⤵
        
        PID:13272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43423.exe
        9⤵
        
        PID:15232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26427.exe
        9⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44545.exe
        8⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23602.exe
        8⤵
        
        PID:15144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46895.exe
        8⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44057.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
        8⤵
        
        PID:13656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
        8⤵
        
        PID:16396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
        7⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60139.exe
        7⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32408.exe
        6⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64674.exe
        7⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
        8⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65225.exe
        9⤵
        
        PID:12492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        9⤵
        
        PID:16940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        8⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        8⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40128.exe
        7⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61564.exe
        7⤵
        
        PID:14108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62734.exe
        7⤵
        
        PID:17252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64896.exe
        6⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
        7⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64087.exe
        8⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4723.exe
        8⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        7⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        7⤵
        
        PID:16956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe
        6⤵
        
        PID:13996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18567.exe
        6⤵
        
        PID:13480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3841.exe
        6⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
        7⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        8⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58.exe
        8⤵
        
        PID:13336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43423.exe
        8⤵
        
        PID:15588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9707.exe
        8⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53289.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38787.exe
        7⤵
        
        PID:14532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46895.exe
        7⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
        6⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37898.exe
        7⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        7⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63323.exe
        7⤵
        
        PID:15816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10588.exe
        7⤵
        
        PID:9316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48977.exe
        6⤵
        
        PID:10976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34757.exe
        6⤵
        
        PID:15752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42756.exe
        6⤵
        
        PID:8224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
        5⤵
        
        PID:1416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8857.exe
        6⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53170.exe
        7⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        7⤵
        
        PID:15684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58088.exe
        7⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11784.exe
        6⤵
        
        PID:11636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38598.exe
        6⤵
        
        PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48656.exe
        5⤵
        
        PID:7264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10704.exe
        5⤵
        
        PID:11564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24436.exe
        5⤵
        
        PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59201.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23530.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58994.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
        7⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        8⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
        8⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41782.exe
        8⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
        7⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43985.exe
        7⤵
        
        PID:12420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65180.exe
        7⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25776.exe
        6⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
        7⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        7⤵
        
        PID:11756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        7⤵
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14071.exe
        6⤵
        
        PID:7328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35713.exe
        6⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
        6⤵
        
        PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55273.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63322.exe
        6⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18090.exe
        7⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        7⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21976.exe
        8⤵
        
        PID:16848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        7⤵
        
        PID:16564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56553.exe
        6⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7425.exe
        7⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-163.exe
        7⤵
        
        PID:14580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        7⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
        6⤵
        
        PID:9156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27460.exe
        6⤵
        
        PID:15732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60139.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe
        5⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26642.exe
        6⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
        7⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        7⤵
        
        PID:208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        6⤵
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41030.exe
        6⤵
        
        PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30025.exe
        5⤵
        
        PID:8820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59050.exe
        6⤵
        
        PID:13108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
        6⤵
        
        PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10239.exe
        5⤵
        
        PID:12820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-454.exe
        5⤵
        
        PID:17852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50264.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25938.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21138.exe
        6⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49890.exe
        7⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53170.exe
        8⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58.exe
        8⤵
        
        PID:12516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12516 -s 80
        9⤵
        Program crash
        
        PID:15584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36791.exe
        8⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35311.exe
        8⤵
        
        PID:12372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1311.exe
        7⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        7⤵
        
        PID:15772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58088.exe
        7⤵
        
        PID:10052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16183.exe
        6⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19878.exe
        7⤵
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43217.exe
        6⤵
        
        PID:12596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23045.exe
        6⤵
        
        PID:16476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17616.exe
        5⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51146.exe
        6⤵
        
        PID:8056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        6⤵
        
        PID:11992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51694.exe
        6⤵
        
        PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24159.exe
        5⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
        6⤵
        
        PID:14148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37390.exe
        6⤵
        
        PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18904.exe
        5⤵
        
        PID:12812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64078.exe
        5⤵
        
        PID:17384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52481.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29306.exe
        5⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38546.exe
        6⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27514.exe
        7⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19494.exe
        8⤵
        
        PID:13712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63192.exe
        8⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57825.exe
        7⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4029.exe
        7⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
        6⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38787.exe
        6⤵
        
        PID:14524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5862.exe
        6⤵
        
        PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3024.exe
        5⤵
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22626.exe
        6⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14886.exe
        6⤵
        
        PID:16020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10810.exe
        6⤵
        
        PID:7636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50792.exe
        5⤵
        
        PID:9808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
        5⤵
        
        PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25912.exe
      4⤵
      PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41146.exe
        5⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29050.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62405.exe
        7⤵
        
        PID:15176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34668.exe
        7⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34472.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        6⤵
        
        PID:16528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
        5⤵
        
        PID:9304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4770.exe
        5⤵
        
        PID:14672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16178.exe
        5⤵
        
        PID:9652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8000.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
        5⤵
        
        PID:10860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
        5⤵
        
        PID:15864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33012.exe
        5⤵
        
        PID:18008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22585.exe
      4⤵
      PID:9596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64494.exe
      4⤵
      PID:228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57369.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57369.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46202.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8537.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32378.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16722.exe
        7⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3657.exe
        8⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60082.exe
        9⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        9⤵
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        9⤵
        
        PID:16556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42712.exe
        8⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6023.exe
        8⤵
        
        PID:13244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
        8⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
        7⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        8⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        8⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
        8⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31281.exe
        7⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37522.exe
        7⤵
        
        PID:15088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46582.exe
        7⤵
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
        6⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3657.exe
        7⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60082.exe
        8⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        8⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        8⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17824.exe
        7⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6023.exe
        7⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33007.exe
        7⤵
        
        PID:11116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25295.exe
        6⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28946.exe
        7⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14296.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        7⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61448.exe
        6⤵
        
        PID:10348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44339.exe
        6⤵
        
        PID:15204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
        6⤵
        
        PID:17036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20680.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8553.exe
        6⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27010.exe
        7⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        8⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        8⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        8⤵
        
        PID:16548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32623.exe
        7⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
        7⤵
        
        PID:13036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe
        7⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
        6⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26066.exe
        7⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
        8⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7979.exe
        8⤵
        
        PID:12516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27146.exe
        8⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        7⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1341.exe
        7⤵
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53864.exe
        6⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
        7⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44767.exe
        7⤵
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
        6⤵
        
        PID:13844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1229.exe
        6⤵
        
        PID:14776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20871.exe
        5⤵
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
        6⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23466.exe
        7⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
        8⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58.exe
        8⤵
        
        PID:11656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18150.exe
        8⤵
        
        PID:15784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        8⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3616.exe
        7⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28229.exe
        7⤵
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55297.exe
        6⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        7⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58.exe
        7⤵
        
        PID:12520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        7⤵
        
        PID:15980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        7⤵
        
        PID:7860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-823.exe
        6⤵
        
        PID:11024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34757.exe
        6⤵
        
        PID:15704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56241.exe
        5⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9729.exe
        6⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
        6⤵
        
        PID:11880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16914.exe
        6⤵
        
        PID:16828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51064.exe
        5⤵
        
        PID:7396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28872.exe
        5⤵
        
        PID:13816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61712.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21152.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24594.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23864.exe
        6⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
        7⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        7⤵
        
        PID:13124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37091.exe
        7⤵
        
        PID:11316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
        6⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35213.exe
        7⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27146.exe
        7⤵
        
        PID:17592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
        6⤵
        
        PID:11976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
        6⤵
        
        PID:1204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64889.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        6⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16642.exe
        7⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
        8⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43307.exe
        8⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        8⤵
        
        PID:15604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12124.exe
        8⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
        7⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12966.exe
        7⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63377.exe
        6⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 632
        7⤵
        Program crash
        
        PID:9900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26287.exe
        6⤵
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35628.exe
        6⤵
        
        PID:15692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19874.exe
        6⤵
        
        PID:15660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43908.exe
        6⤵
        
        PID:10520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58544.exe
        5⤵
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        6⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        6⤵
        
        PID:12180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        6⤵
        
        PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
        5⤵
        
        PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
        5⤵
        
        PID:14016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35288.exe
        5⤵
        
        PID:15624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50299.exe
        5⤵
        
        PID:8840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51890.exe
        5⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63626.exe
        6⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30394.exe
        7⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
        7⤵
        
        PID:14480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
        7⤵
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
        6⤵
        
        PID:9720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10061.exe
        6⤵
        
        PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        5⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53170.exe
        6⤵
        
        PID:9976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3651.exe
        6⤵
        
        PID:13468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42764.exe
        6⤵
        
        PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-823.exe
        5⤵
        
        PID:11084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18037.exe
        5⤵
        
        PID:6464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58833.exe
      4⤵
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
        5⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        6⤵
        
        PID:8352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
        6⤵
        
        PID:13740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53812.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50689.exe
        5⤵
        
        PID:9132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12153.exe
        6⤵
        
        PID:13264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exe
        6⤵
        
        PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6023.exe
        5⤵
        
        PID:13220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
        5⤵
        
        PID:5064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19719.exe
      4⤵
      PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63346.exe
        5⤵
        
        PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47929.exe
        5⤵
        
        PID:12852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        5⤵
        
        PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45384.exe
      4⤵
      PID:10132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50165.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42869.exe
      4⤵
      PID:4312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56600.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7385.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19882.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41160.exe
        6⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
        7⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8785.exe
        8⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7979.exe
        8⤵
        
        PID:15960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51843.exe
        8⤵
        
        PID:11920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        7⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
        6⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21479.exe
        6⤵
        
        PID:13576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29068.exe
        6⤵
        
        PID:15104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50281.exe
        5⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        6⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64928.exe
        6⤵
        
        PID:9388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        6⤵
        
        PID:15732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43672.exe
        6⤵
        
        PID:11292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22239.exe
        5⤵
        
        PID:7376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35713.exe
        5⤵
        
        PID:11836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16352.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30266.exe
        5⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47394.exe
        6⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45002.exe
        7⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
        7⤵
        
        PID:14936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
        7⤵
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27771.exe
        7⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35712.exe
        6⤵
        
        PID:10992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        6⤵
        
        PID:15720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe
        6⤵
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32136.exe
        5⤵
        
        PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30039.exe
        5⤵
        
        PID:11576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21326.exe
        5⤵
        
        PID:1836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28712.exe
      4⤵
      PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        5⤵
        
        PID:11800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        5⤵
        
        PID:16920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
      4⤵
      PID:7408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27047.exe
      4⤵
      PID:11772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1995.exe
      4⤵
      PID:17280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31433.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31433.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58610.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53618.exe
        5⤵
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
        6⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38266.exe
        7⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21696.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        7⤵
        
        PID:16608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8992.exe
        6⤵
        
        PID:8616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37251.exe
        6⤵
        
        PID:13020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46495.exe
        6⤵
        
        PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        5⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60866.exe
        6⤵
        
        PID:11512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29222.exe
        6⤵
        
        PID:18420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        5⤵
        
        PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe
        5⤵
        
        PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43456.exe
      4⤵
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22890.exe
        5⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
        6⤵
        
        PID:10084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16307.exe
        6⤵
        
        PID:14404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41590.exe
        6⤵
        
        PID:1180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17744.exe
        6⤵
        
        PID:11744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
        5⤵
        
        PID:10716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
        5⤵
        
        PID:15672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35555.exe
        5⤵
        
        PID:9896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44057.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
      4⤵
      PID:12276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29862.exe
      4⤵
      PID:17392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-287.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-287.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3841.exe
      4⤵
      PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13273.exe
        5⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
        6⤵
        
        PID:8188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        6⤵
        
        PID:11968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        6⤵
        
        PID:16896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40128.exe
        5⤵
        
        PID:8992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
        5⤵
        
        PID:13792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46895.exe
        5⤵
        
        PID:17352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63553.exe
      4⤵
      PID:5640
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 632
        5⤵
        Program crash
        
        PID:10724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49448.exe
      4⤵
      PID:11000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54740.exe
      4⤵
      PID:13372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26397.exe
      4⤵
      PID:10404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4800.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4800.exe
    3⤵
    PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
      4⤵
      PID:7980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
      4⤵
      PID:12204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41030.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58890.exe
    3⤵
    PID:7628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6047.exe
    3⤵
    PID:11780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
    3⤵
    PID:16960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48137.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48137.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13529.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23530.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10369.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7144.exe
        7⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46818.exe
        8⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47929.exe
        8⤵
        
        PID:12776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        8⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40304.exe
        7⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45216.exe
        7⤵
        
        PID:13964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3910.exe
        7⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43456.exe
        6⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
        7⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64794.exe
        8⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-163.exe
        8⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
        8⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        7⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21594.exe
        7⤵
        
        PID:15708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        7⤵
        
        PID:15856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        7⤵
        
        PID:10104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20511.exe
        6⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35703.exe
        6⤵
        
        PID:13196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        6⤵
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55081.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
        6⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6745.exe
        7⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53170.exe
        8⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
        8⤵
        
        PID:13356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
        8⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60976.exe
        7⤵
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30246.exe
        7⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45872.exe
        6⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35905.exe
        6⤵
        
        PID:11548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
        6⤵
        
        PID:14660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32303.exe
        5⤵
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47394.exe
        6⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38562.exe
        7⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
        7⤵
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41590.exe
        7⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17744.exe
        7⤵
        
        PID:10144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58680.exe
        6⤵
        
        PID:10772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
        6⤵
        
        PID:15652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60444.exe
        6⤵
        
        PID:11176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        5⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30986.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7979.exe
        6⤵
        
        PID:15848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-504.exe
        6⤵
        
        PID:9080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27239.exe
        5⤵
        
        PID:11556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38419.exe
        5⤵
        
        PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42584.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49586.exe
        5⤵
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53242.exe
        6⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65266.exe
        7⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4073.exe
        8⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19379.exe
        8⤵
        
        PID:14312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21714.exe
        8⤵
        
        PID:15700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34901.exe
        8⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
        7⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
        7⤵
        
        PID:15808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5684.exe
        7⤵
        
        PID:11096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45889.exe
        6⤵
        
        PID:7280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30039.exe
        6⤵
        
        PID:11596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8067.exe
        6⤵
        
        PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
        5⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        6⤵
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48976.exe
        6⤵
        
        PID:13516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37091.exe
        6⤵
        
        PID:8908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6391.exe
        5⤵
        
        PID:8796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
        6⤵
        
        PID:15120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53143.exe
        6⤵
        
        PID:17368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26012.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe
        5⤵
        
        PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
      4⤵
      PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3657.exe
        5⤵
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42402.exe
        6⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2729.exe
        7⤵
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12779.exe
        7⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36851.exe
        7⤵
        
        PID:12552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        6⤵
        
        PID:11440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        6⤵
        
        PID:16492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64057.exe
        5⤵
        
        PID:8588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
        5⤵
        
        PID:13800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exe
        5⤵
        
        PID:13860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35695.exe
        5⤵
        
        PID:12452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22495.exe
      4⤵
      PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42402.exe
        5⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65225.exe
        6⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        6⤵
        
        PID:16536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        5⤵
        
        PID:12128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        5⤵
        
        PID:1968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34528.exe
      4⤵
      PID:9000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
        5⤵
        
        PID:13596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23438.exe
        5⤵
        
        PID:6424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27146.exe
        5⤵
        
        PID:11736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45938.exe
      4⤵
      PID:13828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56325.exe
      4⤵
      PID:6296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26144.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26144.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56586.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58802.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3457.exe
        6⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55074.exe
        7⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53170.exe
        8⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
        8⤵
        
        PID:14464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        8⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35992.exe
        7⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53779.exe
        7⤵
        
        PID:14876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12779.exe
        7⤵
        
        PID:9284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3024.exe
        6⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45002.exe
        7⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
        7⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        7⤵
        
        PID:15696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        7⤵
        
        PID:9844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-823.exe
        6⤵
        
        PID:11068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62908.exe
        6⤵
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25821.exe
        6⤵
        
        PID:15996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14977.exe
        5⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
        6⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53378.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
        7⤵
        
        PID:16432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        6⤵
        
        PID:12104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        6⤵
        
        PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38576.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42995.exe
        5⤵
        
        PID:14988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47997.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32880.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29306.exe
        5⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18474.exe
        6⤵
        
        PID:7868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        6⤵
        
        PID:11688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49198.exe
        6⤵
        
        PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
        5⤵
        
        PID:7916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29847.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22780.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28712.exe
      4⤵
      PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2713.exe
        5⤵
        
        PID:7852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19066.exe
        6⤵
        
        PID:10636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        6⤵
        
        PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        5⤵
        
        PID:12188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52763.exe
        5⤵
        
        PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28095.exe
      4⤵
      PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58858.exe
        5⤵
        
        PID:13096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51651.exe
        5⤵
        
        PID:10156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
      4⤵
      PID:14316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46928.exe
      4⤵
      PID:4512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25567.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50634.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30266.exe
        5⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
        6⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36450.exe
        7⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        7⤵
        
        PID:13204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        7⤵
        
        PID:15768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9162.exe
        7⤵
        
        PID:12700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
        6⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45611.exe
        6⤵
        
        PID:14916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56132.exe
        6⤵
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19360.exe
        5⤵
        
        PID:6828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3232.exe
        6⤵
        
        PID:11148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48875.exe
        6⤵
        
        PID:10724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        6⤵
        
        PID:15728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1923.exe
        6⤵
        
        PID:8600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-823.exe
        5⤵
        
        PID:11076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60523.exe
        5⤵
        
        PID:15552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25652.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25592.exe
      4⤵
      PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        5⤵
        
        PID:7480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
        5⤵
        
        PID:12004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16914.exe
        5⤵
        
        PID:16836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40304.exe
      4⤵
      PID:8668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41105.exe
      4⤵
      PID:12408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27136.exe
      4⤵
      PID:12348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52481.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52481.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52850.exe
      4⤵
      PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64674.exe
        5⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        6⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37709.exe
        7⤵
        
        PID:15272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36614.exe
        7⤵
        
        PID:16420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        6⤵
        
        PID:12032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        6⤵
        
        PID:16516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40128.exe
        5⤵
        
        PID:9200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48016.exe
        5⤵
        
        PID:13980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31711.exe
        5⤵
        
        PID:16488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7689.exe
      4⤵
      PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        5⤵
        
        PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62729.exe
        5⤵
        
        PID:11984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8061.exe
        5⤵
        
        PID:16948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39256.exe
      4⤵
      PID:8652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43116.exe
      4⤵
      PID:12964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21218.exe
      4⤵
      PID:16088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
    3⤵
    PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5105.exe
      4⤵
      PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
        5⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59330.exe
        6⤵
        
        PID:11300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
        6⤵
        
        PID:15336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27146.exe
        6⤵
        
        PID:7548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        5⤵
        
        PID:12196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52270.exe
        5⤵
        
        PID:17760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40128.exe
      4⤵
      PID:8956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
      4⤵
      PID:13780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54269.exe
      4⤵
      PID:16400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16920.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16920.exe
    3⤵
    PID:6068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22226.exe
      4⤵
      PID:9956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
      4⤵
      PID:15900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24346.exe
      4⤵
      PID:11908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30842.exe
    3⤵
    PID:10940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33242.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33242.exe
    3⤵
    PID:12772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49262.exe
    3⤵
    PID:16044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5567.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5567.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14489.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39202.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25658.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34986.exe
        7⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49978.exe
        8⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13289.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:14712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        9⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
        8⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47251.exe
        8⤵
        
        PID:15528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47455.exe
        8⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15109.exe
        8⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
        7⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53746.exe
        8⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6411.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57516.exe
        8⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exe
        7⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4003.exe
        7⤵
        
        PID:15232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9485.exe
        7⤵
        
        PID:15836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
        7⤵
        
        PID:11188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
        6⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9729.exe
        7⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60202.exe
        8⤵
        
        PID:12792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53143.exe
        8⤵
        
        PID:17356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2659.exe
        7⤵
        
        PID:14980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7861.exe
        7⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53864.exe
        6⤵
        
        PID:9184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37929.exe
        6⤵
        
        PID:13456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22085.exe
        6⤵
        
        PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30488.exe
        5⤵
        Executes dropped EXE
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19728.exe
        6⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59122.exe
        7⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        7⤵
        
        PID:12120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        7⤵
        
        PID:16508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39449.exe
        6⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37522.exe
        6⤵
        
        PID:15096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56863.exe
        6⤵
        
        PID:15100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1367.exe
        5⤵
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34234.exe
        6⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52421.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51399.exe
        7⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61080.exe
        7⤵
        
        PID:10048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        6⤵
        
        PID:11752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60749.exe
        6⤵
        
        PID:9336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
        5⤵
        
        PID:9208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45408.exe
        5⤵
        
        PID:13884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50231.exe
        5⤵
        
        PID:5248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44033.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8361.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42962.exe
        6⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27555.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28090.exe
        8⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
        8⤵
        
        PID:14864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4694.exe
        8⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        7⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19483.exe
        7⤵
        
        PID:15768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18914.exe
        7⤵
        
        PID:15892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7811.exe
        7⤵
        
        PID:8916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36080.exe
        6⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
        7⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
        7⤵
        
        PID:13120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
        7⤵
        
        PID:16464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
        6⤵
        
        PID:10688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18914.exe
        6⤵
        
        PID:15928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46705.exe
        6⤵
        
        PID:11748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        6⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64928.exe
        6⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55063.exe
        6⤵
        
        PID:17404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
        5⤵
        
        PID:8244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28805.exe
        6⤵
        
        PID:12616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39067.exe
        6⤵
        
        PID:12720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11866.exe
        5⤵
        
        PID:14040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47542.exe
        5⤵
        
        PID:1032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35096.exe
      4⤵
      PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
        5⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        6⤵
        
        PID:8264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
        6⤵
        
        PID:12080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65534.exe
        6⤵
        
        PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18400.exe
        5⤵
        
        PID:8620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35240.exe
        5⤵
        
        PID:12400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33007.exe
        5⤵
        
        PID:8848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7232.exe
      4⤵
      PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        5⤵
        
        PID:8280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48976.exe
        5⤵
        
        PID:13524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45260.exe
        5⤵
        
        PID:9632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
      4⤵
      PID:8504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
      4⤵
      PID:14300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41832.exe
      4⤵
      PID:17748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10296.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10296.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:8
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63898.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50354.exe
        5⤵
        Executes dropped EXE
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61986.exe
        6⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34426.exe
        7⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61250.exe
        8⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9510.exe
        8⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        7⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
        7⤵
        
        PID:16448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17824.exe
        6⤵
        
        PID:9064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6023.exe
        6⤵
        
        PID:13236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22583.exe
        6⤵
        
        PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41648.exe
        5⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
        6⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27854.exe
        7⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44360.exe
        7⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        6⤵
        
        PID:12112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
        6⤵
        
        PID:16220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53864.exe
        5⤵
        
        PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30145.exe
        5⤵
        
        PID:13584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50622.exe
        5⤵
        
        PID:17612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62201.exe
      4⤵
      PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27010.exe
        5⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18754.exe
        6⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3232.exe
        7⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3651.exe
        7⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42764.exe
        7⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52625.exe
        6⤵
        
        PID:11056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57043.exe
        6⤵
        
        PID:13340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3651.exe
        6⤵
        
        PID:15612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        6⤵
        
        PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47425.exe
        5⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17634.exe
        6⤵
        
        PID:12024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37382.exe
        6⤵
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
        5⤵
        
        PID:13040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62734.exe
        5⤵
        
        PID:5704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
      4⤵
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        5⤵
        
        PID:8292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28002.exe
        6⤵
        
        PID:11520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63340.exe
        6⤵
        
        PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
        5⤵
        
        PID:12072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        5⤵
        
        PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12256.exe
      4⤵
      PID:8240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17346.exe
      4⤵
      PID:14204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
      4⤵
      PID:14236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57768.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8361.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19728.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10305.exe
        6⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        6⤵
        
        PID:12096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        6⤵
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31281.exe
        5⤵
        
        PID:10140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37522.exe
        5⤵
        
        PID:15104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55628.exe
        5⤵
        
        PID:15096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59993.exe
      4⤵
      PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
        5⤵
        
        PID:7764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1873.exe
        6⤵
        
        PID:11812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63148.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        5⤵
        
        PID:11480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        5⤵
        
        PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4855.exe
      4⤵
      PID:8756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11120.exe
      4⤵
      PID:12392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13917.exe
      4⤵
      PID:1004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32601.exe
    3⤵
    PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45458.exe
      4⤵
      PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35578.exe
        5⤵
        
        PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        5⤵
        
        PID:12092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        5⤵
        
        PID:16872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26568.exe
      4⤵
      PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60101.exe
        5⤵
        
        PID:14796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
        5⤵
        
        PID:17588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
      4⤵
      PID:12428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15374.exe
      4⤵
      PID:3140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
    3⤵
    PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
      4⤵
      PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26469.exe
        5⤵
        
        PID:14068
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14068 -s 464
        6⤵
        Program crash
        
        PID:15904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15904 -s 616
        7⤵
        Program crash
        
        PID:15244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31915.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48976.exe
      4⤵
      PID:13508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5571.exe
      4⤵
      PID:10496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52593.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52593.exe
    3⤵
    PID:1096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17876.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17876.exe
    3⤵
    PID:14192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39138.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39138.exe
    3⤵
    PID:6308
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45937.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45937.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8345.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8345.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24594.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
        5⤵
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56506.exe
        6⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35770.exe
        7⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46777.exe
        7⤵
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        7⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25520.exe
        6⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59141.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1342.exe
        7⤵
        
        PID:15112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37251.exe
        6⤵
        
        PID:14328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        6⤵
        
        PID:15536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
        5⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28946.exe
        6⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65225.exe
        7⤵
        
        PID:12556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29421.exe
        7⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
        6⤵
        
        PID:13544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45260.exe
        6⤵
        
        PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37441.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
        5⤵
        
        PID:15220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60791.exe
        5⤵
        
        PID:8648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39808.exe
      4⤵
      PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5193.exe
        5⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
        6⤵
        
        PID:8028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41030.exe
        6⤵
        
        PID:17012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40128.exe
        5⤵
        
        PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37828.exe
        5⤵
        
        PID:15160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51883.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50184.exe
      4⤵
      PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9729.exe
        5⤵
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52890.exe
        6⤵
        
        PID:11676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9702.exe
        6⤵
        
        PID:15116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
        5⤵
        
        PID:11888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15077.exe
        5⤵
        
        PID:6300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
      4⤵
      PID:9172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29263.exe
      4⤵
      PID:13472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29862.exe
      4⤵
      PID:5780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47681.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47681.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52082.exe
      4⤵
      PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        5⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17322.exe
        6⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
        7⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
        7⤵
        
        PID:13468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21714.exe
        7⤵
        
        PID:15528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52337.exe
        7⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19288.exe
        6⤵
        
        PID:9856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21714.exe
        6⤵
        
        PID:15956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33012.exe
        6⤵
        
        PID:216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18400.exe
        5⤵
        
        PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
        5⤵
        
        PID:12436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12779.exe
        5⤵
        
        PID:9556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27128.exe
      4⤵
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20778.exe
        5⤵
        
        PID:8364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23970.exe
        6⤵
        
        PID:11320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26894.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10810.exe
        6⤵
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
        5⤵
        
        PID:13536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25271.exe
        5⤵
        
        PID:17736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64424.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
      4⤵
      PID:13208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27136.exe
      4⤵
      PID:12376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21063.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21063.exe
    3⤵
    PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40362.exe
      4⤵
      PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        5⤵
        
        PID:7812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
        6⤵
        
        PID:15128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29406.exe
        6⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
        5⤵
        
        PID:13432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
        5⤵
        
        PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58193.exe
      4⤵
      PID:8252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44843.exe
      4⤵
      PID:14232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
      4⤵
      PID:15756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27579.exe
      4⤵
      PID:8924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27290.exe
    3⤵
    PID:6900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29050.exe
      4⤵
      PID:976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6411.exe
      4⤵
      PID:14284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48404.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14063.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14063.exe
    3⤵
    PID:9600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26275.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26275.exe
    3⤵
    PID:14868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14447.exe
    3⤵
    PID:1820
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14791.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14791.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2393.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2393.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59098.exe
      4⤵
      PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3657.exe
        5⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17218.exe
        6⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        7⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43423.exe
        7⤵
        
        PID:15628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62940.exe
        7⤵
        
        PID:9352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60976.exe
        6⤵
        
        PID:11572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6510.exe
        6⤵
        
        PID:16452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63185.exe
        5⤵
        
        PID:7244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22714.exe
        6⤵
        
        PID:10900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32363.exe
        6⤵
        
        PID:15680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        6⤵
        
        PID:15944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18311.exe
        5⤵
        
        PID:8968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19874.exe
        5⤵
        
        PID:15644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38236.exe
        5⤵
        
        PID:10696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36448.exe
      4⤵
      PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        5⤵
        
        PID:7972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        5⤵
        
        PID:12244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
        5⤵
        
        PID:1160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31281.exe
      4⤵
      PID:9324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31192.exe
        5⤵
        
        PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37522.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
      4⤵
      PID:17340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47593.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47593.exe
    3⤵
    PID:1444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64674.exe
      4⤵
      PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28946.exe
        5⤵
        
        PID:8324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
        5⤵
        
        PID:13552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
        5⤵
        
        PID:16440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25520.exe
      4⤵
      PID:9220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37251.exe
      4⤵
      PID:7372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35063.exe
      4⤵
      PID:7956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26551.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26551.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3232.exe
      4⤵
      PID:11156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3651.exe
      4⤵
      PID:15736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53236.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14560.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14560.exe
    3⤵
    PID:9360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
    3⤵
    PID:14884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
    3⤵
    PID:5528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34104.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34104.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1921.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1921.exe
    3⤵
    PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46330.exe
      4⤵
      PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        5⤵
        
        PID:7960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        5⤵
        
        PID:11612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        5⤵
        
        PID:16500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40128.exe
      4⤵
      PID:7428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24279.exe
      4⤵
      PID:13600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56132.exe
      4⤵
      PID:17008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63361.exe
    3⤵
    PID:6320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20882.exe
      4⤵
      PID:8040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6411.exe
      4⤵
      PID:14264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
      4⤵
      PID:6940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23407.exe
    3⤵
    PID:10308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12171.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12171.exe
    3⤵
    PID:15252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
    3⤵
    PID:1924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54922.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54922.exe
  2⤵
  PID:2508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
    3⤵
    PID:7520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18685.exe
      4⤵
      PID:14248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50247.exe
      4⤵
      PID:16076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
    3⤵
    PID:12160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
    3⤵
    PID:456
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46487.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46487.exe
  2⤵
  PID:7552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
  2⤵
  PID:11856
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6862.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6862.exe
  2⤵
  PID:4532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 7212 -ip 7212
1⤵
PID:10632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5640 -ip 5640
1⤵
PID:11040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 14068 -ip 14068
1⤵
PID:15592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 15904 -ip 15904
1⤵
PID:14664

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10296.exe

Filesize
468KB

MD5
2658d5bfdcc5fec1dc4507f0a130d01e

SHA1
9bd321ce9a39e94e83b6261a70504fa675796efc

SHA256
b34ff82553978b32678dd1d86ee44a4219525ca0a61a5a71d5393b8058602f8e

SHA512
f215f9030a10779c2613bd25a7d5d04141543b0a2e6befa37145772c383ad0b1a7c89b3c20473bf59270938ef42002cdf583fb643599721a9f72bc84947a3b0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11697.exe

Filesize
468KB

MD5
0e670da103c346da1497cebb0ca7f65a

SHA1
48d4b3a7d30e38260575074222ae712b528df9ce

SHA256
d739832847bb9531fee5f9ac4549bd4c2803a45b6e358aa6bef46f47a3c312da

SHA512
0f80174cc63e93e193e4dd62143740c4df1d9309b74d10e458324f03a522ed74742140d9e02d5b4a8b7047be905608e80f00f80e420eefed85f8fd7f6fdf6dad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13529.exe

Filesize
468KB

MD5
a66d16e9c6928e41b6d48b3a0028e4d9

SHA1
5fdb89dcefe174a0f3def4e4807f7543094b6d3b

SHA256
c28c10896cb8c0657367628932cadbc2eb2eeec4a88b4a3924a5bdf5bed8ee70

SHA512
bca500d903956ae31c1554cf94e8acfa72a9309216a62c2d607d275e77fccd54a251cf2c344bd67ca1c2ef736e7d9f6425b97653508597de0e1fbd8205d0923f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14489.exe

Filesize
468KB

MD5
b0992fe3f09051c860342ba321acf79a

SHA1
233252950bce3632fb2a7cf116143c0b2737f18b

SHA256
44d9ab64347e4c9cb96afcf975bbcf96e39d3adb5f1462ee684d727f55e2e632

SHA512
b9fd743cdc7fc11b0d9b114c79aad4066e77268ebabfc4c06e6d1c1ac3c81254fd52d0d1a84318dea3508c707a180f14036b17c987ac1f5a8c510ce03ac40968

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14791.exe

Filesize
468KB

MD5
bd6dd12dbe343ae4270ac8b63b59db14

SHA1
36efa1fcd20cd7ad04d6db75019e0ef541b80e5c

SHA256
cd09a1be8ae0f8d0952a13c351738cd11a775ae18cfce76ef809850c9fd09eda

SHA512
86ec4afd4b5852ea620d92eb9a6cd72bb61d9fec0464b6262f8d4327ebb7202b558fe1750972096eb0860dfe99e326e616ce6d6bc76c4d8ac8af493980bcec67

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21152.exe

Filesize
468KB

MD5
4e933e4fb51cab9ca8cffd7cc985b080

SHA1
386af799cf7bdeff11985d4d6194bd2cfa734ffe

SHA256
1afa79a3e980adfbb94d0722e1226e7f353ca73b1d6499dfa2680e3a3a79e6b9

SHA512
e28bab0bd80a425ed7b67f8a25c6322e6ae6d4125cf3f75cca3cebb3eaabc22e94441fc60f5875619a0524c9ab4be57f7a212ad4203ade918e4ac190705f0e33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23530.exe

Filesize
468KB

MD5
7524c9679b790db638ab3f7e8e30922b

SHA1
d19421f886b5bf395b75d1d3433c7d871b129822

SHA256
314948f05f56cf1f7da69fd8ac8e1d2c362e8534900fd28bbd298d1967aa169f

SHA512
2842a1bd7e2476aeb9a17d82dc2b57ba48d5b849400d495cc5aace9e38a2d63bf8bc2bc3e07231f1004ddccfafa64abf20cda62bbe9f89685400c7caafae57b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25567.exe

Filesize
468KB

MD5
3ef6f15e4476a6f24d9a3297e4f9f574

SHA1
fbd2a8aeebc2e9f2e43e78d4bd8ddebb3ba615b9

SHA256
01b418c4d2917626d7a0d32036912511ee0c9f88a146eb03938993a64f3ea5a8

SHA512
32795b5b68bee8de634162500c6b7abaa2616fedeb43404b67ab2f7377625a080a90b3f9a4c0c9897018fb04ae36f60439679dbb83e4db1a62c62cd78e147e8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26144.exe

Filesize
468KB

MD5
e739b108c1d720284f2537382bf34805

SHA1
8f266b44bd8448bab65fc1fe58304c46ab600548

SHA256
fe1410cb8ece1c6ae4c9da516d30131ddf2915be7526644bd786cae7c08225c9

SHA512
a219fcede83190ab7bd3bf4672927751e7d9d1e636bb8c0bec2539e16d12d1464d8780801f05f12a51b06626f9e4d1cf029ea5b60c24d289dfa708dc40aeddb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe

Filesize
468KB

MD5
782ab745b1a1f4191651af035e2bc60b

SHA1
dcf73ad4a57da5659e8f7299dbf7bb2d26a1ea8d

SHA256
4a14072df0e5f27d57df00665e8cff87e72bfb2588230a39b989443ec55ce5cd

SHA512
dc79fa4e25cb368254656f63b3c53cc4184d8b83fdad95502879c7bd32eaf2774fd19eeba4d6d481ae165d545b4cda0486ec5e5d8ee45e1c451de4786d770de9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31433.exe

Filesize
468KB

MD5
7c72edfa0a65326cad81963b1294e5c9

SHA1
f7d1ccbb93080c3d5a7472380197bff139be2400

SHA256
517e4374307d0f11551b1297995af8ae896d1056a1ba5cb008608dcb764594f3

SHA512
cd782bd1125c30156eb3efd36d6fa9d0f127113b9febcb6a19f563fd6674ba813d4b072f4ba45447650f274778941b19a59200b44145d50dea33d8638100a581

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31698.exe

Filesize
468KB

MD5
caf8f3d813800ff0857a1ca0dc3d399f

SHA1
c53efb11703677766cf2da0bf8ae317f55b98d0b

SHA256
c588edc366042eb7b1b6aa4efb71e78b5a598e22ca1c6c457a4e8857e19841f5

SHA512
72013445eb349b72d935fedcca4996450c34878ddaed16e013cd13396af34c3b65289346193c98936c336f9f856a14590cb717849801f9066a2978213d013726

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36528.exe

Filesize
468KB

MD5
7c38e29abd0cc5a65326746b198bcc56

SHA1
b13607b4efeaeaa5de409153e5bed566bdd83861

SHA256
5b6498993ba4daf5a1255d72a3ab1701f59498fbe55cdb8ab171d03d0d6d05b9

SHA512
2c6b08df793ec45d992e259e4516a9db9407fea38d02d24354b7dc8c1e29786720435566bae7272a51caa4f4706d1b60de7ce080abe82bc9eff6b0c7faef1cfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37828.exe

Filesize
468KB

MD5
55655f1f9fe8ccfdb9f88e29494854eb

SHA1
43d430ec217ee680496f9ce84acce9c8da909ccc

SHA256
3779630643bc2be459dcfa5f7bc1a3dc6005ac8cd8b32c5c4ce9258eaefd61f0

SHA512
1b8cb032b0b27add1e95f0bc3bf9025b85de5aa48cb81b00b4e126c16b021f3b472275dd59bc1a0e76aa16c94a13ba8be29eba29fa03fa9efe8a80cd1ddaff9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39202.exe

Filesize
468KB

MD5
2004f4047da1a3b44ae8bd24ebf19513

SHA1
623e8d8e218a63a8e8b4a481c0b5151903edc062

SHA256
cf93fc9137d54923a619c743a31842e40fbfc49a726c3c1b97462bc51f127429

SHA512
94f37ce7fe7684d2ce1320efcf53a49c4d0d60c9638ae9c9a3aa7d2bdcad711fb714dea1aaa0f0af0392df29cdc3dceddb43968bcc4e4f25efc6f5932cce6dd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44033.exe

Filesize
468KB

MD5
c1eb4507630cd9a3a1a2affb3c566f7f

SHA1
2872585c6307f795e75442a3d156f09d2b9722ce

SHA256
9f16c41450f0937d2ed77120a89595c016f26b7ec390c6cb7b5ec1179c560b08

SHA512
3ea38da0838e724ada5dbdbf23c52f5628beafb7334ecfd3250b642b6bd6fdecf3099a32cf5ad714d8bf533efda3238d04df5d747aed04e65744ea82ad1648d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45937.exe

Filesize
468KB

MD5
927784f8377bbc50735e730d7eca3516

SHA1
6dec5eb883e6df8d71378dab6f477eb974ac8de9

SHA256
eefac67cccadf0bf63b60ccb04aead0b737942fe805a78f87a9ed034777bf854

SHA512
5ba90b40c93df0ecf7199420e75456a14b962534ea714c7e6faa711327341a6a3bcd1640a9231e3efb450d5a440e61ab99674d66a25dc243856afbf6e40ab7fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46202.exe

Filesize
468KB

MD5
23daa47e742d994fbcc47f317e51ae1e

SHA1
e23df928bbe3575334ce29cf38e7df9a25cfe588

SHA256
0d816e668e5c78553bf518d2658e88cd460e9a4fbf780bc0285ab08a7753431e

SHA512
c738a619738280d2192787eb98b80e291549d6590b49cfad72e0596a149878f85f94d0e5c080891ea8a43158160e50ed4531a7f471747f811be449d1bcd30050

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47250.exe

Filesize
468KB

MD5
1c8863a23c3276e96a28384425cbd226

SHA1
f1634518b2f1a539bd90121b4beedc97bb4f7cc9

SHA256
dbe92c57023cf39fa9536237ee6715f607b816713ffb6280cff0284d086df3b3

SHA512
d8d91ea30de1d66fcb621649e155f71cc057b9655ebd42461127726e49a62d29c0cb09cf938e27b705d8dc0bb6b7d134d46081530feffc61d89cdf5c100c21ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48137.exe

Filesize
468KB

MD5
599b406504ebb399072694b78827edd8

SHA1
8a9462057ba7480c719982d5ec5d57b495e9facd

SHA256
685d68b4f79e397c757df1a02a4ed8d46ca2a7c379753638b5a3c59060999116

SHA512
3b923740361265a6eee752d78d899ca8b171116b2477c566f43cf157441c901d7ace52edeef3f8ece3f88b5949324522c32fc5879e82ec76d61d0a68c4da07f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50264.exe

Filesize
468KB

MD5
29c825273765a76993a867b69bbfbfe3

SHA1
ef682a4883ca55e94a65a18e3ecebdb7b617e91b

SHA256
29a027cb7585ab704b9e52b5936787975d1cc3b24dae626f2e2dd2ee258b9f35

SHA512
677d930c4a284547fac3deb1d9d790fed6c6f0cca518a31a7cebf89172b283259dac4ff8b39e01a15d951ce29038dca0452eca003472215e7b4585fa0331fb7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe

Filesize
468KB

MD5
d27a32bef744ec84d00aff43b43e405a

SHA1
8ece5c1fa260eec59fe28537976364646b69432b

SHA256
4d6ea6e7513097ac58eda1487a924e1cfe2aa610ebf941e01f47878e1bbc4a5b

SHA512
c1dea824b6fef7001ee340e7f3b6655ce8366c96249bcf5f91277c88e5f5e971c06b025fb1f27519abec3858ab82f3ca8e0857101194e8038f7c4f38d4dce43b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5567.exe

Filesize
468KB

MD5
0ebd126780afc38d581517112bb1c0c6

SHA1
1119e5370e16673d5fc8ffad961bc8a4ce4a8c5b

SHA256
c72366237528bd0f57d0faca2ff72f0cb2cbe73b70ccd56c0c637365dd57c1a7

SHA512
0c9dae2971498e812ed08afd9dea22fb90ebb803c2aa1b20fdb7d74130feada6890db43972d353803cad7582c5d9c1b3aedfe227291ad4b243820e66e6b78b38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56586.exe

Filesize
468KB

MD5
70d536ff1b1a9833b273007b4ba9a6b4

SHA1
2c86a8435e3dd0ff93c36d5b2f8b815d3547033e

SHA256
d9e413d708f7aa301c7886ea2dea6cc1e22eaa32eef618e0c3a693b496741e58

SHA512
1514dad720dd94b91321aa36d030b49b6f9c0a2e587a01def2b8a7ecf61ca7796af54ef288cbac646be3b10fa9c54c4e349373943d525d32e17ecc3d9db368e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56600.exe

Filesize
468KB

MD5
c18a70d3da0ff3136ecdf3a4bc14986d

SHA1
91a57106240beab32dc9b7d1dda563dbee592e60

SHA256
09ecd777a8d6f99d914ded2176e14f4a645daa6c1386fdd9d1b650f02e24165d

SHA512
90711879dcc3ac2f1c10d1aa88b7d0d4d9f3da48b7d05d8bf699c8770bd1c68e91b5aa5451f0852917571229aa3b8542f13764e20e30d9f8c40f178e34f7c059

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57369.exe

Filesize
468KB

MD5
afaf8d6b909aa2aea74ab22cefd32c50

SHA1
d1cc1cfab60cdaa8c46dd0af6e04d08841f4d5c9

SHA256
cba0cd577bde18546da5276cbc3decd4d366be7ba5bca13958c8cd79d784cc8e

SHA512
4c75a9dd6b8e7d485f0e74bd90d232b016e9160fa9f4d342e05bb529e953b3913ee9ecda1e3400c873c97b1fb37af98f9172b6fee3f9bd7e299f0107aa12b19a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57768.exe

Filesize
468KB

MD5
7446ba08eb357e911643e8cc914b3991

SHA1
4c6f19cb8f3c52a19c84415037870c3eaa55000d

SHA256
69db011313c1bafff30d1bc93d8d3a47e07f2993274e324210929a9ee589f635

SHA512
b101c4c184413cc28bbeb2b89e5d9572c6c564c14557ca2f9f6caac9f992f0bab60d11f4d2b7708c39f286b0a955ad4e5b374230a10f35561e983e8f1811c58e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59201.exe

Filesize
468KB

MD5
fdee0761a26098d6adc9b633df5c42d8

SHA1
296adea59348d452354a2bd28e9c9b2e1fbb4d66

SHA256
7293c7997f951c0feff2061387a1501928bcc107fe93386239eef64dfe4018ce

SHA512
df5c8dd843bd21b953bd1d8047cf58877450a55486a6aa014da7e2ecab758f1b6bc81c3f5b7b19576bbaef7778189a7e52484f234c2c4d9db8026e7b8e5d7816

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe

Filesize
468KB

MD5
c714583742f41e883ece939dc0225cb5

SHA1
4ffa2fde541731e1691c3c70aa63a8ef78eeb471

SHA256
13b3e6134a78a60933ed4332d1b1fa6d5c27082de3fbee75a115c1ec5e266cef

SHA512
bb138bf713e53818a138c0a16cc618eebf563b7d0ab8bcfc5ddef5d4cfd80c11f585b35ebe17bce35eb389fa0e8639daa82c8d8a98e1e80fdc9895d587ef0b17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62730.exe

Filesize
468KB

MD5
4b7e77ce1c43132f16762100fef47c4b

SHA1
68b5aeb6c51d538f1d65a308de1c81c68abb943d

SHA256
64458af54751a28cda1468ae29017ca1fe0746a37924fcf0d4793f2279ee1e22

SHA512
b5593753ca92879b4d9e62c9d4eff362973bbb60a8f052a03fef898a340e3248b43430306645d6cfb18782817f85b49d7827659754e7c938c07bed22772f4d0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7385.exe

Filesize
468KB

MD5
7f743e2887a6f9598b49a188ec85a6cd

SHA1
e7a339edeb1fea0073f37180cbe79f1b3611819f

SHA256
6d473f7824e3090d57b04fb0fb55b5eee283ebd8804195423e562242970a5f0f

SHA512
dcc6764be88284d19ecbb109d2e22dc1bbeec61183d4eb152d3f8ef77fbfd7e29239fe12d34f5669c1fc51b81c8726d42113bc0700ed5d4a2ab691fca48f59fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8345.exe

Filesize
468KB

MD5
3d65feac770bad64a2773b66511cac6f

SHA1
09f740118d7a7ac607d7abe75f4254f9a6c047cf

SHA256
53fd5bc995f56e35f01e77e8488a01efb93e6701955b2fd503b8b8c25b81ca36

SHA512
3d2a2ba4f573526caa0e7f5bbc79067d0ab16c2b713c42e7a09dc1e47cb9bb76b2899b2650d14c1b0a28416dde59e12b3c02aecc507bf82cc8394e1d1492a18a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8537.exe

Filesize
468KB

MD5
52050d0d89386f5e5fc4bc3b1a2e9173

SHA1
322243b2b666d4663f3787ae3bdaebc1bbbad870

SHA256
e172189ee068958570ce8e72545d904bde1b3d08b5d4c99f070807f3d79ef67d

SHA512
f693e8e2095296d7f13139d59a6c663b4c606f85269eb2edc10a6d2ca958195743147e993790f5f62336c21454d2b9d17ed98633b31f94a7e9009342e97fd812

Download Submit
memory/8-116-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/116-166-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/348-191-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/548-326-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/640-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/812-271-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/876-254-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/880-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/940-432-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1060-132-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1072-556-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1196-331-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1256-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1308-142-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1364-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1372-641-0x0000000002ED0000-0x0000000002FAB000-memory.dmp

Filesize
876KB

Download
memory/1372-193-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1416-547-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1444-478-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1452-495-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1624-302-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1628-429-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1684-327-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1688-330-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1800-239-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1852-143-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1992-480-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2008-496-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2092-278-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2108-378-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2236-266-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2264-185-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2268-97-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2284-479-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2300-431-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2400-377-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2508-546-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2712-117-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2728-328-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2740-419-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2820-248-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2828-214-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2840-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2876-420-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2884-325-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2904-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2944-240-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3012-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3016-88-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3028-87-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3032-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3064-455-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3112-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3132-261-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3180-44-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3192-286-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3292-379-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3340-381-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3488-86-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3520-184-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3608-167-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3620-183-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3632-47-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3648-338-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3720-427-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3808-428-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3868-281-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3904-374-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3932-433-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3952-528-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3976-323-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4048-336-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4080-335-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4084-454-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4112-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4156-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4208-434-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4276-227-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4328-84-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4420-313-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4544-416-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4568-430-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4588-529-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4592-493-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4624-71-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4636-456-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4808-548-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4908-72-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4916-337-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4928-494-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4932-329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4964-541-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4984-557-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5020-48-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5056-126-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5084-192-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5108-228-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads