e4efe0fb53b7b04b121b32469084e4485b6c71de82fb1268c4a8fe55be6e3bab

Analysis

max time kernel
120s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 07:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e4efe0fb53b7b04b121b32469084e4485b6c71de82fb1268c4a8fe55be6e3babN.exe
Size

468KB
MD5

c371a5e1d14c01250d37c73102211790
SHA1

0748fb591788ee2bbb4bc6f2db99daf1b1a64749
SHA256

e4efe0fb53b7b04b121b32469084e4485b6c71de82fb1268c4a8fe55be6e3bab
SHA512

d43a5cc7eecdb8110ddc4d41f80d8355acaece4588e8c4afbf33c8982d7737b39d94e1dcbdf9872f543a7bbcbfea3433b883f1e95bab04abdf33e043723f3af3
SSDEEP

3072:4belogxaId57tbYZPzcfmbfD/n2DnwIH/QmyeQVqAunKkkifuxulZ:4b4oCb7tCP4fmbfva1wunD7fux

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2304	Unicorn-60714.exe
2592	Unicorn-52281.exe
4788	Unicorn-6609.exe
1928	Unicorn-65042.exe
5060	Unicorn-30568.exe
4532	Unicorn-44304.exe
704	Unicorn-14720.exe
4968	Unicorn-51498.exe
2864	Unicorn-59666.exe
2632	Unicorn-22120.exe
2328	Unicorn-2991.exe
4856	Unicorn-8856.exe
2084	Unicorn-35266.exe
676	Unicorn-12799.exe
5068	Unicorn-32120.exe
3764	Unicorn-61114.exe
1840	Unicorn-33080.exe
4732	Unicorn-52946.exe
1724	Unicorn-61041.exe
4056	Unicorn-61306.exe
3848	Unicorn-33272.exe
4024	Unicorn-36994.exe
4128	Unicorn-52568.exe
2656	Unicorn-61498.exe
3488	Unicorn-39032.exe
3612	Unicorn-19706.exe
556	Unicorn-11537.exe
640	Unicorn-11272.exe
3944	Unicorn-31360.exe
1608	Unicorn-51418.exe
1588	Unicorn-12423.exe
4280	Unicorn-22394.exe
1300	Unicorn-19248.exe
1220	Unicorn-47282.exe
4008	Unicorn-14417.exe
4180	Unicorn-8287.exe
4652	Unicorn-11080.exe
4920	Unicorn-62658.exe
3904	Unicorn-46322.exe
1248	Unicorn-5289.exe
4044	Unicorn-38346.exe
548	Unicorn-38346.exe
2876	Unicorn-18480.exe
3252	Unicorn-10120.exe
3920	Unicorn-51153.exe
3528	Unicorn-45552.exe
1172	Unicorn-64888.exe
3988	Unicorn-45944.exe
4812	Unicorn-54609.exe
1800	Unicorn-5009.exe
1504	Unicorn-54402.exe
1648	Unicorn-62570.exe
3132	Unicorn-56440.exe
32	Unicorn-54594.exe
4240	Unicorn-54594.exe
2308	Unicorn-38258.exe
892	Unicorn-62497.exe
1612	Unicorn-53832.exe
460	Unicorn-42896.exe
2952	Unicorn-42704.exe
4948	Unicorn-33384.exe
1428	Unicorn-56130.exe
2728	Unicorn-3400.exe
4924	Unicorn-18776.exe

Program crash 5 IoCs

pid	pid_target	Process	procid_target
6576	9508	WerFault.exe	433
11616	9508	WerFault.exe	433
12564	7420	WerFault.exe	298
16272	17176	WerFault.exe	839
16756	16436	WerFault.exe	868

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40145.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13608.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36872.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47736.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4519.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-121.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64980.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3928.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11216.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23439.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63442.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23225.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18010.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49073.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48896.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9975.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11920.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15289.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39634.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46010.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62720.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40474.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51050.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56385.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20751.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32114.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64553.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49377.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19687.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51977.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	1332	dwm.exe
Token: SeChangeNotifyPrivilege	1332	dwm.exe
Token: 33	1332	dwm.exe
Token: SeIncBasePriorityPrivilege	1332	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3312	e4efe0fb53b7b04b121b32469084e4485b6c71de82fb1268c4a8fe55be6e3babN.exe
2304	Unicorn-60714.exe
4788	Unicorn-6609.exe
2592	Unicorn-52281.exe
1928	Unicorn-65042.exe
4532	Unicorn-44304.exe
5060	Unicorn-30568.exe
704	Unicorn-14720.exe
4968	Unicorn-51498.exe
4856	Unicorn-8856.exe
2328	Unicorn-2991.exe
2864	Unicorn-59666.exe
2632	Unicorn-22120.exe
2084	Unicorn-35266.exe
676	Unicorn-12799.exe
5068	Unicorn-32120.exe
3764	Unicorn-61114.exe
1840	Unicorn-33080.exe
1724	Unicorn-61041.exe
4732	Unicorn-52946.exe
4056	Unicorn-61306.exe
3488	Unicorn-39032.exe
4128	Unicorn-52568.exe
2656	Unicorn-61498.exe
4024	Unicorn-36994.exe
3848	Unicorn-33272.exe
3612	Unicorn-19706.exe
556	Unicorn-11537.exe
3944	Unicorn-31360.exe
1588	Unicorn-12423.exe
1608	Unicorn-51418.exe
640	Unicorn-11272.exe
4280	Unicorn-22394.exe
1300	Unicorn-19248.exe
1220	Unicorn-47282.exe
4008	Unicorn-14417.exe
4180	Unicorn-8287.exe
4652	Unicorn-11080.exe
4920	Unicorn-62658.exe
3904	Unicorn-46322.exe
1248	Unicorn-5289.exe
4044	Unicorn-38346.exe
3528	Unicorn-45552.exe
548	Unicorn-38346.exe
1172	Unicorn-64888.exe
4812	Unicorn-54609.exe
2876	Unicorn-18480.exe
3252	Unicorn-10120.exe
3988	Unicorn-45944.exe
3920	Unicorn-51153.exe
1800	Unicorn-5009.exe
1504	Unicorn-54402.exe
32	Unicorn-54594.exe
3132	Unicorn-56440.exe
1648	Unicorn-62570.exe
2308	Unicorn-38258.exe
4240	Unicorn-54594.exe
1612	Unicorn-53832.exe
460	Unicorn-42896.exe
2952	Unicorn-42704.exe
892	Unicorn-62497.exe
4948	Unicorn-33384.exe
1428	Unicorn-56130.exe
2728	Unicorn-3400.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3312 wrote to memory of 2304	3312	e4efe0fb53b7b04b121b32469084e4485b6c71de82fb1268c4a8fe55be6e3babN.exe	86
PID 3312 wrote to memory of 2304	3312	e4efe0fb53b7b04b121b32469084e4485b6c71de82fb1268c4a8fe55be6e3babN.exe	86
PID 3312 wrote to memory of 2304	3312	e4efe0fb53b7b04b121b32469084e4485b6c71de82fb1268c4a8fe55be6e3babN.exe	86
PID 3312 wrote to memory of 2592	3312	e4efe0fb53b7b04b121b32469084e4485b6c71de82fb1268c4a8fe55be6e3babN.exe	87
PID 3312 wrote to memory of 2592	3312	e4efe0fb53b7b04b121b32469084e4485b6c71de82fb1268c4a8fe55be6e3babN.exe	87
PID 3312 wrote to memory of 2592	3312	e4efe0fb53b7b04b121b32469084e4485b6c71de82fb1268c4a8fe55be6e3babN.exe	87
PID 2304 wrote to memory of 4788	2304	Unicorn-60714.exe	88
PID 2304 wrote to memory of 4788	2304	Unicorn-60714.exe	88
PID 2304 wrote to memory of 4788	2304	Unicorn-60714.exe	88
PID 4788 wrote to memory of 1928	4788	Unicorn-6609.exe	89
PID 4788 wrote to memory of 1928	4788	Unicorn-6609.exe	89
PID 4788 wrote to memory of 1928	4788	Unicorn-6609.exe	89
PID 2304 wrote to memory of 5060	2304	Unicorn-60714.exe	90
PID 2304 wrote to memory of 5060	2304	Unicorn-60714.exe	90
PID 2304 wrote to memory of 5060	2304	Unicorn-60714.exe	90
PID 3312 wrote to memory of 4532	3312	e4efe0fb53b7b04b121b32469084e4485b6c71de82fb1268c4a8fe55be6e3babN.exe	91
PID 3312 wrote to memory of 4532	3312	e4efe0fb53b7b04b121b32469084e4485b6c71de82fb1268c4a8fe55be6e3babN.exe	91
PID 3312 wrote to memory of 4532	3312	e4efe0fb53b7b04b121b32469084e4485b6c71de82fb1268c4a8fe55be6e3babN.exe	91
PID 2592 wrote to memory of 704	2592	Unicorn-52281.exe	92
PID 2592 wrote to memory of 704	2592	Unicorn-52281.exe	92
PID 2592 wrote to memory of 704	2592	Unicorn-52281.exe	92
PID 1928 wrote to memory of 4968	1928	Unicorn-65042.exe	93
PID 1928 wrote to memory of 4968	1928	Unicorn-65042.exe	93
PID 1928 wrote to memory of 4968	1928	Unicorn-65042.exe	93
PID 4532 wrote to memory of 2864	4532	Unicorn-44304.exe	94
PID 4532 wrote to memory of 2864	4532	Unicorn-44304.exe	94
PID 4532 wrote to memory of 2864	4532	Unicorn-44304.exe	94
PID 4788 wrote to memory of 2632	4788	Unicorn-6609.exe	95
PID 4788 wrote to memory of 2632	4788	Unicorn-6609.exe	95
PID 4788 wrote to memory of 2632	4788	Unicorn-6609.exe	95
PID 2304 wrote to memory of 2328	2304	Unicorn-60714.exe	96
PID 2304 wrote to memory of 2328	2304	Unicorn-60714.exe	96
PID 2304 wrote to memory of 2328	2304	Unicorn-60714.exe	96
PID 3312 wrote to memory of 4856	3312	e4efe0fb53b7b04b121b32469084e4485b6c71de82fb1268c4a8fe55be6e3babN.exe	97
PID 3312 wrote to memory of 4856	3312	e4efe0fb53b7b04b121b32469084e4485b6c71de82fb1268c4a8fe55be6e3babN.exe	97
PID 3312 wrote to memory of 4856	3312	e4efe0fb53b7b04b121b32469084e4485b6c71de82fb1268c4a8fe55be6e3babN.exe	97
PID 704 wrote to memory of 2084	704	Unicorn-14720.exe	98
PID 704 wrote to memory of 2084	704	Unicorn-14720.exe	98
PID 704 wrote to memory of 2084	704	Unicorn-14720.exe	98
PID 2592 wrote to memory of 676	2592	Unicorn-52281.exe	99
PID 2592 wrote to memory of 676	2592	Unicorn-52281.exe	99
PID 2592 wrote to memory of 676	2592	Unicorn-52281.exe	99
PID 5060 wrote to memory of 5068	5060	Unicorn-30568.exe	100
PID 5060 wrote to memory of 5068	5060	Unicorn-30568.exe	100
PID 5060 wrote to memory of 5068	5060	Unicorn-30568.exe	100
PID 4968 wrote to memory of 3764	4968	Unicorn-51498.exe	101
PID 4968 wrote to memory of 3764	4968	Unicorn-51498.exe	101
PID 4968 wrote to memory of 3764	4968	Unicorn-51498.exe	101
PID 1928 wrote to memory of 1840	1928	Unicorn-65042.exe	102
PID 1928 wrote to memory of 1840	1928	Unicorn-65042.exe	102
PID 1928 wrote to memory of 1840	1928	Unicorn-65042.exe	102
PID 2328 wrote to memory of 4732	2328	Unicorn-2991.exe	103
PID 2328 wrote to memory of 4732	2328	Unicorn-2991.exe	103
PID 2328 wrote to memory of 4732	2328	Unicorn-2991.exe	103
PID 2304 wrote to memory of 1724	2304	Unicorn-60714.exe	104
PID 2304 wrote to memory of 1724	2304	Unicorn-60714.exe	104
PID 2304 wrote to memory of 1724	2304	Unicorn-60714.exe	104
PID 2864 wrote to memory of 4056	2864	Unicorn-59666.exe	105
PID 2864 wrote to memory of 4056	2864	Unicorn-59666.exe	105
PID 2864 wrote to memory of 4056	2864	Unicorn-59666.exe	105
PID 4532 wrote to memory of 3848	4532	Unicorn-44304.exe	106
PID 4532 wrote to memory of 3848	4532	Unicorn-44304.exe	106
PID 4532 wrote to memory of 3848	4532	Unicorn-44304.exe	106
PID 4856 wrote to memory of 4024	4856	Unicorn-8856.exe	107

C:\Users\Admin\AppData\Local\Temp\e4efe0fb53b7b04b121b32469084e4485b6c71de82fb1268c4a8fe55be6e3babN.exe
"C:\Users\Admin\AppData\Local\Temp\e4efe0fb53b7b04b121b32469084e4485b6c71de82fb1268c4a8fe55be6e3babN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60714.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60714.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65042.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51498.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61114.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22394.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56130.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49410.exe
        9⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43074.exe
        10⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57442.exe
        11⤵
        
        PID:13700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62720.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26617.exe
        10⤵
        
        PID:13908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27671.exe
        10⤵
        
        PID:17400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32248.exe
        9⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42450.exe
        10⤵
        
        PID:13372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59916.exe
        10⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30239.exe
        9⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10280.exe
        9⤵
        
        PID:13968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43536.exe
        9⤵
        
        PID:16416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31080.exe
        8⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37890.exe
        9⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29866.exe
        10⤵
        
        PID:15216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42360.exe
        9⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48241.exe
        9⤵
        
        PID:15548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65112.exe
        8⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
        8⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3255.exe
        8⤵
        
        PID:15088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3400.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
        8⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        9⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3721.exe
        10⤵
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3315.exe
        10⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        9⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12495.exe
        9⤵
        
        PID:13296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37920.exe
        8⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
        8⤵
        
        PID:11892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31329.exe
        8⤵
        
        PID:15804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20311.exe
        7⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6577.exe
        8⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20456.exe
        8⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55744.exe
        8⤵
        
        PID:15676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33593.exe
        7⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37562.exe
        8⤵
        
        PID:16184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15439.exe
        7⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        7⤵
        
        PID:16080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24226.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
        8⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54418.exe
        9⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40130.exe
        10⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3088.exe
        10⤵
        
        PID:16376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24680.exe
        9⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        9⤵
        
        PID:15104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
        8⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3233.exe
        9⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
        8⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3255.exe
        8⤵
        
        PID:14776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40976.exe
        7⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29058.exe
        8⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48610.exe
        9⤵
        
        PID:16648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18240.exe
        8⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4519.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30700.exe
        8⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51848.exe
        7⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6145.exe
        8⤵
        
        PID:17136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32273.exe
        7⤵
        
        PID:11992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61496.exe
        7⤵
        
        PID:16020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18287.exe
        6⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4951.exe
        7⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49466.exe
        8⤵
        
        PID:13868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32600.exe
        8⤵
        
        PID:17096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18232.exe
        7⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe
        7⤵
        
        PID:13772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58465.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39634.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19687.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11448.exe
        7⤵
        
        PID:16832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14175.exe
        6⤵
        
        PID:9160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6688.exe
        6⤵
        
        PID:12248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36946.exe
        6⤵
        
        PID:16004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47282.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41138.exe
        7⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26442.exe
        8⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
        9⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31786.exe
        10⤵
        
        PID:16172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
        9⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64856.exe
        9⤵
        
        PID:13876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
        8⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8239.exe
        8⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35465.exe
        8⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6192.exe
        7⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        8⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45538.exe
        9⤵
        
        PID:15952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18432.exe
        8⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37384.exe
        8⤵
        
        PID:14372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22340.exe
        8⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51656.exe
        7⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54665.exe
        7⤵
        
        PID:11872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22663.exe
        7⤵
        
        PID:15836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28480.exe
        6⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53058.exe
        7⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14937.exe
        8⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62642.exe
        9⤵
        
        PID:16304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27855.exe
        8⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11448.exe
        8⤵
        
        PID:16900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7080.exe
        7⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25551.exe
        7⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65449.exe
        7⤵
        
        PID:16212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
        6⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50898.exe
        7⤵
        
        PID:13132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36824.exe
        7⤵
        
        PID:17112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49753.exe
        6⤵
        
        PID:8348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1895.exe
        6⤵
        
        PID:13072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8287.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16442.exe
        6⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2321.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61346.exe
        8⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63290.exe
        9⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18080.exe
        9⤵
        
        PID:16280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        8⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12495.exe
        8⤵
        
        PID:14148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55396.exe
        8⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52144.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51873.exe
        7⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        7⤵
        
        PID:13440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23872.exe
        6⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14937.exe
        7⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14208.exe
        7⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24991.exe
        7⤵
        
        PID:15488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20815.exe
        6⤵
        
        PID:8276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31609.exe
        6⤵
        
        PID:11660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56976.exe
        6⤵
        
        PID:16288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15024.exe
        5⤵
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16458.exe
        6⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26778.exe
        7⤵
        
        PID:12968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
        7⤵
        
        PID:17304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24642.exe
        7⤵
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5928.exe
        6⤵
        
        PID:8324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1431.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
        6⤵
        
        PID:16064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12135.exe
        5⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13025.exe
        6⤵
        
        PID:10452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34016.exe
        6⤵
        
        PID:14960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        5⤵
        
        PID:9252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49042.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22891.exe
        5⤵
        
        PID:6496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22120.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61498.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18776.exe
        6⤵
        Executes dropped EXE
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64506.exe
        8⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49377.exe
        8⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31415.exe
        8⤵
        
        PID:14764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60697.exe
        7⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65512.exe
        7⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62937.exe
        7⤵
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52408.exe
        6⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50490.exe
        7⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2880.exe
        7⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50456.exe
        7⤵
        
        PID:16420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38985.exe
        6⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25143.exe
        6⤵
        
        PID:11392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63025.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51153.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65066.exe
        6⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59794.exe
        7⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32600.exe
        8⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8424.exe
        7⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        7⤵
        
        PID:13084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
        7⤵
        
        PID:17096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13674.exe
        7⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50592.exe
        6⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
        6⤵
        
        PID:10476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
        6⤵
        
        PID:14720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
        5⤵
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35762.exe
        6⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
        7⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57857.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7080.exe
        6⤵
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16999.exe
        6⤵
        
        PID:10948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56321.exe
        6⤵
        
        PID:16472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62601.exe
        5⤵
        
        PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48872.exe
        5⤵
        
        PID:8880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26776.exe
        5⤵
        
        PID:11584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38346.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23458.exe
        6⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9368.exe
        7⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
        8⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4583.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57177.exe
        7⤵
        
        PID:13620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13608.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15335.exe
        6⤵
        
        PID:10820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52257.exe
        6⤵
        
        PID:14828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22424.exe
        5⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-121.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        7⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3928.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24991.exe
        7⤵
        
        PID:15456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55128.exe
        6⤵
        
        PID:9544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57561.exe
        6⤵
        
        PID:13816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23295.exe
        5⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49450.exe
        6⤵
        
        PID:10808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3088.exe
        6⤵
        
        PID:15668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
        5⤵
        
        PID:9312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48512.exe
        5⤵
        
        PID:13584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2776.exe
        5⤵
        
        PID:17208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        5⤵
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8097.exe
        6⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48170.exe
        7⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34266.exe
        8⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13176.exe
        8⤵
        
        PID:16428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49377.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21624.exe
        7⤵
        
        PID:15400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        6⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34471.exe
        6⤵
        
        PID:10800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11920.exe
        6⤵
        
        PID:15116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9368.exe
        5⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
        6⤵
        
        PID:13284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11032.exe
        5⤵
        
        PID:9588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
        5⤵
        
        PID:13960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62814.exe
        5⤵
        
        PID:5164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33551.exe
      4⤵
      PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35762.exe
        5⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28792.exe
        6⤵
        
        PID:8488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
        6⤵
        
        PID:12056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28361.exe
        6⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        5⤵
        
        PID:8408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30634.exe
        6⤵
        
        PID:14616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14591.exe
        5⤵
        
        PID:11696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16144.exe
        5⤵
        
        PID:13552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1272.exe
      4⤵
      PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
        5⤵
        
        PID:8796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29880.exe
        5⤵
        
        PID:12484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
        5⤵
        
        PID:17084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18737.exe
      4⤵
      PID:8936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61424.exe
      4⤵
      PID:13232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24595.exe
      4⤵
      PID:5348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30568.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30568.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32120.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51418.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38258.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32114.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18186.exe
        8⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25818.exe
        9⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23978.exe
        9⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64641.exe
        8⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52360.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17256.exe
        7⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31786.exe
        8⤵
        
        PID:15984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61576.exe
        7⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26.exe
        7⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11480.exe
        6⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        7⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50898.exe
        8⤵
        
        PID:13176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54487.exe
        8⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
        7⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64856.exe
        7⤵
        
        PID:13976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
        7⤵
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63576.exe
        6⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46969.exe
        6⤵
        
        PID:10868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        6⤵
        
        PID:15240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33384.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe
        6⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18570.exe
        7⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15440.exe
        7⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19879.exe
        7⤵
        
        PID:12556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47817.exe
        6⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15834.exe
        7⤵
        
        PID:15596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7079.exe
        6⤵
        
        PID:9552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35745.exe
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39715.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27519.exe
        5⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
        6⤵
        
        PID:9036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44577.exe
        6⤵
        
        PID:12256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39216.exe
        6⤵
        
        PID:15664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23225.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17002.exe
        6⤵
        
        PID:16496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63025.exe
        5⤵
        
        PID:15776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12423.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54594.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
        6⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62098.exe
        7⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50682.exe
        8⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52081.exe
        8⤵
        
        PID:12380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51800.exe
        8⤵
        
        PID:16792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49177.exe
        7⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51696.exe
        7⤵
        
        PID:13804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
        6⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4889.exe
        7⤵
        
        PID:16072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        6⤵
        
        PID:9832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
        6⤵
        
        PID:9812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14250.exe
        6⤵
        
        PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4464.exe
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52882.exe
        6⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41002.exe
        7⤵
        
        PID:12064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
        6⤵
        
        PID:10184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23823.exe
        6⤵
        
        PID:14052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39072.exe
        5⤵
        
        PID:8012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
        5⤵
        
        PID:8732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63016.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31120.exe
        5⤵
        
        PID:16452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62497.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37122.exe
        6⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 628
        7⤵
        Program crash
        
        PID:12564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15552.exe
        6⤵
        
        PID:10152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56496.exe
        6⤵
        
        PID:14208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30892.exe
        6⤵
        
        PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1408.exe
        5⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64074.exe
        6⤵
        
        PID:15732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7855.exe
        5⤵
        
        PID:11064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10384.exe
        5⤵
        
        PID:14424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15399.exe
      4⤵
      PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54418.exe
        5⤵
        
        PID:8108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        6⤵
        
        PID:10124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3456.exe
        6⤵
        
        PID:13616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15978.exe
        6⤵
        
        PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
        5⤵
        
        PID:8368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46112.exe
        5⤵
        
        PID:13024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7048.exe
      4⤵
      PID:8392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47578.exe
      4⤵
      PID:11384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-511.exe
      4⤵
      PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28755.exe
      4⤵
      PID:5604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2991.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2991.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14417.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40474.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54418.exe
        8⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24680.exe
        8⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
        8⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51377.exe
        7⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18135.exe
        7⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11920.exe
        7⤵
        
        PID:7424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14552.exe
        6⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5217.exe
        7⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42360.exe
        7⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25039.exe
        6⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
        6⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3255.exe
        6⤵
        
        PID:14940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53753.exe
        5⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24330.exe
        6⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5409.exe
        7⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38226.exe
        8⤵
        
        PID:15476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32848.exe
        7⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14887.exe
        7⤵
        
        PID:14540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
        6⤵
        
        PID:996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
        6⤵
        
        PID:9320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11920.exe
        6⤵
        
        PID:15136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35880.exe
        5⤵
        
        PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        5⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41170.exe
        6⤵
        
        PID:7992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27855.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1871.exe
        5⤵
        
        PID:9008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25624.exe
        5⤵
        
        PID:13028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38778.exe
        5⤵
        
        PID:17156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57703.exe
        5⤵
        
        PID:17052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11080.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7121.exe
        5⤵
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51906.exe
        6⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55482.exe
        7⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65418.exe
        8⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6055.exe
        7⤵
        
        PID:14868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14171.exe
        7⤵
        
        PID:492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37920.exe
        6⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4593.exe
        7⤵
        
        PID:14516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65520.exe
        6⤵
        
        PID:11980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4624.exe
        6⤵
        
        PID:16036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
        5⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46306.exe
        6⤵
        
        PID:14476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
        5⤵
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44001.exe
        5⤵
        
        PID:12620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2783.exe
        5⤵
        
        PID:16692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34239.exe
      4⤵
      PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41154.exe
        5⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62586.exe
        6⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54930.exe
        7⤵
        
        PID:11852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18080.exe
        7⤵
        
        PID:16292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42360.exe
        6⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
        6⤵
        
        PID:14932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19472.exe
        5⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15834.exe
        6⤵
        
        PID:15576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
        5⤵
        
        PID:10780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11920.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37329.exe
      4⤵
      PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37576.exe
        5⤵
        
        PID:13608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26863.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
      4⤵
      PID:13952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18714.exe
      4⤵
      PID:6940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61041.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61041.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38346.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42482.exe
        5⤵
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
        6⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
        7⤵
        
        PID:10292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56096.exe
        6⤵
        
        PID:10284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29305.exe
        6⤵
        
        PID:14852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42720.exe
        5⤵
        
        PID:7996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15834.exe
        6⤵
        
        PID:15568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56096.exe
        5⤵
        
        PID:10300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29305.exe
        5⤵
        
        PID:14896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36560.exe
      4⤵
      PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58834.exe
        5⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63290.exe
        6⤵
        
        PID:11940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11728.exe
        6⤵
        
        PID:15856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16592.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        5⤵
        
        PID:13012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
        5⤵
        
        PID:17176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37816.exe
      4⤵
      PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        5⤵
        
        PID:11484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11256.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
      4⤵
      PID:10092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45944.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45944.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1641.exe
      4⤵
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51050.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6961.exe
        6⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48298.exe
        7⤵
        
        PID:12308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14136.exe
        7⤵
        
        PID:16660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62257.exe
        6⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16823.exe
        6⤵
        
        PID:15536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40712.exe
        5⤵
        
        PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16999.exe
        5⤵
        
        PID:12028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56321.exe
        5⤵
        
        PID:16444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47817.exe
      4⤵
      PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49.exe
        5⤵
        
        PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32376.exe
        5⤵
        
        PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36872.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9508
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9508 -s 268
        5⤵
        Program crash
        
        PID:6576
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9508 -s 268
        5⤵
        Program crash
        
        PID:11616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57561.exe
      4⤵
      PID:13840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27671.exe
      4⤵
      PID:3084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65257.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65257.exe
    3⤵
    PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12705.exe
      4⤵
      PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52410.exe
        5⤵
        
        PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
        5⤵
        
        PID:11652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2678.exe
        5⤵
        
        PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5264.exe
      4⤵
      PID:8980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46112.exe
      4⤵
      PID:13044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4985.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4985.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7281.exe
      4⤵
      PID:15956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23935.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23935.exe
    3⤵
    PID:9816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11216.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11216.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:12612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8067.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8067.exe
    3⤵
    PID:5304
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52281.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52281.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14720.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14720.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35266.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19706.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
        7⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4729.exe
        8⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32456.exe
        8⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51696.exe
        8⤵
        
        PID:13832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59057.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62450.exe
        8⤵
        
        PID:16204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20456.exe
        7⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29103.exe
        7⤵
        
        PID:14480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47417.exe
        6⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54418.exe
        7⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10249.exe
        8⤵
        
        PID:12932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
        8⤵
        
        PID:15612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57315.exe
        8⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24680.exe
        7⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
        7⤵
        
        PID:14888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
        6⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46010.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40145.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3255.exe
        6⤵
        
        PID:14784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42896.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39514.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62290.exe
        7⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
        7⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51696.exe
        7⤵
        
        PID:13824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52201.exe
        7⤵
        
        PID:16436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16436 -s 80
        8⤵
        Program crash
        
        PID:16756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10240.exe
        6⤵
        
        PID:8144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38416.exe
        6⤵
        
        PID:10364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29305.exe
        6⤵
        
        PID:14916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18199.exe
        5⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64122.exe
        6⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63041.exe
        7⤵
        
        PID:13352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59657.exe
        6⤵
        
        PID:11056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4519.exe
        6⤵
        
        PID:12004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14952.exe
        5⤵
        
        PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31671.exe
        5⤵
        
        PID:11192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52257.exe
        5⤵
        
        PID:14876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        5⤵
        
        PID:392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31360.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54402.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22794.exe
        6⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51730.exe
        7⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35498.exe
        8⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24400.exe
        8⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44504.exe
        8⤵
        
        PID:16708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11343.exe
        8⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
        7⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19751.exe
        6⤵
        
        PID:8504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30545.exe
        6⤵
        
        PID:12100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29207.exe
        6⤵
        
        PID:16344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61449.exe
        5⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46250.exe
        6⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42360.exe
        6⤵
        
        PID:10320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
        6⤵
        
        PID:14924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-151.exe
        5⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exe
        6⤵
        
        PID:14400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57280.exe
        6⤵
        
        PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55713.exe
        5⤵
        
        PID:11376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21511.exe
        5⤵
        
        PID:13768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63250.exe
        6⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22938.exe
        7⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55745.exe
        7⤵
        
        PID:16836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
        6⤵
        
        PID:13652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18024.exe
        5⤵
        
        PID:7976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15449.exe
        6⤵
        
        PID:15924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56096.exe
        5⤵
        
        PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29305.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16280.exe
      4⤵
      PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4729.exe
        5⤵
        
        PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        5⤵
        
        PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
        5⤵
        
        PID:12772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15978.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
      4⤵
      PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50898.exe
        5⤵
        
        PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44993.exe
        5⤵
        
        PID:17044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20232.exe
      4⤵
      PID:9232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38082.exe
      4⤵
      PID:13324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9202.exe
      4⤵
      PID:5280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12799.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12799.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11537.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58242.exe
        6⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37786.exe
        7⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56305.exe
        8⤵
        
        PID:12984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49177.exe
        7⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51696.exe
        7⤵
        
        PID:13848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10240.exe
        6⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20456.exe
        6⤵
        
        PID:11720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29103.exe
        6⤵
        
        PID:14432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36176.exe
        5⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18570.exe
        6⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26178.exe
        7⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31224.exe
        7⤵
        
        PID:13048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41048.exe
        7⤵
        
        PID:17176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17176 -s 80
        8⤵
        Program crash
        
        PID:16272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63180.exe
        7⤵
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48305.exe
        6⤵
        
        PID:8972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36024.exe
        6⤵
        
        PID:10828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11448.exe
        6⤵
        
        PID:16824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54344.exe
        5⤵
        
        PID:7120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        6⤵
        
        PID:13100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50560.exe
        6⤵
        
        PID:17224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13979.exe
        6⤵
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
        5⤵
        
        PID:8744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9975.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64980.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14241.exe
        5⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62098.exe
        6⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        6⤵
        
        PID:9368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
        6⤵
        
        PID:13636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32506.exe
        6⤵
        
        PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
        5⤵
        
        PID:7952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
        6⤵
        
        PID:15884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31399.exe
        5⤵
        
        PID:9452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
        5⤵
        
        PID:12568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43280.exe
      4⤵
      PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62098.exe
        5⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7281.exe
        6⤵
        
        PID:15968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        5⤵
        
        PID:9988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3456.exe
        5⤵
        
        PID:13644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13812.exe
        5⤵
        
        PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45793.exe
      4⤵
      PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
        5⤵
        
        PID:12744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44225.exe
        5⤵
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41309.exe
        5⤵
        
        PID:9192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28599.exe
      4⤵
      PID:9224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
      4⤵
      PID:14500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54594.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:32
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15393.exe
        5⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36634.exe
        6⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42322.exe
        7⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
        7⤵
        
        PID:13276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62720.exe
        6⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26617.exe
        6⤵
        
        PID:13924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32248.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6113.exe
        6⤵
        
        PID:12200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25480.exe
        6⤵
        
        PID:15784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56664.exe
        5⤵
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34785.exe
        5⤵
        
        PID:14040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43536.exe
        5⤵
        
        PID:16460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13784.exe
      4⤵
      PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45570.exe
        5⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50898.exe
        6⤵
        
        PID:12904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
        6⤵
        
        PID:17332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
        6⤵
        
        PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64553.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
        5⤵
        
        PID:13748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31759.exe
      4⤵
      PID:6580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3440.exe
      4⤵
      PID:10524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
      4⤵
      PID:14644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53832.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53832.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe
      4⤵
      PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62098.exe
        5⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54930.exe
        6⤵
        
        PID:11916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        6⤵
        
        PID:16052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7952.exe
        5⤵
        
        PID:10024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        5⤵
        
        PID:13944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
        5⤵
        
        PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
      4⤵
      PID:7944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47736.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
      4⤵
      PID:13316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22226.exe
      4⤵
      PID:6040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
    3⤵
    PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48170.exe
      4⤵
      PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55922.exe
        5⤵
        
        PID:17368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60108.exe
        5⤵
        
        PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49377.exe
      4⤵
      PID:10512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21624.exe
      4⤵
      PID:15464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30938.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30938.exe
    3⤵
    PID:7852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7281.exe
      4⤵
      PID:15992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18647.exe
    3⤵
    PID:10344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42456.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42456.exe
    3⤵
    PID:15032
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44304.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44304.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59666.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59666.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61306.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62658.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        6⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20786.exe
        7⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10249.exe
        8⤵
        
        PID:13116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
        8⤵
        
        PID:17356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
        8⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17367.exe
        7⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30177.exe
        7⤵
        
        PID:13468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40483.exe
        7⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50609.exe
        6⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54090.exe
        7⤵
        
        PID:16160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46968.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        6⤵
        
        PID:15092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5512.exe
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51050.exe
        6⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
        7⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1152.exe
        7⤵
        
        PID:14532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7272.exe
        6⤵
        
        PID:8976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19687.exe
        6⤵
        
        PID:12088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37240.exe
        5⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
        6⤵
        
        PID:11840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5583.exe
        6⤵
        
        PID:16980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        5⤵
        
        PID:8264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        5⤵
        
        PID:13396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5307.exe
        5⤵
        
        PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        5⤵
        
        PID:860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58258.exe
        6⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46442.exe
        7⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45922.exe
        8⤵
        
        PID:15436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32848.exe
        7⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14887.exe
        7⤵
        
        PID:14520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52721.exe
        6⤵
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16320.exe
        6⤵
        
        PID:12072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
        6⤵
        
        PID:16312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43000.exe
        5⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8625.exe
        6⤵
        
        PID:13760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51672.exe
        5⤵
        
        PID:8496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51977.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19311.exe
        5⤵
        
        PID:17128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28375.exe
      4⤵
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43650.exe
        5⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56338.exe
        6⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21610.exe
        7⤵
        
        PID:16356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
        6⤵
        
        PID:10652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47752.exe
        6⤵
        
        PID:14740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        5⤵
        
        PID:7924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62450.exe
        6⤵
        
        PID:15392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        5⤵
        
        PID:10128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
        5⤵
        
        PID:14736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
      4⤵
      PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47546.exe
        5⤵
        
        PID:15940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29167.exe
      4⤵
      PID:8452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58977.exe
      4⤵
      PID:14080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5337.exe
      4⤵
      PID:16744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18776.exe
      4⤵
      PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16930.exe
        5⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        6⤵
        
        PID:8052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        6⤵
        
        PID:11020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12495.exe
        6⤵
        
        PID:7792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21776.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25818.exe
        6⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5478.exe
        6⤵
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
        5⤵
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31329.exe
        5⤵
        
        PID:15844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50872.exe
      4⤵
      PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64506.exe
        5⤵
        
        PID:7048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18010.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52081.exe
        6⤵
        
        PID:12124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50456.exe
        6⤵
        
        PID:16464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4688.exe
        5⤵
        
        PID:8316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46112.exe
        5⤵
        
        PID:13280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21178.exe
        5⤵
        
        PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30905.exe
      4⤵
      PID:4992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63960.exe
      4⤵
      PID:8720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52257.exe
      4⤵
      PID:7536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14204.exe
      4⤵
      PID:8
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64888.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64888.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14936.exe
      4⤵
      PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4537.exe
        5⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10249.exe
        6⤵
        
        PID:12948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44993.exe
        6⤵
        
        PID:17036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
        5⤵
        
        PID:9260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
        5⤵
        
        PID:13856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45408.exe
      4⤵
      PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65506.exe
        5⤵
        
        PID:10568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5478.exe
        5⤵
        
        PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
      4⤵
      PID:6240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
      4⤵
      PID:13384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63252.exe
      4⤵
      PID:3668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57977.exe
    3⤵
    PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34906.exe
      4⤵
      PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        5⤵
        
        PID:12864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15584.exe
        5⤵
        
        PID:15500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31776.exe
      4⤵
      PID:9052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
      4⤵
      PID:13076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46913.exe
      4⤵
      PID:17192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
    3⤵
    PID:7084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23106.exe
      4⤵
      PID:9196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
      4⤵
      PID:9972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39216.exe
      4⤵
      PID:1636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2248.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2248.exe
    3⤵
    PID:8308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2425.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2425.exe
    3⤵
    PID:13108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8856.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8856.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36994.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5289.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15289.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9368.exe
        6⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
        7⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56497.exe
        7⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13943.exe
        7⤵
        
        PID:17076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11032.exe
        6⤵
        
        PID:9472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        6⤵
        
        PID:13496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29811.exe
        6⤵
        
        PID:16704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1200.exe
        5⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39008.exe
        6⤵
        
        PID:12480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11032.exe
        5⤵
        
        PID:9520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        5⤵
        
        PID:5172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37032.exe
      4⤵
      PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12897.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10249.exe
        6⤵
        
        PID:12996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
        6⤵
        
        PID:17340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
        6⤵
        
        PID:1432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8144.exe
        5⤵
        
        PID:10168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        5⤵
        
        PID:13980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64624.exe
      4⤵
      PID:8028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
      4⤵
      PID:10328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20639.exe
      4⤵
      PID:14944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
      4⤵
      PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34906.exe
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1209.exe
        6⤵
        
        PID:9144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11256.exe
        6⤵
        
        PID:15684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56473.exe
        5⤵
        
        PID:9016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        5⤵
        
        PID:13124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
        5⤵
        
        PID:17120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50592.exe
      4⤵
      PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58578.exe
        5⤵
        
        PID:11368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3088.exe
        5⤵
        
        PID:16248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
      4⤵
      PID:10464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
      4⤵
      PID:14712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9840.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9840.exe
    3⤵
    PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48170.exe
      4⤵
      PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41002.exe
        5⤵
        
        PID:12852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3576.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33040.exe
      4⤵
      PID:10532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
      4⤵
      PID:14952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46552.exe
    3⤵
    PID:6836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47424.exe
    3⤵
    PID:10192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3785.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3785.exe
    3⤵
    PID:15128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52568.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52568.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46322.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46322.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
      4⤵
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43650.exe
        5⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25818.exe
        6⤵
        
        PID:10388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23978.exe
        6⤵
        
        PID:8312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49073.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-279.exe
        5⤵
        
        PID:12396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57665.exe
        5⤵
        
        PID:16808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16104.exe
      4⤵
      PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42922.exe
        5⤵
        
        PID:13064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44993.exe
        5⤵
        
        PID:17028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65483.exe
        5⤵
        
        PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31967.exe
      4⤵
      PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18640.exe
      4⤵
      PID:14088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38509.exe
      4⤵
      PID:6404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46161.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4729.exe
      4⤵
      PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10249.exe
        5⤵
        
        PID:12920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3576.exe
        5⤵
        
        PID:17012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24096.exe
      4⤵
      PID:9872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
      4⤵
      PID:13900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49227.exe
      4⤵
      PID:6544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7255.exe
    3⤵
    PID:7896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25730.exe
      4⤵
      PID:13524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
    3⤵
    PID:9908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37551.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37551.exe
    3⤵
    PID:13416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13475.exe
    3⤵
    PID:1528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45552.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45552.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1449.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1449.exe
    3⤵
    PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51730.exe
      4⤵
      PID:7380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64074.exe
        5⤵
        
        PID:15740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23720.exe
      4⤵
      PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64856.exe
      4⤵
      PID:14008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49724.exe
      4⤵
      PID:6348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1408.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1408.exe
    3⤵
    PID:6864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50130.exe
      4⤵
      PID:12108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23978.exe
      4⤵
      PID:2092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7855.exe
    3⤵
    PID:10788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
    3⤵
    PID:15140
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6801.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6801.exe
  2⤵
  PID:5236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27314.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27314.exe
    3⤵
    PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
      4⤵
      PID:15656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16592.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16592.exe
    3⤵
    PID:3604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27855.exe
    3⤵
    PID:12220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6039.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6039.exe
  2⤵
  PID:7068
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe
  2⤵
  PID:10216
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12152.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12152.exe
  2⤵
  PID:14028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 9508 -ip 9508
1⤵
PID:9968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 9508 -ip 9508
1⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 7420 -ip 7420
1⤵
PID:12212

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe

Filesize
468KB

MD5
5e8eae9854c4ebc15819d36cf54cc558

SHA1
fd707c92480e3eeceb403a0ad420446c40fd7f5a

SHA256
abbd4f44ebd8c8c288ed30001ed24e88079e96b378aef082bfe26366320f3cab

SHA512
e70f1e878cc30a059b2249caa2ce1d9dd4bc0703a5e801d423494865e156183dd411551cb1d3717801a8b7a28fa94e4d84e5ab18c1fbeb2392969f7046ca1f7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11537.exe

Filesize
468KB

MD5
a777fad71ab4a1df61e56e6be464e857

SHA1
3650be4fb6c3bac9893468ca87f9caf56b35f4f9

SHA256
ff3c5f731a93e66122040d6bd167f8fd0705de428eaeead140bbf4ab1b45566a

SHA512
802658b969adf613f9a06356a9c7816a0de6cddfae2e521157fda2d927f09eed66916072710b164ba71920c108372e9c10316b16a3d8ef3d550ad9473ca1d06e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12423.exe

Filesize
468KB

MD5
bd5917555328951ecb365b6211edb0ca

SHA1
01b4a441a203593bdfb2a967e1fb8cc4e58b0cf3

SHA256
7fa1066f7d912457f40c8d259c72da3f3078203777904422f2cb978b93e34507

SHA512
d456c33126d2475efae4da9b2bc0887f189795cb8a2b89d0c9011580428194c8c97f299f46c0c3af98f7ad8f6841e691d58de2b38f734b04253d8bec9975ffec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12799.exe

Filesize
468KB

MD5
65e32a1d955b089dcaf7cdb225168d56

SHA1
aa99fac9205d62c3b7f411140c7cbf25a844aec1

SHA256
f597f51062161e12525d113f0c3fd9265cb298248a085757e2d76f459ee089e6

SHA512
8d7f495565038a3603389a2f360ae9fb09a9a7b402751e13e88ce0c2117f28db27fcd5e6ba9e50d06b917ea1e8eb0fccf9255f2e1a46c08be38b4ffcffeef075

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14720.exe

Filesize
468KB

MD5
2086a2e74bdd153e245f87b807431170

SHA1
cb4f13efe9e679d207fd1b6e14893cd5f1b1ce36

SHA256
0c5a7650ff6734ccfa9de28855e49a60693a020fb6cd7e20fa1719c830c4c362

SHA512
46dbf3cbea91e7f6e939023f4014a7c5ca2761de96351c39d5d4cb2eb7bc123fe932c9ebbd98cf8228efb624440febd4dbc80532d9c02b0cc800e25fe70b106d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19706.exe

Filesize
468KB

MD5
d5e85c4c1eabf91b68035ecbf9c7cd8e

SHA1
8354128cc072b72a5daf9c2c21b2ed319f24b9af

SHA256
c9e9504f03880d880556a00559a1230a0a3b6af999adebba1105be995857f805

SHA512
512b03024f39f1dad9f255c9fe37539862f0899a622e1cd0c1a6afa0ef26b89b57878e54944649a24acf616b730b256a1143bc8c6159525842b868f6ed7a25c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22120.exe

Filesize
468KB

MD5
2cc462a8214a0d21c120e1aedfc2af6f

SHA1
2e1deb6ff1d107d6cf2638d1f30b2db3362ca3b6

SHA256
0673f8c3ef19d4c0bb46d1e8ed505f8dfe4fde5706d77ac3fdbb9dcff89b810d

SHA512
350859efb8c47e3d6066193b92a35df65755ab22a9f961027165c435401dcc724a458ca3d5d83bc4fce9a7041490f010d5dc63ab4cd8b3c304493c8dff7415ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22394.exe

Filesize
468KB

MD5
80853cd666302539768e84f68c5f7e54

SHA1
15a2da39ebff5d95e578728877cc22bc2f34fe19

SHA256
c11db4e9a1b5981809df40ee243a38c6e4f0accd90f6d685af22b01f282ed351

SHA512
401a49c6e133d742ee60bf06cc3e7014312ffec00aff85e0a2a6e87ef8cbf8c7c950c6b4879624501fabd9d8bf82b9c8dee7278fe1353a0751be8385e3388cee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2991.exe

Filesize
468KB

MD5
4e962a07af72e25471898b995c9c307a

SHA1
1f4e3a5996ece1180d5c1b6e4c453fff5a9916ee

SHA256
1d60118b43cb9afc187c8b2ee21097068ba4bbbdcbb60403cc2b850864b6ceeb

SHA512
b41030b652c65cc07fb571eb16ccd6aff5ca8c4870b28ddff783a4e354bfe60e11bd15d56f586696c276e78b7b78e4efddab31baec19ef693a28b364a43ff819

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30568.exe

Filesize
468KB

MD5
c8d3c1e24aa81da3c16c71eb1b2fb395

SHA1
5fcb75c73ea0b5edd9395c0e4afd0cf6cb7177e8

SHA256
493f8d00ad22add31425749632e37e25be0b10d2a4c2facb2b44c237cdfdaf65

SHA512
0df2beb33f46db8b07d87e92e71aeacdd040992089acc0a77448568a505be6e9b2ed9c2c3e5efa32c5e756a557c1d3fffcfa6737a0ed1a41ec1ed3cd11df528d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31360.exe

Filesize
468KB

MD5
376c8eeb414bf5d07e3b78229a8d12e0

SHA1
cfbfe7eed9b84590e9b496b0d087d69a4b7b54af

SHA256
b7adb1b388b62f06bbf8810142d794c4043306b366daa2b4d2f7f8d26077397c

SHA512
38c5e19581e75656e508f2ff1d1b3ed26a8fce6885573883009cf08b4d8e7b1f8a5e1a307d201749348d9c8881723c1056dec6c978803192d6a22aa4a933e239

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32120.exe

Filesize
468KB

MD5
4934e430905bca39a2d8391ce1e4d1c1

SHA1
d52de1686606adf1361d6155d7a0084ab168fa14

SHA256
27306dd965b8e7f7eb28f11ff016edb1cbb6e17419abb1c063c8593faecf354b

SHA512
e486b1847a9732072a00fea2d5ceafe04dab688a951348a2f50dc5431fcd53e30d29c93e803f90f72a30882b33cd544aac6b489183c54dda51dc0b8cd197ec7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe

Filesize
468KB

MD5
47c04d9ca26cc67fc02f3252e62ce443

SHA1
f9e9173825d53cf492dfb7b23e8c60506df2cf03

SHA256
4207d4e66248fc7f140b49c5f418229e0ce912f10b27fcfa7e97ba1783def51d

SHA512
b86ee75a8b69390b6bef6afc509dfad4b8007192d85099ae34e4e249ab3fc8ee1f86a903521c269b6b92b2d951955e2a0171ef52eede073560c2d9d78531f02c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe

Filesize
468KB

MD5
f6674f784d8b56d4ecd04b123088bd39

SHA1
d9f270490bcb13983effc0c424c0c7c312d92d5d

SHA256
26f8ed0fbb5c78d8cd40542a2efa7a7ea19518cbd5ca87f85bfb093cd1960fc8

SHA512
3d057b88b3400c8612ffd032649e8d0826f129050f575b0f43a4b8a6d6e590c2c93f2d5c5fd3d70f1a800c0cf507d593e30af634d84c002d4676a26d9171d103

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35266.exe

Filesize
468KB

MD5
d01b27de38920bdec20d11ab00c8452e

SHA1
852b1e121b39951f2c03abf8da71de64b59da775

SHA256
d089343d1b8ce9b8c8a6f63fde0848738c9ab0c816b5f264fbb53d2e2da9d264

SHA512
1953f0cb1e4c000376885e2a03d37c2c0f90a1062b854edd2df9bf7e6db0cb212a6081793328340fdcf4707a15fe4f0e21e264623b607733ec248752910573b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36994.exe

Filesize
468KB

MD5
483e9228c6f05fd17bc6cdc5cb90653e

SHA1
f40be042963bb631b47dea6486f2d6b74bcfb00e

SHA256
f6bd911c7fb734d73b2ba1997b70d02103cc5c6a075feee78e4c0f2b13208204

SHA512
0c7b79488099afcc213478568f278e61b6aa42e0932366d3e5d9bea35e3d927e8ee5feec4097de5e135eb78a794f4db94d79447bced0d5106822e56d073a9004

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe

Filesize
468KB

MD5
fc47b796005fd61766624505d74d6d4b

SHA1
d02ab4f1b2827d48a1502d567893c8a9e9f40457

SHA256
252578a4fa736eaf8e9363e9d1ffe2edaf528a618eb45409d5fcc94572d2a445

SHA512
23fd1dc205c05b3365e141dce8ca25d7f341e28ef17571352ade37caa186932a27025356cd1a903fb66f29846fe265eb200f4fe816c57006a0f7848794a90100

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44304.exe

Filesize
468KB

MD5
981d00701c778167bc77a3b981f0597e

SHA1
8a37d4308a1197c665749a78f1d6dd887795ca1f

SHA256
02f8c6d13db62de9a9b017e5ed567114e16d572648f3ec5fe702775d57fa8486

SHA512
c53aee68b5128b37fdb82f2e03c922afacbc6d082ed613cafb1121fe6d42e6aa4d61b9a14d606d9211e1a1cdaaa38f56de7e8014b1703ee494a7ec3ca0d58384

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51418.exe

Filesize
468KB

MD5
48bde10097658c63a0b49e41b691245d

SHA1
8171e92f7816315a2721eb1598cebd2e817efe6e

SHA256
e4d491ae913ad94b324abb921d8f24550d953aacd7aaaaaf606fd08e1b72dadb

SHA512
647cba92350cbd337a9dcfccf44d48fe51ac3dcdb018e212e1bca99b7dcd96b3137f6ffc79bdefcd817ba60e47521d3e1f3c83df722eed3f5268cb5d084208b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51498.exe

Filesize
468KB

MD5
76aa07235c23c30593efbfc03901d6a4

SHA1
e5ed6e257aca4aa57f8d8bdc7cde43595e6e29f2

SHA256
b782c8bcf8a39ace5d1c1e7c7bf66094ffbb0aa35aaded84429a81bad1d71138

SHA512
47c1e2ebc711a958ab22299d30b228970a463ed129d8166a2bb264ab9d8340faee181d276e84ea241e3b15669791cf03fe0b7cd6730c0725919cd62f4fca9b0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52281.exe

Filesize
468KB

MD5
3674f3bd175728e81c3d4a9326a25525

SHA1
e177fbf777c3916f2e3c28b0367345e627fbf0d1

SHA256
81129f2bdd4e796d73190310749c6ac8b094cbe21bbf2b999923f6c13afaf623

SHA512
242bd7342aa09e4dcdee420216d35f6b0713b397c54148e1f5519dc38b786dcb70fbecfdf68c1c4807d803c7d0c850bb5f44127bda4efd8a40484d0fabb30368

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52568.exe

Filesize
468KB

MD5
988ee3c86fd05e0fcc6bd36e4dc819a6

SHA1
19cb9a0cbecf99716ed54f0ef127ddebe71556a2

SHA256
4cf9794a7651a90371756476df5ff676ae6230159306a18eb40f778ae0e69092

SHA512
6ab289b24842b630cf8a8d7dcefc539edefa13c23de6d5927247c339c3b85d6d3622bfe8f1d44c3eec50e39311c5c0ffa66f2cad84ba861f2e492b0c6868bb71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe

Filesize
468KB

MD5
054fab4094e12be3c3a8629edbc1b7eb

SHA1
780c480c19ef7ace4d4da2e33a7d42b3541d89e3

SHA256
4fee4b0b389839f6f8bb9216f8f6f38ff373fdccf0bdffa8ca53c8b6de3c5145

SHA512
521c40b2b4094bdfc0b1d62cf26733943b42298fb574624aa308ad30aad58b7a499cd54e137b2f64ea35e95e5f1612cbd82bbcbfdbcc06e7d0bef9fd6d707c20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59666.exe

Filesize
468KB

MD5
e2c9601ca1c1af6979b3db1bb365a647

SHA1
dd4aa5fd55cd03e37509f46ebedec86ba315d9b9

SHA256
2e8a0e6e037c9f2e1791afb4381cc4369911635c626bcf9a306b7e2e59040166

SHA512
7b1cc9ba588308cc35551e7f0abcf88ecc65ec232ee58bb134195d5ec952b3f2240daa051ce278952c59526ee6f04950c1d0de088983b00e60d9bf037eab245d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60714.exe

Filesize
468KB

MD5
20777c0e55fbb4b645b36928e622ccb3

SHA1
ed8d7a24893f48ecb616e7b542f653dfc87e1ef7

SHA256
3aca03fafae82d249580464453a65200b518efbe9e0d7cde324ae30d18c45afa

SHA512
f741a26f8673b03493aabfc5c850c133fad288da032f4bc532d4470999cc639209be4ef98d5fd4ac85c52e783a18d3c858de9453afeb8a81bee3b4ea80f1f431

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61041.exe

Filesize
468KB

MD5
b88f6b922f3f1f4521fcd93b0723461b

SHA1
85efb5352477546ffd27970a8aec42b9892fc4ea

SHA256
8957cb1b20665783e1d65ed464108684b902652f4f0d4f0ef9390f50de6a3adb

SHA512
7795e141c6e12199b1c32a0193a12b1c365a25f25bd41a84692882a8e369f03d43bf505c19942519db9758b92431fe35eef792d72d9937af3034b8cb4daca9c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61114.exe

Filesize
468KB

MD5
94f12a1874be835b1a599e7e0c59a56c

SHA1
3a01f2ed873ce66b048a1418d18eb696eb488692

SHA256
b517214156f3e3dceb1b889a99b4876512fe7b67a2dd8162fd8e73094f0a29ee

SHA512
d02badb1551e30948e90450d87c54a1d72078b7104643c4a1a1da46a13ba324e8011793669296cd3d0343fbc98912465be064a6366f1361a8fdcbd1ec20bce26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61306.exe

Filesize
468KB

MD5
35f334b773c192c0519643b78ae1e91f

SHA1
3aa85f488f411775119a5152f45a261f952c4d72

SHA256
ce79ef99ee6c5ec653fe21b355144f5bd3234926e6328d0fbb68dc98572ac6da

SHA512
a4f7c12fc09e1074488ee68212beb042a50527c66b579273cdf3f607004180c0f419f49b39f3da38f2b7e37ba54a9d15e706fd735cce5c24f23f8fd5344c5110

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61498.exe

Filesize
468KB

MD5
518ad5e24a32d145f8140278ddd3c83c

SHA1
b6f9f501b36c7985ca9b0551a03562638763913f

SHA256
54dad764ec43952ba76c98df89bdc3a62c4f130dfe3acf3ece07f1bcfb679f76

SHA512
fbcbbd03602a47407a481554790ed8c7f99282d03b0e353a1a6f5c4ebd7a156f6a96fa2e950cfddea4044e5b7be8093cd22d37d5cbf0e682f1d1a67f9c0bcda2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65042.exe

Filesize
468KB

MD5
620809264fc37a05d8d43de9c6d035b7

SHA1
621be3f53ce38c065af1c87336e4bf2b322d8ceb

SHA256
69046a598513ecdbbb084fca097a33bb52a86c09c4c93a825fcb45fabbe14d80

SHA512
b9ffe9a3b0527365e6db752d5e33826d8d300507101c2945e09abb6d555cc368f68c5b616ad09ad5d9d7c00e7b594d0ff4065d7b2a8bf60febd06938614294c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe

Filesize
468KB

MD5
a66602f62434668510c12cec2b7a7738

SHA1
b65d7ddd2e8234a64486304d96fbb72621d2a451

SHA256
ebe3e799fb44d4c6e4e058a26d5e8a8b270c1cb378f04ba64aed4f7b74bbf413

SHA512
bc78924bd4531cf666184d631a5ab9add94736f1188426e5e0cdcea0c22be275e14cdc05d9d80b1223c7eff43abcc6a793e4bbead35b80dadfcf4e9863b4b771

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8856.exe

Filesize
468KB

MD5
13a3267de2e1bb8904706df3ccb0da60

SHA1
1d654920aed1c6e0c8ee2fdbb6e9bea37b9e5ed2

SHA256
8df47a5f92c7cd83bc79b75448683681ff938608c240715afb232ede89554e31

SHA512
3cd33f1417c6335f8e125e36587ef7c88c8bbbaedf48e9bdff0004e2751e0b24b899fff6ad78396a1f9d38444b64ba93138f35fa4c06ff8501293c7331b37a0a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads