057a1a11e417469d4619c2e09b717ec4c99df5df38298e900975e540d470b49d

Analysis

max time kernel
120s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 12:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

057a1a11e417469d4619c2e09b717ec4c99df5df38298e900975e540d470b49dN.exe
Size

468KB
MD5

7c0aca7f4a6faf7c9512f1eb017b5080
SHA1

41d5c8da7c210f44146f2138fc2accb5eb3aa684
SHA256

057a1a11e417469d4619c2e09b717ec4c99df5df38298e900975e540d470b49d
SHA512

c8a5b9e7c863f406bf181d2d5f90c00bdc59c8b71beb75d01cfc7ef6615ece24185cc90f514b8d935df4a979bf75a564a7d7e02167c8795926d7cead71ab0262
SSDEEP

3072:Xq0bogCdjsXG2bY9Pzh1ff8l5CyAXipCn9HevVpBY8V3LCJ/kilz:Xq8ohCG2+PN1ffBqpZY8lOJ/k

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1936	Unicorn-62173.exe
1400	Unicorn-15084.exe
3196	Unicorn-44420.exe
3700	Unicorn-43948.exe
936	Unicorn-63813.exe
5080	Unicorn-39309.exe
4032	Unicorn-37263.exe
3568	Unicorn-32677.exe
1132	Unicorn-10210.exe
2116	Unicorn-57373.exe
4048	Unicorn-41037.exe
4792	Unicorn-21769.exe
1836	Unicorn-1903.exe
1508	Unicorn-1903.exe
3692	Unicorn-21503.exe
4288	Unicorn-60793.exe
2076	Unicorn-28483.exe
5020	Unicorn-56325.exe
3088	Unicorn-31821.exe
4108	Unicorn-4939.exe
1152	Unicorn-24540.exe
3216	Unicorn-8468.exe
2336	Unicorn-8468.exe
2508	Unicorn-45417.exe
3376	Unicorn-10314.exe
1840	Unicorn-10314.exe
64	Unicorn-7514.exe
4992	Unicorn-16445.exe
2752	Unicorn-62116.exe
4308	Unicorn-58032.exe
1552	Unicorn-17789.exe
2252	Unicorn-2007.exe
396	Unicorn-21681.exe
4872	Unicorn-64751.exe
1804	Unicorn-27855.exe
2792	Unicorn-10388.exe
216	Unicorn-10388.exe
3712	Unicorn-45291.exe
208	Unicorn-56657.exe
1756	Unicorn-65188.exe
3200	Unicorn-12588.exe
3928	Unicorn-32454.exe
4680	Unicorn-23217.exe
4112	Unicorn-60165.exe
2608	Unicorn-19879.exe
1788	Unicorn-25446.exe
2008	Unicorn-62064.exe
3708	Unicorn-56.exe
4220	Unicorn-56.exe
1116	Unicorn-37559.exe
3736	Unicorn-57425.exe
5076	Unicorn-36242.exe
4904	Unicorn-20019.exe
4924	Unicorn-3948.exe
3360	Unicorn-53149.exe
2560	Unicorn-61317.exe
824	Unicorn-12116.exe
2848	Unicorn-7263.exe
4536	Unicorn-32464.exe
4316	Unicorn-26598.exe
3312	Unicorn-12863.exe
2272	Unicorn-52765.exe
1472	Unicorn-36429.exe
3512	Unicorn-60231.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
11144	9220	WerFault.exe	459
16076	14200	WerFault.exe	683
6596	6708	WerFault.exe	861

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51260.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2303.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26055.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40022.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50372.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50124.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25433.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53095.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40389.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45555.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40459.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4958.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61644.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52711.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65188.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43040.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62135.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48634.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58223.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23439.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2790.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43146.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16634.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8413.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50546.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4574.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22185.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9950.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50093.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55143.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39742.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60181.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16634.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11509.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16096	dwm.exe
Token: SeChangeNotifyPrivilege	16096	dwm.exe
Token: 33	16096	dwm.exe
Token: SeIncBasePriorityPrivilege	16096	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5012	057a1a11e417469d4619c2e09b717ec4c99df5df38298e900975e540d470b49dN.exe
1936	Unicorn-62173.exe
1400	Unicorn-15084.exe
3196	Unicorn-44420.exe
3700	Unicorn-43948.exe
936	Unicorn-63813.exe
4032	Unicorn-37263.exe
5080	Unicorn-39309.exe
3568	Unicorn-32677.exe
1132	Unicorn-10210.exe
2116	Unicorn-57373.exe
3692	Unicorn-21503.exe
1836	Unicorn-1903.exe
1508	Unicorn-1903.exe
4048	Unicorn-41037.exe
4792	Unicorn-21769.exe
4288	Unicorn-60793.exe
2076	Unicorn-28483.exe
5020	Unicorn-56325.exe
4108	Unicorn-4939.exe
3088	Unicorn-31821.exe
2336	Unicorn-8468.exe
3216	Unicorn-8468.exe
1152	Unicorn-24540.exe
2752	Unicorn-62116.exe
3376	Unicorn-10314.exe
4992	Unicorn-16445.exe
4308	Unicorn-58032.exe
64	Unicorn-7514.exe
1840	Unicorn-10314.exe
2508	Unicorn-45417.exe
1552	Unicorn-17789.exe
2252	Unicorn-2007.exe
396	Unicorn-21681.exe
4872	Unicorn-64751.exe
1804	Unicorn-27855.exe
216	Unicorn-10388.exe
2792	Unicorn-10388.exe
3712	Unicorn-45291.exe
208	Unicorn-56657.exe
1756	Unicorn-65188.exe
3928	Unicorn-32454.exe
3200	Unicorn-12588.exe
4680	Unicorn-23217.exe
4112	Unicorn-60165.exe
2608	Unicorn-19879.exe
2008	Unicorn-62064.exe
1788	Unicorn-25446.exe
4904	Unicorn-20019.exe
5076	Unicorn-36242.exe
4924	Unicorn-3948.exe
3708	Unicorn-56.exe
4220	Unicorn-56.exe
3736	Unicorn-57425.exe
3360	Unicorn-53149.exe
2848	Unicorn-7263.exe
824	Unicorn-12116.exe
2560	Unicorn-61317.exe
1116	Unicorn-37559.exe
3312	Unicorn-12863.exe
4316	Unicorn-26598.exe
1472	Unicorn-36429.exe
2272	Unicorn-52765.exe
4536	Unicorn-32464.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5012 wrote to memory of 1936	5012	057a1a11e417469d4619c2e09b717ec4c99df5df38298e900975e540d470b49dN.exe	86
PID 5012 wrote to memory of 1936	5012	057a1a11e417469d4619c2e09b717ec4c99df5df38298e900975e540d470b49dN.exe	86
PID 5012 wrote to memory of 1936	5012	057a1a11e417469d4619c2e09b717ec4c99df5df38298e900975e540d470b49dN.exe	86
PID 1936 wrote to memory of 1400	1936	Unicorn-62173.exe	87
PID 1936 wrote to memory of 1400	1936	Unicorn-62173.exe	87
PID 1936 wrote to memory of 1400	1936	Unicorn-62173.exe	87
PID 5012 wrote to memory of 3196	5012	057a1a11e417469d4619c2e09b717ec4c99df5df38298e900975e540d470b49dN.exe	88
PID 5012 wrote to memory of 3196	5012	057a1a11e417469d4619c2e09b717ec4c99df5df38298e900975e540d470b49dN.exe	88
PID 5012 wrote to memory of 3196	5012	057a1a11e417469d4619c2e09b717ec4c99df5df38298e900975e540d470b49dN.exe	88
PID 1936 wrote to memory of 3700	1936	Unicorn-62173.exe	89
PID 1936 wrote to memory of 3700	1936	Unicorn-62173.exe	89
PID 1936 wrote to memory of 3700	1936	Unicorn-62173.exe	89
PID 1400 wrote to memory of 936	1400	Unicorn-15084.exe	90
PID 1400 wrote to memory of 936	1400	Unicorn-15084.exe	90
PID 1400 wrote to memory of 936	1400	Unicorn-15084.exe	90
PID 3196 wrote to memory of 5080	3196	Unicorn-44420.exe	91
PID 3196 wrote to memory of 5080	3196	Unicorn-44420.exe	91
PID 3196 wrote to memory of 5080	3196	Unicorn-44420.exe	91
PID 5012 wrote to memory of 4032	5012	057a1a11e417469d4619c2e09b717ec4c99df5df38298e900975e540d470b49dN.exe	92
PID 5012 wrote to memory of 4032	5012	057a1a11e417469d4619c2e09b717ec4c99df5df38298e900975e540d470b49dN.exe	92
PID 5012 wrote to memory of 4032	5012	057a1a11e417469d4619c2e09b717ec4c99df5df38298e900975e540d470b49dN.exe	92
PID 3700 wrote to memory of 3568	3700	Unicorn-43948.exe	93
PID 3700 wrote to memory of 3568	3700	Unicorn-43948.exe	93
PID 3700 wrote to memory of 3568	3700	Unicorn-43948.exe	93
PID 1936 wrote to memory of 1132	1936	Unicorn-62173.exe	94
PID 1936 wrote to memory of 1132	1936	Unicorn-62173.exe	94
PID 1936 wrote to memory of 1132	1936	Unicorn-62173.exe	94
PID 5080 wrote to memory of 2116	5080	Unicorn-39309.exe	95
PID 5080 wrote to memory of 2116	5080	Unicorn-39309.exe	95
PID 5080 wrote to memory of 2116	5080	Unicorn-39309.exe	95
PID 4032 wrote to memory of 4048	4032	Unicorn-37263.exe	96
PID 4032 wrote to memory of 4048	4032	Unicorn-37263.exe	96
PID 4032 wrote to memory of 4048	4032	Unicorn-37263.exe	96
PID 5012 wrote to memory of 3692	5012	057a1a11e417469d4619c2e09b717ec4c99df5df38298e900975e540d470b49dN.exe	97
PID 5012 wrote to memory of 3692	5012	057a1a11e417469d4619c2e09b717ec4c99df5df38298e900975e540d470b49dN.exe	97
PID 5012 wrote to memory of 3692	5012	057a1a11e417469d4619c2e09b717ec4c99df5df38298e900975e540d470b49dN.exe	97
PID 936 wrote to memory of 4792	936	Unicorn-63813.exe	98
PID 936 wrote to memory of 4792	936	Unicorn-63813.exe	98
PID 936 wrote to memory of 4792	936	Unicorn-63813.exe	98
PID 3196 wrote to memory of 1836	3196	Unicorn-44420.exe	100
PID 3196 wrote to memory of 1836	3196	Unicorn-44420.exe	100
PID 3196 wrote to memory of 1836	3196	Unicorn-44420.exe	100
PID 1400 wrote to memory of 1508	1400	Unicorn-15084.exe	99
PID 1400 wrote to memory of 1508	1400	Unicorn-15084.exe	99
PID 1400 wrote to memory of 1508	1400	Unicorn-15084.exe	99
PID 3568 wrote to memory of 4288	3568	Unicorn-32677.exe	101
PID 3568 wrote to memory of 4288	3568	Unicorn-32677.exe	101
PID 3568 wrote to memory of 4288	3568	Unicorn-32677.exe	101
PID 3700 wrote to memory of 2076	3700	Unicorn-43948.exe	102
PID 3700 wrote to memory of 2076	3700	Unicorn-43948.exe	102
PID 3700 wrote to memory of 2076	3700	Unicorn-43948.exe	102
PID 1132 wrote to memory of 5020	1132	Unicorn-10210.exe	103
PID 1132 wrote to memory of 5020	1132	Unicorn-10210.exe	103
PID 1132 wrote to memory of 5020	1132	Unicorn-10210.exe	103
PID 2116 wrote to memory of 3088	2116	Unicorn-57373.exe	104
PID 2116 wrote to memory of 3088	2116	Unicorn-57373.exe	104
PID 2116 wrote to memory of 3088	2116	Unicorn-57373.exe	104
PID 5080 wrote to memory of 4108	5080	Unicorn-39309.exe	105
PID 5080 wrote to memory of 4108	5080	Unicorn-39309.exe	105
PID 5080 wrote to memory of 4108	5080	Unicorn-39309.exe	105
PID 1936 wrote to memory of 1152	1936	Unicorn-62173.exe	106
PID 1936 wrote to memory of 1152	1936	Unicorn-62173.exe	106
PID 1936 wrote to memory of 1152	1936	Unicorn-62173.exe	106
PID 4048 wrote to memory of 2336	4048	Unicorn-41037.exe	108

C:\Users\Admin\AppData\Local\Temp\057a1a11e417469d4619c2e09b717ec4c99df5df38298e900975e540d470b49dN.exe
"C:\Users\Admin\AppData\Local\Temp\057a1a11e417469d4619c2e09b717ec4c99df5df38298e900975e540d470b49dN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63813.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45417.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
        8⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3720.exe
        9⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27896.exe
        10⤵
        
        PID:12680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13874.exe
        10⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
        9⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10769.exe
        9⤵
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39287.exe
        9⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
        8⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22826.exe
        8⤵
        
        PID:11832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31191.exe
        8⤵
        
        PID:16024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28118.exe
        8⤵
        
        PID:16212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39391.exe
        7⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18433.exe
        8⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59520.exe
        9⤵
        
        PID:13504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40106.exe
        9⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1307.exe
        8⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40702.exe
        8⤵
        
        PID:15468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5478.exe
        7⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
        7⤵
        
        PID:14208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37559.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
        8⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47460.exe
        9⤵
        
        PID:12664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56443.exe
        9⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
        8⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55119.exe
        8⤵
        
        PID:13520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
        7⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63859.exe
        7⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
        7⤵
        
        PID:15656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62255.exe
        6⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42117.exe
        7⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
        7⤵
        
        PID:13216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6998.exe
        7⤵
        
        PID:15420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
        6⤵
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47554.exe
        6⤵
        
        PID:12132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12039.exe
        6⤵
        
        PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58032.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3948.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
        7⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25921.exe
        8⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50372.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14763.exe
        8⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39550.exe
        8⤵
        
        PID:14872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        8⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8359.exe
        7⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
        8⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18414.exe
        8⤵
        
        PID:14888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22321.exe
        8⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12498.exe
        7⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4151.exe
        7⤵
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43667.exe
        6⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22377.exe
        7⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58190.exe
        7⤵
        
        PID:15772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62655.exe
        6⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45555.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52614.exe
        6⤵
        
        PID:15996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
        6⤵
        
        PID:12116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        6⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12132.exe
        7⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24245.exe
        8⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
        8⤵
        
        PID:13268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46958.exe
        8⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47332.exe
        7⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10473.exe
        7⤵
        
        PID:13072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39271.exe
        7⤵
        
        PID:13440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60108.exe
        6⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
        7⤵
        
        PID:13516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
        7⤵
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        6⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58331.exe
        6⤵
        
        PID:14112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50843.exe
        6⤵
        
        PID:7240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63268.exe
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43845.exe
        6⤵
        
        PID:9464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37386.exe
        6⤵
        
        PID:12412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46303.exe
        6⤵
        
        PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51687.exe
        5⤵
        
        PID:8208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20354.exe
        5⤵
        
        PID:11404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24997.exe
        5⤵
        
        PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1903.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16445.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53149.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
        7⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32693.exe
        8⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
        8⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10769.exe
        8⤵
        
        PID:15180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48607.exe
        8⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        7⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43181.exe
        8⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
        8⤵
        
        PID:15320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48326.exe
        8⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        7⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14278.exe
        7⤵
        
        PID:15064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34923.exe
        6⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50093.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61507.exe
        7⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55815.exe
        7⤵
        
        PID:13604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48047.exe
        6⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56411.exe
        6⤵
        
        PID:13136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22254.exe
        6⤵
        
        PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12863.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
        6⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9392.exe
        7⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47720.exe
        8⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
        7⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39742.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
        6⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45244.exe
        7⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51155.exe
        7⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54155.exe
        6⤵
        
        PID:10876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16634.exe
        6⤵
        
        PID:15204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41250.exe
        6⤵
        
        PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57403.exe
        5⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30227.exe
        6⤵
        
        PID:9100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
        6⤵
        
        PID:13236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38790.exe
        6⤵
        
        PID:6512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60352.exe
        5⤵
        
        PID:8216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36889.exe
        5⤵
        
        PID:12284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1987.exe
        5⤵
        
        PID:6344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10314.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
        6⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33897.exe
        7⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16949.exe
        8⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        8⤵
        
        PID:15312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36074.exe
        8⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        7⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39987.exe
        7⤵
        
        PID:12116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56984.exe
        6⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe
        7⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        7⤵
        
        PID:14924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6961.exe
        7⤵
        
        PID:10892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58623.exe
        6⤵
        
        PID:9628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16634.exe
        6⤵
        
        PID:15188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
        6⤵
        
        PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50492.exe
        5⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7804.exe
        6⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60529.exe
        7⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5866.exe
        7⤵
        
        PID:13552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
        7⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43928.exe
        6⤵
        
        PID:11096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55694.exe
        6⤵
        
        PID:15056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        5⤵
        
        PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
        5⤵
        
        PID:11288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
        5⤵
        
        PID:1196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7226.exe
        5⤵
        
        PID:7332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32464.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        5⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3720.exe
        6⤵
        
        PID:7476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
        6⤵
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35083.exe
        6⤵
        
        PID:16124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36006.exe
        6⤵
        
        PID:14208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47576.exe
        5⤵
        
        PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2790.exe
        5⤵
        
        PID:11632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31191.exe
        5⤵
        
        PID:15968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15238.exe
        5⤵
        
        PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34182.exe
      4⤵
      PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        5⤵
        
        PID:10340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        5⤵
        
        PID:14948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51258.exe
        5⤵
        
        PID:7212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2479.exe
      4⤵
      PID:8292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
      4⤵
      PID:11372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19662.exe
      4⤵
      PID:2976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43948.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43948.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60793.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17789.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10248.exe
        8⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
        9⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53440.exe
        9⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38011.exe
        8⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19269.exe
        8⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25385.exe
        8⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
        7⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17613.exe
        8⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36810.exe
        8⤵
        
        PID:13124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        8⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8358.exe
        7⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53095.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58250.exe
        7⤵
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42411.exe
        6⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13564.exe
        7⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58593.exe
        8⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47740.exe
        9⤵
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
        9⤵
        
        PID:15980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20714.exe
        8⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41139.exe
        8⤵
        
        PID:15280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25105.exe
        8⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        7⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1254.exe
        7⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16634.exe
        7⤵
        
        PID:15196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49610.exe
        7⤵
        
        PID:9088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61679.exe
        6⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41925.exe
        7⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
        7⤵
        
        PID:12476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45639.exe
        7⤵
        
        PID:9232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37175.exe
        6⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37472.exe
        6⤵
        
        PID:14756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2007.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36429.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        7⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37789.exe
        8⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28625.exe
        9⤵
        
        PID:9220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9220 -s 464
        10⤵
        Program crash
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64351.exe
        9⤵
        
        PID:13084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12267.exe
        8⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40022.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9049.exe
        8⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16143.exe
        7⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31941.exe
        8⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42430.exe
        8⤵
        
        PID:13628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
        8⤵
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40367.exe
        7⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45607.exe
        7⤵
        
        PID:14972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe
        6⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3720.exe
        7⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe
        8⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50511.exe
        8⤵
        
        PID:14712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64662.exe
        8⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18885.exe
        7⤵
        
        PID:11760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36286.exe
        7⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65395.exe
        6⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
        7⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12739.exe
        6⤵
        
        PID:11360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37901.exe
        6⤵
        
        PID:15500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60231.exe
        5⤵
        Executes dropped EXE
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40233.exe
        6⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43491.exe
        7⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2790.exe
        7⤵
        
        PID:11448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46567.exe
        7⤵
        
        PID:15480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19521.exe
        7⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        6⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22395.exe
        6⤵
        
        PID:12380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42848.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2288.exe
        6⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55433.exe
        7⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
        7⤵
        
        PID:15000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50508.exe
        6⤵
        
        PID:10840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        6⤵
        
        PID:15012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29163.exe
        6⤵
        
        PID:10100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
        5⤵
        
        PID:8312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20354.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
        5⤵
        
        PID:1736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28483.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21681.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13076.exe
        6⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41001.exe
        7⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7804.exe
        8⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45904.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14801.exe
        8⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51035.exe
        8⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43491.exe
        7⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59852.exe
        8⤵
        
        PID:16068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20977.exe
        8⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2790.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
        7⤵
        
        PID:15668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14887.exe
        6⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7140.exe
        7⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13511.exe
        8⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4958.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
        7⤵
        
        PID:10556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43579.exe
        6⤵
        
        PID:8420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22857.exe
        6⤵
        
        PID:10376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21991.exe
        5⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19022.exe
        6⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61001.exe
        7⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34698.exe
        7⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
        7⤵
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9755.exe
        6⤵
        
        PID:9032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40346.exe
        6⤵
        
        PID:13812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50332.exe
        6⤵
        
        PID:8772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64227.exe
        5⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28033.exe
        6⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2511.exe
        6⤵
        
        PID:10380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39742.exe
        6⤵
        
        PID:14648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28344.exe
        5⤵
        
        PID:7400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2538.exe
        5⤵
        
        PID:9880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56971.exe
        5⤵
        
        PID:15136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41857.exe
        5⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22501.exe
        6⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        7⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
        7⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14782.exe
        7⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64959.exe
        6⤵
        
        PID:9252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49011.exe
        6⤵
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34689.exe
        6⤵
        
        PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44436.exe
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25833.exe
        6⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
        7⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14330.exe
        7⤵
        
        PID:14908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22321.exe
        7⤵
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28743.exe
        6⤵
        
        PID:10964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53722.exe
        6⤵
        
        PID:16036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44026.exe
        6⤵
        
        PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62847.exe
        5⤵
        
        PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45939.exe
        5⤵
        
        PID:12120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54696.exe
        5⤵
        
        PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24872.exe
      4⤵
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9288.exe
        5⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3720.exe
        6⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
        6⤵
        
        PID:10448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10769.exe
        6⤵
        
        PID:15164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        6⤵
        
        PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
        5⤵
        
        PID:7912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15042.exe
        5⤵
        
        PID:11420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46567.exe
        5⤵
        
        PID:15492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59455.exe
      4⤵
      PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13528.exe
        5⤵
        
        PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
        5⤵
        
        PID:12448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49915.exe
        5⤵
        
        PID:10156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47853.exe
      4⤵
      PID:10208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32365.exe
      4⤵
      PID:13612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44858.exe
      4⤵
      PID:6392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10210.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56325.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56657.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58733.exe
        6⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19022.exe
        7⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
        8⤵
        
        PID:14984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
        8⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2895.exe
        7⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61150.exe
        7⤵
        
        PID:13752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11763.exe
        6⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40389.exe
        7⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25657.exe
        7⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57394.exe
        7⤵
        
        PID:9704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55988.exe
        6⤵
        
        PID:10192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55435.exe
        6⤵
        
        PID:14500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22147.exe
        5⤵
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10248.exe
        6⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3056.exe
        7⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15239.exe
        8⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9234.exe
        7⤵
        
        PID:11724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25325.exe
        7⤵
        
        PID:15936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
        7⤵
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64959.exe
        6⤵
        
        PID:9260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49011.exe
        6⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49882.exe
        6⤵
        
        PID:1352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62603.exe
        5⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        6⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54543.exe
        6⤵
        
        PID:12228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55414.exe
        6⤵
        
        PID:15980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17714.exe
        6⤵
        
        PID:16052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14223.exe
        5⤵
        
        PID:8928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44430.exe
        5⤵
        
        PID:12940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9618.exe
        5⤵
        
        PID:1228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12588.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
        5⤵
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        6⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54997.exe
        7⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55119.exe
        7⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25385.exe
        7⤵
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40751.exe
        6⤵
        
        PID:8232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39690.exe
        6⤵
        
        PID:11168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61279.exe
        6⤵
        
        PID:15916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48738.exe
        6⤵
        
        PID:15936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32029.exe
        6⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25657.exe
        6⤵
        
        PID:11556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63870.exe
        6⤵
        
        PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55988.exe
        5⤵
        
        PID:10232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        5⤵
        
        PID:13728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58223.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        5⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49621.exe
        6⤵
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26006.exe
        6⤵
        
        PID:14640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64662.exe
        6⤵
        
        PID:10084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50072.exe
        5⤵
        
        PID:8500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48731.exe
        6⤵
        
        PID:15596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
        5⤵
        
        PID:11844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16354.exe
        5⤵
        
        PID:10092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55676.exe
      4⤵
      PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59081.exe
        5⤵
        
        PID:7704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50124.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
        5⤵
        
        PID:15620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44671.exe
      4⤵
      PID:8540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54563.exe
      4⤵
      PID:12360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11977.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24540.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24540.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55993.exe
        5⤵
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64109.exe
        6⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26143.exe
        7⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
        7⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35187.exe
        7⤵
        
        PID:15892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55116.exe
        6⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8553.exe
        6⤵
        
        PID:12952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10106.exe
        6⤵
        
        PID:16040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
        6⤵
        
        PID:10888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1011.exe
        5⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60529.exe
        6⤵
        
        PID:10024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5866.exe
        6⤵
        
        PID:13544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20785.exe
        6⤵
        
        PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63143.exe
        5⤵
        
        PID:9756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45998.exe
        5⤵
        
        PID:900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42131.exe
      4⤵
      PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4924.exe
        5⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56097.exe
        6⤵
        
        PID:9448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29410.exe
        6⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6421.exe
        6⤵
        
        PID:15908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        5⤵
        
        PID:9896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42742.exe
        6⤵
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39987.exe
        5⤵
        
        PID:12660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30621.exe
        5⤵
        
        PID:7280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5182.exe
      4⤵
      PID:5648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9859.exe
      4⤵
      PID:10468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36941.exe
      4⤵
      PID:14656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36242.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36242.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60077.exe
      4⤵
      PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-72.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-72.exe
        5⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38993.exe
        6⤵
        
        PID:8916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1014.exe
        6⤵
        
        PID:10416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54663.exe
        6⤵
        
        PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61660.exe
        5⤵
        
        PID:9808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64526.exe
        5⤵
        
        PID:13404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5462.exe
        5⤵
        
        PID:1752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48048.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44067.exe
      4⤵
      PID:9632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58331.exe
      4⤵
      PID:14104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8850.exe
      4⤵
      PID:2864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10875.exe
    3⤵
    PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-840.exe
      4⤵
      PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        5⤵
        
        PID:8708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4906.exe
        5⤵
        
        PID:11088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2337.exe
        5⤵
        
        PID:4040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
      4⤵
      PID:9904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39987.exe
      4⤵
      PID:13208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56197.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56197.exe
    3⤵
    PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
      4⤵
      PID:12000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
      4⤵
      PID:15444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14958.exe
      4⤵
      PID:15972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
      4⤵
      PID:12680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34822.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34822.exe
    3⤵
    PID:8272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
    3⤵
    PID:15300
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39309.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39309.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57373.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60165.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47249.exe
        7⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10248.exe
        8⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26601.exe
        9⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54592.exe
        9⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40702.exe
        9⤵
        
        PID:15452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
        9⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
        8⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28005.exe
        8⤵
        
        PID:14544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45326.exe
        8⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27523.exe
        7⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51297.exe
        8⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        8⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        8⤵
        
        PID:14980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
        8⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47471.exe
        7⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14226.exe
        7⤵
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52614.exe
        7⤵
        
        PID:15960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8850.exe
        7⤵
        
        PID:16356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7539.exe
        6⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33705.exe
        7⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45817.exe
        8⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36810.exe
        8⤵
        
        PID:13104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        8⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36579.exe
        7⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15517.exe
        7⤵
        
        PID:13492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52822.exe
        7⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42131.exe
        6⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
        6⤵
        
        PID:10676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61446.exe
        6⤵
        
        PID:14744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62064.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31297.exe
        6⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        7⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        8⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:14216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
        8⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2033.exe
        8⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63092.exe
        7⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50354.exe
        7⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25105.exe
        7⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40699.exe
        6⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9060.exe
        7⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17284.exe
        8⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
        7⤵
        
        PID:12208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
        7⤵
        
        PID:10628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8358.exe
        6⤵
        
        PID:8944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28783.exe
        6⤵
        
        PID:12812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-682.exe
        6⤵
        
        PID:16148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57368.exe
        5⤵
        
        PID:5924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        6⤵
        
        PID:11140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33598.exe
        6⤵
        
        PID:15232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
        6⤵
        
        PID:9952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55143.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47930.exe
        5⤵
        
        PID:13336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37825.exe
        5⤵
        
        PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4939.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10388.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22169.exe
        6⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10248.exe
        7⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48173.exe
        8⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22185.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        9⤵
        
        PID:14940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44242.exe
        9⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20959.exe
        8⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44539.exe
        7⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
        7⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7226.exe
        7⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe
        7⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        7⤵
        
        PID:14932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        6⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30755.exe
        6⤵
        
        PID:12968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2303.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
        6⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        7⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58732.exe
        8⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8323.exe
        7⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20665.exe
        7⤵
        
        PID:15240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
        7⤵
        
        PID:10524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34258.exe
        6⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59904.exe
        7⤵
        
        PID:14192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
        6⤵
        
        PID:12264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8850.exe
        6⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45919.exe
        5⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40389.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25657.exe
        6⤵
        
        PID:12468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37637.exe
        6⤵
        
        PID:15892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47323.exe
        5⤵
        
        PID:10220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48890.exe
        5⤵
        
        PID:13696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50332.exe
        5⤵
        
        PID:8644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45291.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16859.exe
        5⤵
        
        PID:632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16793.exe
        6⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52361.exe
        7⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
        7⤵
        
        PID:13508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41766.exe
        7⤵
        
        PID:16196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32427.exe
        7⤵
        
        PID:16108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57576.exe
        6⤵
        
        PID:9844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39987.exe
        6⤵
        
        PID:12356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6501.exe
        6⤵
        
        PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29302.exe
        5⤵
        
        PID:6608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41764.exe
        5⤵
        
        PID:9560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49666.exe
        5⤵
        
        PID:14084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50267.exe
        5⤵
        
        PID:6804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21903.exe
      4⤵
      PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32833.exe
        5⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        6⤵
        
        PID:7636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1254.exe
        6⤵
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
        6⤵
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61644.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63122.exe
        5⤵
        
        PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45014.exe
        5⤵
        
        PID:16160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22599.exe
        5⤵
        
        PID:5788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59455.exe
      4⤵
      PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32029.exe
        5⤵
        
        PID:8396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25954.exe
        5⤵
        
        PID:10972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12286.exe
        5⤵
        
        PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57492.exe
      4⤵
      PID:8228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36024.exe
      4⤵
      PID:13196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1354.exe
      4⤵
      PID:7904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1903.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27855.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53917.exe
        5⤵
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
        6⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
        7⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6424.exe
        8⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62763.exe
        8⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26561.exe
        8⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        7⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33161.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9930.exe
        7⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 220
        8⤵
        Program crash
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28779.exe
        6⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5338.exe
        6⤵
        
        PID:9916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16634.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46958.exe
        6⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18587.exe
        5⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49621.exe
        6⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        6⤵
        
        PID:14912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
        6⤵
        
        PID:9388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43928.exe
        5⤵
        
        PID:10068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4165.exe
        5⤵
        
        PID:13588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33508.exe
        5⤵
        
        PID:6860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55955.exe
      4⤵
      PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
        5⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        6⤵
        
        PID:8572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
        6⤵
        
        PID:11800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
        6⤵
        
        PID:9580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35603.exe
        5⤵
        
        PID:8444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49203.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21102.exe
        5⤵
        
        PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2583.exe
      4⤵
      PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        5⤵
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34388.exe
        6⤵
        
        PID:14424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59395.exe
        5⤵
        
        PID:12104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
        5⤵
        
        PID:7960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8490.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31018.exe
      4⤵
      PID:12456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10314.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10314.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57425.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
        5⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62677.exe
        6⤵
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26055.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9425.exe
        6⤵
        
        PID:14416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33771.exe
        6⤵
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45116.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1254.exe
        5⤵
        
        PID:10364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16634.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41250.exe
        5⤵
        
        PID:9376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14119.exe
      4⤵
      PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        5⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20405.exe
        6⤵
        
        PID:10824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52691.exe
        6⤵
        
        PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20714.exe
        5⤵
        
        PID:11208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4574.exe
        5⤵
        
        PID:14620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45063.exe
      4⤵
      PID:6440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62952.exe
      4⤵
      PID:9708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36941.exe
      4⤵
      PID:14676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20019.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20019.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33409.exe
      4⤵
      PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9392.exe
        5⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22377.exe
        6⤵
        
        PID:10496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50511.exe
        6⤵
        
        PID:14724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4641.exe
        6⤵
        
        PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57960.exe
        5⤵
        
        PID:9244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12009.exe
        5⤵
        
        PID:13852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
        5⤵
        
        PID:6228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
      4⤵
      PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58700.exe
        5⤵
        
        PID:14820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61315.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9986.exe
      4⤵
      PID:16336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50332.exe
      4⤵
      PID:8836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
    3⤵
    PID:1868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5918.exe
      4⤵
      PID:12152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55607.exe
      4⤵
      PID:16132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8193.exe
      4⤵
      PID:10144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47853.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47853.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:10180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32365.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32365.exe
    3⤵
    PID:13620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48634.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48634.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6424
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37263.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37263.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41037.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41037.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10388.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49273.exe
        7⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52361.exe
        8⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33771.exe
        8⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61660.exe
        7⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48190.exe
        7⤵
        
        PID:13452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57403.exe
        7⤵
        
        PID:16164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57699.exe
        6⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52361.exe
        7⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
        7⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        7⤵
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
        6⤵
        
        PID:9712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49666.exe
        6⤵
        
        PID:14096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55503.exe
        6⤵
        
        PID:15448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18342.exe
        5⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47389.exe
        6⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        7⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
        7⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22453.exe
        7⤵
        
        PID:13872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50123.exe
        6⤵
        
        PID:10148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8554.exe
        6⤵
        
        PID:13684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20611.exe
        5⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38853.exe
        6⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40776.exe
        7⤵
        
        PID:16336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26126.exe
        7⤵
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58676.exe
        6⤵
        
        PID:11376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40702.exe
        6⤵
        
        PID:15460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15698.exe
        5⤵
        
        PID:8692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5554.exe
        5⤵
        
        PID:12976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28505.exe
        5⤵
        
        PID:5312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65188.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        5⤵
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25433.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3720.exe
        7⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18885.exe
        7⤵
        
        PID:11764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15814.exe
        7⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28118.exe
        7⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43491.exe
        6⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56272.exe
        7⤵
        
        PID:14280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23210.exe
        6⤵
        
        PID:11320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14278.exe
        6⤵
        
        PID:14608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        5⤵
        
        PID:1392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
        6⤵
        
        PID:9820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34454.exe
        6⤵
        
        PID:13432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
        6⤵
        
        PID:16324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55988.exe
        5⤵
        
        PID:10164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55435.exe
        5⤵
        
        PID:14508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20890.exe
      4⤵
      PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37767.exe
        5⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        6⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
        6⤵
        
        PID:11872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe
        6⤵
        
        PID:16104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2338.exe
        6⤵
        
        PID:7948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
        5⤵
        
        PID:9548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
        5⤵
        
        PID:13316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37637.exe
        5⤵
        
        PID:1852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43040.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35485.exe
        5⤵
        
        PID:9564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37386.exe
        5⤵
        
        PID:9816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        5⤵
        
        PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30787.exe
      4⤵
      PID:10172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
      4⤵
      PID:13704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32454.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27021.exe
        5⤵
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22309.exe
        6⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32029.exe
        7⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25657.exe
        7⤵
        
        PID:12420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58250.exe
        7⤵
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20331.exe
        6⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31523.exe
        6⤵
        
        PID:9656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2986.exe
        6⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
        5⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60181.exe
        6⤵
        
        PID:9428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29410.exe
        6⤵
        
        PID:12864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35326.exe
        6⤵
        
        PID:16124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8358.exe
        5⤵
        
        PID:9180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
        5⤵
        
        PID:13144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37061.exe
        5⤵
        
        PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28343.exe
      4⤵
      PID:4804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20877.exe
        5⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12864.exe
        6⤵
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        6⤵
        
        PID:14900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8917.exe
        6⤵
        
        PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49408.exe
        5⤵
        
        PID:9764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46846.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8202.exe
        5⤵
        
        PID:16128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53807.exe
      4⤵
      PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
        5⤵
        
        PID:14032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11831.exe
      4⤵
      PID:9472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9941.exe
      4⤵
      PID:13176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25446.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25446.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36341.exe
      4⤵
      PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61525.exe
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        6⤵
        
        PID:7540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14477.exe
        6⤵
        
        PID:12016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55692.exe
        5⤵
        
        PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43146.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61862.exe
        5⤵
        
        PID:9048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
      4⤵
      PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
        5⤵
        
        PID:12008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3621.exe
        5⤵
        
        PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57087.exe
      4⤵
      PID:10252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22525.exe
      4⤵
      PID:15952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48703.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48703.exe
    3⤵
    PID:6120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63357.exe
      4⤵
      PID:7564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50124.exe
      4⤵
      PID:11492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
      4⤵
      PID:15760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28135.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28135.exe
    3⤵
    PID:8532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
    3⤵
    PID:12348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
    3⤵
    PID:15928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23938.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23938.exe
    3⤵
    PID:15520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21503.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21503.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23217.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        5⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10248.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        7⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15901.exe
        7⤵
        
        PID:13988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57403.exe
        7⤵
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
        6⤵
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21461.exe
        6⤵
        
        PID:13868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62903.exe
        6⤵
        
        PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37767.exe
        5⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22377.exe
        6⤵
        
        PID:10516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50511.exe
        6⤵
        
        PID:14736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42742.exe
        6⤵
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9858.exe
        5⤵
        
        PID:9828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48738.exe
        5⤵
        
        PID:4532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27383.exe
      4⤵
      PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10248.exe
        5⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        6⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10459.exe
        7⤵
        
        PID:15040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25095.exe
        6⤵
        
        PID:9144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53198.exe
        6⤵
        
        PID:13740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15166.exe
        6⤵
        
        PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48816.exe
        5⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9112.exe
        6⤵
        
        PID:11344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24226.exe
        6⤵
        
        PID:15636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46826.exe
        6⤵
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36667.exe
        5⤵
        
        PID:10264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4574.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37175.exe
      4⤵
      PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17613.exe
        5⤵
        
        PID:9020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
        5⤵
        
        PID:13148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55623.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37175.exe
      4⤵
      PID:10768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37280.exe
      4⤵
      PID:14956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19879.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19879.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46865.exe
      4⤵
      PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59257.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50648.exe
        6⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34573.exe
        7⤵
        
        PID:1232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38294.exe
        6⤵
        
        PID:13180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31005.exe
        6⤵
        
        PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20331.exe
        5⤵
        
        PID:8332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31523.exe
        5⤵
        
        PID:12248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
        5⤵
        
        PID:7688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8219.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55189.exe
        5⤵
        
        PID:7668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1307.exe
        5⤵
        
        PID:11436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40702.exe
        5⤵
        
        PID:15508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28187.exe
        5⤵
        
        PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47471.exe
      4⤵
      PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39744.exe
        5⤵
        
        PID:6200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14226.exe
      4⤵
      PID:12392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52614.exe
      4⤵
      PID:15908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
      4⤵
      PID:6336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
    3⤵
    PID:1124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-72.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-72.exe
      4⤵
      PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        5⤵
        
        PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36810.exe
        5⤵
        
        PID:13244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26843.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61660.exe
      4⤵
      PID:9796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44071.exe
      4⤵
      PID:14200
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14200 -s 464
        5⤵
        Program crash
        
        PID:16076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14363.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14363.exe
    3⤵
    PID:6988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62400.exe
      4⤵
      PID:15100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8586.exe
      4⤵
      PID:5912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41267.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41267.exe
    3⤵
    PID:9616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
    3⤵
    PID:14072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41972.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41972.exe
    3⤵
    PID:9420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7514.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7514.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:64
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61317.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61317.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
      4⤵
      PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7804.exe
        5⤵
        
        PID:7516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4836.exe
        6⤵
        
        PID:10464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60215.exe
        6⤵
        
        PID:14476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
        5⤵
        
        PID:8924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35083.exe
        5⤵
        
        PID:16140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24906.exe
        5⤵
        
        PID:9484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43491.exe
      4⤵
      PID:7352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22826.exe
      4⤵
      PID:11560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39743.exe
      4⤵
      PID:15708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33273.exe
      4⤵
      PID:8792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11763.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11763.exe
    3⤵
    PID:5992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22377.exe
      4⤵
      PID:10504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58190.exe
      4⤵
      PID:15840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11290.exe
    3⤵
    PID:3264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56411.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56411.exe
    3⤵
    PID:13228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28990.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28990.exe
    3⤵
    PID:9512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7263.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7263.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40233.exe
    3⤵
    PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30389.exe
      4⤵
      PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60181.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62275.exe
        5⤵
        
        PID:13172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe
        5⤵
        
        PID:16148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        5⤵
        
        PID:7740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58152.exe
      4⤵
      PID:9204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12741.exe
      4⤵
      PID:13344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49915.exe
      4⤵
      PID:10020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8743.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8743.exe
    3⤵
    PID:7408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1254.exe
    3⤵
    PID:10976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
    3⤵
    PID:10624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55133.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55133.exe
  2⤵
  PID:6096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
    3⤵
    PID:7844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26412.exe
      4⤵
      PID:15544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48396.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48396.exe
    3⤵
    PID:11060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35083.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35083.exe
    3⤵
    PID:16132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4321.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4321.exe
    3⤵
    PID:16348
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46638.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46638.exe
  2⤵
  PID:7632
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26122.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26122.exe
  2⤵
  PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 9220 -ip 9220
1⤵
PID:11088

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 6708 -ip 6708
1⤵
PID:6832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10210.exe

Filesize
468KB

MD5
e7f1efda89567bf38f908479da0e1d13

SHA1
799b4ff7f747cddd0c171c13187f7f4689e7d2a1

SHA256
7779788be86a3530884607a4ca564d7de4042c07885a8928c312313d9854e261

SHA512
d6adea1e4e4a106731c3ca14b8976794e2dc5cd9e60f475ff2ec60d875e737f71c8c3b27ad4bcd51b1acf64025e3a5e8e1b160107a3aaa30a215910d0c9a5046

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10314.exe

Filesize
468KB

MD5
62cf70d1832eeec06775e1d9026b9449

SHA1
f5578076fb9d38501946ff9e47604869152ca9ce

SHA256
691c14d361d73fb6cff1d0511e2223a84fdc9a8aab5ca0e69be82c606515d658

SHA512
74bc37d545b283639bed98792101f7e282fc90679eb4be1b88c13c39868e7e6301409e8a5f73fa3b36d8f031c25cc82383b59c645d15be864efa4f873c3b1a92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe

Filesize
468KB

MD5
737aa26bf8780bc1bbb00707242a1599

SHA1
7f3a19fe9a022ec109fac3d23b2b7db9466a2663

SHA256
b8542e671d355e823cb41f32c7ce2f60b44db4650d3341b1bf543c05d191440d

SHA512
173c76bd8ac6b8025d309b2b6f375f9aa2a722ddf8fb10d7eb422a4bc125287b58b9bf39995809a02a83d75988b3bb6316c8a73f43d779f4b7bb1aad27c62120

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16445.exe

Filesize
468KB

MD5
2d5909465a7a3093ccdca1efe2de06ea

SHA1
db21c0574b7f960ac354d286e1925c8e3fe56199

SHA256
b857688ae3f3b230722aef19852b520cb1967fad5d0c5f13fb937c0ab78e4aa6

SHA512
1989682128c2b01c64898c03d26cb5a95de6c9f8b91264bcdd7f9d94098d65b0504ccee4fb45bb26692a1cf1820287b74668a52ae0ffe26c41fb8272e69aac1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17789.exe

Filesize
468KB

MD5
a05338697f0c419cbe477b701351be4a

SHA1
a6a5a8b9e68fd08852a42e5961ea70d0783ff4bd

SHA256
b625575c0976fdb6860fc3a40fba1077595f74beace2d59312edb6a123a90c8b

SHA512
25882a24254c27252b8bbddb2b4dea9aaef18c7e2802b4c285259ae0399e086ff6096be63921a5da6277598ca6c4bf8c83aaaa2e6807096c6e376c1eaa9447f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1903.exe

Filesize
468KB

MD5
caa299ee293e92ac142c931f7aa775f5

SHA1
00941e48c91414edf1da38f92de140c30ae680da

SHA256
e4aede4ef233d5bd598f1cb7a2f090125e973ca9b5bb8a8fca7ac2365ec68a69

SHA512
8c920a708cd8736561e5c205cd5bd11acfcc14dc433b58f21cb68577f84cb5833481f55397a74b3c46d120b81941a11d236fafac5c77c66767163f8537c0fc7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2007.exe

Filesize
468KB

MD5
0ff4df661a820c6b147bfd7981b37c10

SHA1
2d04fb11547e8232d7ae1e73afae1149e400d5d3

SHA256
426eabe9eb70f6c5548dc76fc172fcf79b20bf4a9ab6e2fcdde40e99e5df6cd4

SHA512
b06ee6c015b937a908f2ef4086a161b48b586d4a9e44f3a4f7c75cbc53cc468a7895783da601540210d3588181d3051678c8dda663088c48f7260cddf4c0b87d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21503.exe

Filesize
468KB

MD5
00bbe473b3bde49ea733eb5f1149a66f

SHA1
f67cf5528001e61b75925c229cb4f2b738aae582

SHA256
ffcfc34d9b8d3c7ef86efea526a2cbd662fcd4dc14ff3446d84575264900e8e4

SHA512
7dfc17d024ef4ddf02c320014f849e310abb5b81fa52943e8f3c1ab396e6afdecafca7130f9bbdf8b8eb5ca28abb1568e612bd916f3db0cf30ef589bc48525be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21681.exe

Filesize
468KB

MD5
4b2aa50c54b8cf2601a2daf7ddc2fb62

SHA1
a9f0a0d2323e0fb0e43b23173c0475614e17da73

SHA256
ce159bcbf960ab87b8b1d8399776aa2f5671076916c173269f664335f09cecaa

SHA512
ff2a74386a338be04fb3deb2e02078d5214e9c72b2edcf99a6769fd4f8494b9d26bb8df3ca9c4f56756207c5bb8439d2c0dc811ac90f1d47ed90dac111fb436a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe

Filesize
468KB

MD5
9cb2d0c4c9b9c8f6d3588e434e966636

SHA1
912b6b048c0a617f8388c417b54791b9b24562af

SHA256
f7a249d07474fdfcd30c69b6509e112aed8d8ffbf6500c0728685df477132839

SHA512
83126b52aa43c0e07d7186314c57eb6171d20feb0b5f80e30348cb65bcc6dac6445f25486e3ea735c42dd0839afa8ed675896ae87a06766233a5cd7eb1e4e9f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24540.exe

Filesize
468KB

MD5
dfb537fcb27965f950f719eb3ea74645

SHA1
620337799c3af9c2ab3238dee72d1da25bbe2afc

SHA256
2443fe8adc5b492c4baf93b08c71572a265c46b127c41ec4ff471f1a907514fa

SHA512
98eb53553ed735e1dd23afcf83ed1926fea111108777dda4af165cf5266a7dd24b8420eff1d814784d9ef83400a9b3b8958f97b6ac257ea6ee248390c70a565f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28483.exe

Filesize
468KB

MD5
ef6acdd6d55f685f0ca57f8a0c1e5e30

SHA1
420d86002b6664c066c1780f625bc68169c02f70

SHA256
5f1e33a7d3ca74c38c5cf28312b9d17cb66625bcb9e4e753991c25d559c2a877

SHA512
587b417edfb1832fdb431f7d5083f2e6437c55f93cb49512b4528ec927971a8291b3e724513d4cf7dd0504dc720e2e862c508c4efb6ec48fa3b40260291bcb0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe

Filesize
468KB

MD5
a20b8f22845e0e75690d3a329c0fa4e3

SHA1
1848461928e495b547550397450eb2b54d61af4a

SHA256
53ebf9be94eb3c99fc3e9a02f6b3c478e0bc5aa8a825958a24cb0746e7c9377c

SHA512
aff6660e6cde24994630d97c1d066cba714374425d0974ba54ea6746a1d8cab8ceaa215ea128c6964c5bd02be40ddfd1a80f5747629c2378b190c23f0e0e4718

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe

Filesize
468KB

MD5
7dbd07361118d4f16c360e9d28558257

SHA1
f50d80d7f8b7445f95fd60c6b25c37373c769cb3

SHA256
15beb4fef2f0f160e7cc7520b0c5c31430619ec4dac12d83eb1bf05049153d06

SHA512
d9084d6188d57d17a84d57977578b3b094d83f14122404cf0d601959e597cbf30dcb400a8a1353d44d3d33fb8c01eb37772224da6e6c597f93bf990edbb02aa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37263.exe

Filesize
468KB

MD5
548c80eafeff2efdc85547bfcd4d1416

SHA1
3b6ce5ed2e732ec210cf0f6cea15243256830ad3

SHA256
551a5202eb3b0c949959ebbeb18c5d0044f0bd92cc397814b95cec8b93bffd25

SHA512
81dce89b5fe9bc669b2d472031d55da8f9fc3f44dbbd788e08dce5f15f466491cae59222304dbc284641f6745c3d00a11d958508cc0223c2339d1da6895103fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39309.exe

Filesize
468KB

MD5
80e57e04db627bfec77376079050582c

SHA1
6be68e1b674b4647d7e884bfe9a38571da1476cc

SHA256
fc684e22b5357ab3890374e00b7619ecc473ad5ace38ec70ba105fa75b18944e

SHA512
0999b6b317ac0869970c8e85d5cabf4bd25981e1ef02ec35abd62189babcc3fbbcffe8181d0c48cf2cc99dba730d9df380aef662c3177e45e95935003a7573d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41037.exe

Filesize
468KB

MD5
13c48bda7a7b98e01df0b67bd30eb609

SHA1
7ebbc8110d354058d3c54d939b4bc8fd53422245

SHA256
17bed142e8cfcf6f3f39ef3ca24d62bf3ab4f952d4a4ca2893f26bc54b2c1718

SHA512
98a35220fc33e9e83da13b046079039f37aaf4c51a9e058fcc38e979521e16a3dcf8c2e741d7d5162039f622b04294837cb3549a8f2ef4224faec7afe108eef7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43948.exe

Filesize
468KB

MD5
fc597fdb642d4589b298eb9b9c65e970

SHA1
aad23c1ff0a6cdf675751274b95ce52d32cf7490

SHA256
7246acd5a9f9f60aee83c01d4a9b366e0ba9415f5c4b0f71a3ba44eb175ec35d

SHA512
ac359c9d7ba727204c8b6105fe33cf1c0b98102e15e275d397cfff495a4131b3cbade9e19402b7bf5aac59fd02375367c0e1ff2040bead1e7167f073e898a8de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe

Filesize
468KB

MD5
23568a83b539e2d7b27978e7f1148f99

SHA1
adcb956d60803c8b0f284b8da5e535fd24241cef

SHA256
617cc84ac132e54d0d8fdd34dd97c221e1c56c81f0d9532eb13ed5656a8c7ae1

SHA512
2660bccf282abc74790fd0075e9d6050229436a5a0562f7ba20fdceb718e7e3ac6516f5621fbabe6490847958350652c85ac55fab090d38c49237267632c641c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45417.exe

Filesize
468KB

MD5
11e4ab5875591e4aead7944f32a18ade

SHA1
8d8b525d1017f244c640e34f2b4f0ecbe270f84d

SHA256
ab000a7b948623b6b2cdfcb176aedfefc35aa7f2205f6a4952e5d6958f4e1f9b

SHA512
14ce20af2e200f438a25a332a1c3c595ef06398f1f4104788a0f30ec6144e75d3b50c1a8f58ee63399665ff5c542d2e0089741381db40a85ae2289a7dd8507cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4939.exe

Filesize
468KB

MD5
31b750e4a7dbf997ac42a9137e70ec6f

SHA1
23732ac8cd3104f3793b6332df32e5960228bac9

SHA256
2e523d4d161724fe4faaf345bfff060454d3563a8854c0bbc3418c845fa4f856

SHA512
e4338a61252b33be86a88a9f85319b080ff757f09d25c1f547bead865c492d8ddebbb436f30a0bffc944a62fa86608dbd9db8d9df2e41d79b18a8edc87072150

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56325.exe

Filesize
468KB

MD5
2bf075035f8e48cb7cd0b3ef98e97922

SHA1
888f3d66d716210d7eb03e2794ce25dacb81b9b3

SHA256
04dbf22c88b5588726d16c84ce7b1024742ede7d19ce817977f29abb053a793c

SHA512
299f46387673ad3a30cc113cbaa180d3b097784a880698b4aadfe710d5abb037d4831402fbc8c54d68d3e73d38a70bf94fe9f9bcc52b9cc2514990cb137c980e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57373.exe

Filesize
468KB

MD5
f51bc8a98256c7b677cfa0eebc2168eb

SHA1
17736fac80a1093166ac800971bc3c98f6ecb0ba

SHA256
97afc964c934385a7a3ef6624d8e7fa53861a87485640e7efbefe970bff096db

SHA512
ac164ee562e360e3416e7f853c5e0d9352f5d513d905ab397fc354570b57d8b7dd21a8e897d6de2a861b5693016f4fe991d47959e7bf634215ed32d2cf065b45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58032.exe

Filesize
468KB

MD5
7d08c994ad4e35a54cf387b807a88013

SHA1
e9db0ff36b318a2d0f2cff3bd45eeb568e1adb77

SHA256
935c91b7e06134d3ca296f12d99b0be18a063ae55b6b2ff5fd30b012a052fc93

SHA512
21426a6ba304b257c6904036f2e06697aff3de908afc033e46807beb15f964915447d83a69bfae0714d3e249814dc6fc373bfd62a32b20985e9d25cc8c81053a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60793.exe

Filesize
468KB

MD5
6b28f42c92481176230ed38516fc3d95

SHA1
8c1b9801090c5d2a1fc00137a3b04baa727b454a

SHA256
dd934917458bb7e42b3fb849155e14763214e076c82b53c2512af50b29cb1762

SHA512
39401bec27f17d31c4ad37c76d280ccf557d30c41684e8cc288e3ecdc66392106ce3aed5b4ef5bb87696d0cc311c9a6dc22bc08ab8b621595abda90943586a0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe

Filesize
468KB

MD5
906ca0583cbe0b1ad1c379885e9543a9

SHA1
1577e688da5928f7002e9c9a6013ea5501fbc00a

SHA256
54cf8b7de6abff807eb7da0a118f0102d24af55b8c8c03ca09d179af1c6b0317

SHA512
2e682931b4fc112a607abf10781df3697b7dde5479cb30ee2505ad29db7cf54de5ddaf096848c8f58704209164449b5c2dda6c4bea2e403a7f4ec7f9ccc38441

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe

Filesize
468KB

MD5
900128bb6abda08bc15fdb272732f5f2

SHA1
1d008aa28776d65f2410c5e136abeaa948025618

SHA256
0f957806c884ee5ea9fc2d0b7ba1403d298970423af13ed639fecc3dda055822

SHA512
73c3a3768772ba4800a44329d19d7bbca3acc096257ccff409c6774235e970f4c7b4c955d02f8baa09423227ca82a15488caa0ae22f526d96f07b54d986245b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63813.exe

Filesize
468KB

MD5
4b38764ba693427cbecc5012112d7eb0

SHA1
3f2b4235ce1fecdfe89a499896f4ebddfadae931

SHA256
e871e6be66feca700f0671fce225e62650d963bfbbf160d78de00b78017736fc

SHA512
9194436cd0d3b973edf2b5eee6b582839f964befa1687afe10904113cc91fadd157602ddf4f880d45d6c2d58e184a55ba3cee3b18c402fec132d3b143d491adb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7514.exe

Filesize
468KB

MD5
e7caf7d7de9daf0211821fdf6f30956a

SHA1
39e3e156c1f478a7ca38756f6fba34d1598d5916

SHA256
9815c39a2953a0bedf6851f9b99611e7c4f8a23a115120637fa2b2e0caf8003b

SHA512
4453086f2c2ad156399b984b70d3f881a358bd1f423f054ecd0aa481b80f6e302ced6a9131c61fd8e27b4478b1ba49eb30d76c3e62ca6a74a952af92de61020f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe

Filesize
468KB

MD5
d5f03c892bb285558a6c5ee9f8d1f1d1

SHA1
ce6ae3352bda4d6094c33a7b5d1016c291ac04ba

SHA256
52043f346baa397354eb2cf3c61d3adae487c1481275bc0bf9102eaeabccba4e

SHA512
df0a700450b09f0e90c13995632f6a22a198712367b7dbfa0d0422360a4906472c511063e6698821dba44f0b017f8be4270540c3cea4caa72c3bef8f38e53f5b

Download Submit
memory/60-424-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/64-186-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/208-251-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/396-222-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/560-422-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/632-667-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/748-479-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/824-351-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/936-32-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1116-321-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1132-65-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1152-154-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1372-664-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1400-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1472-381-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1552-208-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1756-256-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1788-295-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1804-232-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1836-93-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1840-185-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1936-7-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2008-297-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2076-113-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2104-633-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2116-68-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2144-423-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2252-214-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2272-380-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2308-383-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2336-169-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2340-2554-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2388-449-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2508-184-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2524-391-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2560-350-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2608-284-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2752-188-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2764-392-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2792-239-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2848-352-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2984-447-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3084-643-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3088-125-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3196-21-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3200-277-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3216-170-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3312-379-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3360-341-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3452-468-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3512-382-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3528-630-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3568-2598-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3568-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3692-101-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3700-30-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3708-303-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3712-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3736-308-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3912-384-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3916-390-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3928-278-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4000-393-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4012-389-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4020-442-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4032-45-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4048-89-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4108-144-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4112-283-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4220-305-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4248-568-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4288-107-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4308-189-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4316-354-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4460-632-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4536-353-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4544-631-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4580-425-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4680-279-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4792-90-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4852-665-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4872-227-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4904-311-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4924-312-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4992-187-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5012-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5020-120-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5076-309-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5080-44-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5140-666-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5216-668-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5232-669-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5260-671-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5268-675-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5316-689-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5340-696-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5364-700-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5380-711-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16132-2533-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads