8239d0f9db013940fa02d91aef136294247a712c959654ed20b558c28f07e846

Analysis

max time kernel
115s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17/10/2024, 12:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8239d0f9db013940fa02d91aef136294247a712c959654ed20b558c28f07e846N.exe
Size

468KB
MD5

ea2a1b8ab597e36e6e3fc5d9cdf6d950
SHA1

fddd9a58e91845d6261399e0ff3109558bd4d13a
SHA256

8239d0f9db013940fa02d91aef136294247a712c959654ed20b558c28f07e846
SHA512

c12ae7d834cfc61f2bcbd994a321a564a0fa11ac45e71cdddebb3ceec3e223b93c130ceb4ad1b4e613ee3f6978e773414258959d4dc103e10f798c03e249f3bd
SSDEEP

3072:MTANoSCVId5UtbYRPztjIf8/SUMvPgpRV5Hewvsq+KD8ZWNCQ8lH:MTqoQbUtaPJjIflcMW+KwMNCQ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2700	Unicorn-36025.exe
872	Unicorn-30161.exe
4208	Unicorn-2127.exe
3560	Unicorn-32273.exe
4372	Unicorn-47907.exe
4012	Unicorn-42147.exe
1200	Unicorn-20330.exe
4984	Unicorn-24968.exe
4128	Unicorn-40485.exe
3020	Unicorn-65446.exe
412	Unicorn-18091.exe
3624	Unicorn-64221.exe
4476	Unicorn-63282.exe
2560	Unicorn-5151.exe
4132	Unicorn-31762.exe
2968	Unicorn-41968.exe
4568	Unicorn-35846.exe
4944	Unicorn-36592.exe
1780	Unicorn-56458.exe
4744	Unicorn-15425.exe
1516	Unicorn-11076.exe
3900	Unicorn-48845.exe
1504	Unicorn-4481.exe
820	Unicorn-59804.exe
4328	Unicorn-37922.exe
4784	Unicorn-38476.exe
1568	Unicorn-8949.exe
1788	Unicorn-41814.exe
2668	Unicorn-54449.exe
1892	Unicorn-55965.exe
4020	Unicorn-51326.exe
2276	Unicorn-2125.exe
4508	Unicorn-51326.exe
2680	Unicorn-22354.exe
4796	Unicorn-22354.exe
4828	Unicorn-22354.exe
1796	Unicorn-1171.exe
1756	Unicorn-38425.exe
2284	Unicorn-10656.exe
3568	Unicorn-24391.exe
4248	Unicorn-49088.exe
4164	Unicorn-18824.exe
3552	Unicorn-35352.exe
3740	Unicorn-59878.exe
3660	Unicorn-14569.exe
2624	Unicorn-60241.exe
4344	Unicorn-34725.exe
2884	Unicorn-64922.exe
3720	Unicorn-3832.exe
1388	Unicorn-28934.exe
1588	Unicorn-43416.exe
1152	Unicorn-20382.exe
3300	Unicorn-49162.exe
5048	Unicorn-49717.exe
720	Unicorn-4045.exe
460	Unicorn-38756.exe
736	Unicorn-3853.exe
1608	Unicorn-25020.exe
5088	Unicorn-25386.exe
4492	Unicorn-49930.exe
2216	Unicorn-729.exe
4016	Unicorn-58461.exe
3732	Unicorn-41378.exe
4840	Unicorn-45654.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
2532	872	WerFault.exe	93
2320	1516	WerFault.exe	117
2720	1388	WerFault.exe	148
11908	6980	WerFault.exe	267
1800	6968	WerFault.exe	266
15408	14456	WerFault.exe	770

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19696.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41372.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20340.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8264.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59489.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34771.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27095.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45996.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-556.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44969.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41372.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39318.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26141.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25686.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61732.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57746.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46328.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14056.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41529.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40132.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50185.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4196.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41520.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8768.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18898.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29835.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17931.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44128.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8529.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19387.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54201.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
18424	svchost.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	3004	dwm.exe
Token: SeChangeNotifyPrivilege	3004	dwm.exe
Token: 33	3004	dwm.exe
Token: SeIncBasePriorityPrivilege	3004	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3812	8239d0f9db013940fa02d91aef136294247a712c959654ed20b558c28f07e846N.exe
2700	Unicorn-36025.exe
872	Unicorn-30161.exe
4208	Unicorn-2127.exe
3560	Unicorn-32273.exe
4372	Unicorn-47907.exe
4012	Unicorn-42147.exe
4984	Unicorn-24968.exe
4128	Unicorn-40485.exe
1200	Unicorn-20330.exe
3020	Unicorn-65446.exe
412	Unicorn-18091.exe
3624	Unicorn-64221.exe
4476	Unicorn-63282.exe
2560	Unicorn-5151.exe
4132	Unicorn-31762.exe
2968	Unicorn-41968.exe
1780	Unicorn-56458.exe
4568	Unicorn-35846.exe
4944	Unicorn-36592.exe
3900	Unicorn-48845.exe
4744	Unicorn-15425.exe
1504	Unicorn-4481.exe
820	Unicorn-59804.exe
4328	Unicorn-37922.exe
4784	Unicorn-38476.exe
1568	Unicorn-8949.exe
1788	Unicorn-41814.exe
2668	Unicorn-54449.exe
1892	Unicorn-55965.exe
4020	Unicorn-51326.exe
2276	Unicorn-2125.exe
4508	Unicorn-51326.exe
1796	Unicorn-1171.exe
2284	Unicorn-10656.exe
2680	Unicorn-22354.exe
3568	Unicorn-24391.exe
1756	Unicorn-38425.exe
4796	Unicorn-22354.exe
4828	Unicorn-22354.exe
4248	Unicorn-49088.exe
4164	Unicorn-18824.exe
3552	Unicorn-35352.exe
3740	Unicorn-59878.exe
2624	Unicorn-60241.exe
4344	Unicorn-34725.exe
3660	Unicorn-14569.exe
3720	Unicorn-3832.exe
2884	Unicorn-64922.exe
1388	Unicorn-28934.exe
1588	Unicorn-43416.exe
1152	Unicorn-20382.exe
3300	Unicorn-49162.exe
5048	Unicorn-49717.exe
720	Unicorn-4045.exe
460	Unicorn-38756.exe
1608	Unicorn-25020.exe
736	Unicorn-3853.exe
5088	Unicorn-25386.exe
4492	Unicorn-49930.exe
2216	Unicorn-729.exe
4016	Unicorn-58461.exe
3732	Unicorn-41378.exe
4840	Unicorn-45654.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3812 wrote to memory of 2700	3812	8239d0f9db013940fa02d91aef136294247a712c959654ed20b558c28f07e846N.exe	91
PID 3812 wrote to memory of 2700	3812	8239d0f9db013940fa02d91aef136294247a712c959654ed20b558c28f07e846N.exe	91
PID 3812 wrote to memory of 2700	3812	8239d0f9db013940fa02d91aef136294247a712c959654ed20b558c28f07e846N.exe	91
PID 2700 wrote to memory of 872	2700	Unicorn-36025.exe	93
PID 2700 wrote to memory of 872	2700	Unicorn-36025.exe	93
PID 2700 wrote to memory of 872	2700	Unicorn-36025.exe	93
PID 3812 wrote to memory of 4208	3812	8239d0f9db013940fa02d91aef136294247a712c959654ed20b558c28f07e846N.exe	94
PID 3812 wrote to memory of 4208	3812	8239d0f9db013940fa02d91aef136294247a712c959654ed20b558c28f07e846N.exe	94
PID 3812 wrote to memory of 4208	3812	8239d0f9db013940fa02d91aef136294247a712c959654ed20b558c28f07e846N.exe	94
PID 4208 wrote to memory of 3560	4208	Unicorn-2127.exe	99
PID 4208 wrote to memory of 3560	4208	Unicorn-2127.exe	99
PID 4208 wrote to memory of 3560	4208	Unicorn-2127.exe	99
PID 3812 wrote to memory of 4372	3812	8239d0f9db013940fa02d91aef136294247a712c959654ed20b558c28f07e846N.exe	100
PID 3812 wrote to memory of 4372	3812	8239d0f9db013940fa02d91aef136294247a712c959654ed20b558c28f07e846N.exe	100
PID 3812 wrote to memory of 4372	3812	8239d0f9db013940fa02d91aef136294247a712c959654ed20b558c28f07e846N.exe	100
PID 2700 wrote to memory of 4012	2700	Unicorn-36025.exe	101
PID 2700 wrote to memory of 4012	2700	Unicorn-36025.exe	101
PID 2700 wrote to memory of 4012	2700	Unicorn-36025.exe	101
PID 4372 wrote to memory of 1200	4372	Unicorn-47907.exe	103
PID 4372 wrote to memory of 1200	4372	Unicorn-47907.exe	103
PID 4372 wrote to memory of 1200	4372	Unicorn-47907.exe	103
PID 4208 wrote to memory of 4984	4208	Unicorn-2127.exe	104
PID 4208 wrote to memory of 4984	4208	Unicorn-2127.exe	104
PID 4208 wrote to memory of 4984	4208	Unicorn-2127.exe	104
PID 3812 wrote to memory of 4128	3812	8239d0f9db013940fa02d91aef136294247a712c959654ed20b558c28f07e846N.exe	105
PID 3812 wrote to memory of 4128	3812	8239d0f9db013940fa02d91aef136294247a712c959654ed20b558c28f07e846N.exe	105
PID 3812 wrote to memory of 4128	3812	8239d0f9db013940fa02d91aef136294247a712c959654ed20b558c28f07e846N.exe	105
PID 4012 wrote to memory of 3020	4012	Unicorn-42147.exe	106
PID 4012 wrote to memory of 3020	4012	Unicorn-42147.exe	106
PID 4012 wrote to memory of 3020	4012	Unicorn-42147.exe	106
PID 2700 wrote to memory of 412	2700	Unicorn-36025.exe	107
PID 2700 wrote to memory of 412	2700	Unicorn-36025.exe	107
PID 2700 wrote to memory of 412	2700	Unicorn-36025.exe	107
PID 3560 wrote to memory of 3624	3560	Unicorn-32273.exe	108
PID 3560 wrote to memory of 3624	3560	Unicorn-32273.exe	108
PID 3560 wrote to memory of 3624	3560	Unicorn-32273.exe	108
PID 4128 wrote to memory of 4476	4128	Unicorn-40485.exe	109
PID 4128 wrote to memory of 4476	4128	Unicorn-40485.exe	109
PID 4128 wrote to memory of 4476	4128	Unicorn-40485.exe	109
PID 3812 wrote to memory of 2560	3812	8239d0f9db013940fa02d91aef136294247a712c959654ed20b558c28f07e846N.exe	110
PID 3812 wrote to memory of 2560	3812	8239d0f9db013940fa02d91aef136294247a712c959654ed20b558c28f07e846N.exe	110
PID 3812 wrote to memory of 2560	3812	8239d0f9db013940fa02d91aef136294247a712c959654ed20b558c28f07e846N.exe	110
PID 4984 wrote to memory of 4132	4984	Unicorn-24968.exe	111
PID 4984 wrote to memory of 4132	4984	Unicorn-24968.exe	111
PID 4984 wrote to memory of 4132	4984	Unicorn-24968.exe	111
PID 4208 wrote to memory of 2968	4208	Unicorn-2127.exe	112
PID 4208 wrote to memory of 2968	4208	Unicorn-2127.exe	112
PID 4208 wrote to memory of 2968	4208	Unicorn-2127.exe	112
PID 1200 wrote to memory of 4568	1200	Unicorn-20330.exe	113
PID 1200 wrote to memory of 4568	1200	Unicorn-20330.exe	113
PID 1200 wrote to memory of 4568	1200	Unicorn-20330.exe	113
PID 4372 wrote to memory of 4944	4372	Unicorn-47907.exe	114
PID 4372 wrote to memory of 4944	4372	Unicorn-47907.exe	114
PID 4372 wrote to memory of 4944	4372	Unicorn-47907.exe	114
PID 3020 wrote to memory of 4744	3020	Unicorn-65446.exe	116
PID 3020 wrote to memory of 4744	3020	Unicorn-65446.exe	116
PID 3020 wrote to memory of 4744	3020	Unicorn-65446.exe	116
PID 412 wrote to memory of 1780	412	Unicorn-18091.exe	115
PID 412 wrote to memory of 1780	412	Unicorn-18091.exe	115
PID 412 wrote to memory of 1780	412	Unicorn-18091.exe	115
PID 2700 wrote to memory of 1516	2700	Unicorn-36025.exe	117
PID 2700 wrote to memory of 1516	2700	Unicorn-36025.exe	117
PID 2700 wrote to memory of 1516	2700	Unicorn-36025.exe	117
PID 4012 wrote to memory of 3900	4012	Unicorn-42147.exe	118

C:\Users\Admin\AppData\Local\Temp\8239d0f9db013940fa02d91aef136294247a712c959654ed20b558c28f07e846N.exe
"C:\Users\Admin\AppData\Local\Temp\8239d0f9db013940fa02d91aef136294247a712c959654ed20b558c28f07e846N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3812
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36025.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36025.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:872
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 488
      4⤵
      Program crash
      PID:2532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42147.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65446.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22354.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        7⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28078.exe
        8⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15109.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59614.exe
        10⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
        10⤵
        
        PID:15204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47312.exe
        10⤵
        
        PID:18020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
        10⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46957.exe
        9⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17931.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19004.exe
        9⤵
        
        PID:18128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9307.exe
        9⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5716.exe
        8⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54829.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41468.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62393.exe
        8⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14024.exe
        7⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39422.exe
        8⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51425.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14771.exe
        8⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13391.exe
        8⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51740.exe
        7⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7024.exe
        7⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62708.exe
        7⤵
        
        PID:14412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26748.exe
        6⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39318.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51394.exe
        8⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49888.exe
        8⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        8⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22327.exe
        8⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50361.exe
        7⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54548.exe
        7⤵
        
        PID:12488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
        7⤵
        
        PID:16268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19696.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23203.exe
        6⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15597.exe
        7⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10532.exe
        7⤵
        
        PID:11916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        7⤵
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        7⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46225.exe
        6⤵
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3315.exe
        6⤵
        
        PID:12984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55501.exe
        6⤵
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35110.exe
        6⤵
        
        PID:756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35352.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        6⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37398.exe
        7⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2665.exe
        8⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10069.exe
        9⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62909.exe
        8⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46328.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59660.exe
        8⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34496.exe
        7⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
        7⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41581.exe
        7⤵
        
        PID:14684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31071.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:18100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23344.exe
        6⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51394.exe
        7⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49888.exe
        7⤵
        
        PID:12740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        7⤵
        
        PID:16388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59660.exe
        7⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6535.exe
        6⤵
        
        PID:9032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64113.exe
        6⤵
        
        PID:12648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6499.exe
        6⤵
        
        PID:15016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        6⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
        5⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60122.exe
        6⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46194.exe
        7⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54113.exe
        7⤵
        
        PID:11700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35716.exe
        7⤵
        
        PID:14584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
        7⤵
        
        PID:1180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16344.exe
        6⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24267.exe
        6⤵
        
        PID:11992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
        6⤵
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29727.exe
        6⤵
        
        PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
        5⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22282.exe
        6⤵
        
        PID:10712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17180.exe
        6⤵
        
        PID:14888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2788.exe
        6⤵
        
        PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44296.exe
        5⤵
        
        PID:10564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60241.exe
        5⤵
        
        PID:11980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60262.exe
        5⤵
        
        PID:18036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39427.exe
        5⤵
        
        PID:9136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48845.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2125.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49930.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27310.exe
        7⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57486.exe
        8⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35494.exe
        9⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43884.exe
        9⤵
        
        PID:15452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
        9⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27880.exe
        8⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
        8⤵
        
        PID:15160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13391.exe
        8⤵
        
        PID:17412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15384.exe
        7⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15523.exe
        7⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-548.exe
        7⤵
        
        PID:14636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36224.exe
        6⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38580.exe
        7⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
        8⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58912.exe
        7⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8768.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19696.exe
        7⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15367.exe
        6⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe
        7⤵
        
        PID:18144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8.exe
        6⤵
        
        PID:11656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58048.exe
        6⤵
        
        PID:15444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59077.exe
        6⤵
        
        PID:7896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58461.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16402.exe
        6⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
        7⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
        8⤵
        
        PID:12580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61101.exe
        8⤵
        
        PID:16312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        7⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3759.exe
        7⤵
        
        PID:12456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        7⤵
        
        PID:17436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47984.exe
        7⤵
        
        PID:9284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39784.exe
        6⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9069.exe
        7⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57289.exe
        7⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27210.exe
        7⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19275.exe
        6⤵
        
        PID:11196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52193.exe
        6⤵
        
        PID:14456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55309.exe
        6⤵
        
        PID:15580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3589.exe
        6⤵
        
        PID:9716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51304.exe
        5⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37502.exe
        6⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43994.exe
        7⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 636
        7⤵
        Program crash
        
        PID:11908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46661.exe
        6⤵
        
        PID:8928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38596.exe
        6⤵
        
        PID:13028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        6⤵
        
        PID:16356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43900.exe
        6⤵
        
        PID:8956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
        5⤵
        
        PID:7684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59078.exe
        6⤵
        
        PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57892.exe
        5⤵
        
        PID:10740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51689.exe
        5⤵
        
        PID:14108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
        5⤵
        
        PID:18240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57927.exe
        5⤵
        
        PID:744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49088.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
        5⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        6⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43994.exe
        7⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
        7⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
        7⤵
        
        PID:14468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18740.exe
        7⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37044.exe
        6⤵
        
        PID:8924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41529.exe
        6⤵
        
        PID:12396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27095.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62442.exe
        6⤵
        
        PID:9100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20776.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62200.exe
        6⤵
        
        PID:16684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7688.exe
        5⤵
        
        PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54244.exe
        5⤵
        
        PID:13204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        5⤵
        
        PID:17484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48514.exe
        5⤵
        
        PID:17756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54709.exe
      4⤵
      PID:1916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63054.exe
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        6⤵
        
        PID:7984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18124.exe
        6⤵
        
        PID:12112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        6⤵
        
        PID:15396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
        6⤵
        
        PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1055.exe
        5⤵
        
        PID:9340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16640.exe
        5⤵
        
        PID:12560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24748.exe
        5⤵
        
        PID:17852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60574.exe
        5⤵
        
        PID:9604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14051.exe
      4⤵
      PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29666.exe
        5⤵
        
        PID:8160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4433.exe
        6⤵
        
        PID:18036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        5⤵
        
        PID:11292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2903.exe
        5⤵
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9804.exe
        5⤵
        
        PID:1516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17568.exe
      4⤵
      PID:8260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12869.exe
      4⤵
      PID:12280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20467.exe
      4⤵
      PID:15332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50428.exe
      4⤵
      PID:9320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18091.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18091.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56458.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57434.exe
        7⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        8⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        9⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13812.exe
        9⤵
        
        PID:15416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13391.exe
        9⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20568.exe
        8⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46136.exe
        8⤵
        
        PID:12392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        8⤵
        
        PID:17452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26411.exe
        8⤵
        
        PID:18212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39784.exe
        7⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41986.exe
        8⤵
        
        PID:13824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1184.exe
        8⤵
        
        PID:17152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65160.exe
        7⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50141.exe
        7⤵
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58757.exe
        6⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45042.exe
        7⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55722.exe
        8⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14056.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
        8⤵
        
        PID:18208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
        8⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        7⤵
        
        PID:12756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6499.exe
        7⤵
        
        PID:16224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
        7⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28927.exe
        6⤵
        
        PID:8032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62997.exe
        6⤵
        
        PID:11520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41468.exe
        6⤵
        
        PID:15472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30680.exe
        6⤵
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6136.exe
        5⤵
        
        PID:516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37398.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43994.exe
        7⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        7⤵
        
        PID:11944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        7⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33448.exe
        6⤵
        
        PID:8592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36136.exe
        6⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        6⤵
        
        PID:16456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43132.exe
        6⤵
        
        PID:7428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37080.exe
        5⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38580.exe
        6⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33831.exe
        6⤵
        
        PID:11632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
        6⤵
        
        PID:15464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18544.exe
        6⤵
        
        PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11336.exe
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        6⤵
        
        PID:11084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        6⤵
        
        PID:12680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9307.exe
        6⤵
        
        PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-139.exe
        5⤵
        
        PID:10976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        5⤵
        
        PID:15400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5987.exe
        5⤵
        
        PID:17836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18824.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41378.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57434.exe
        6⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61165.exe
        7⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48725.exe
        8⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61076.exe
        7⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42672.exe
        7⤵
        
        PID:15508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-940.exe
        7⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8264.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60626.exe
        7⤵
        
        PID:14668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
        7⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65160.exe
        6⤵
        
        PID:10656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20636.exe
        6⤵
        
        PID:14820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        6⤵
        
        PID:18340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56337.exe
        6⤵
        
        PID:10036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8212.exe
        5⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        6⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44018.exe
        7⤵
        
        PID:16160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19752.exe
        7⤵
        
        PID:7388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54741.exe
        6⤵
        
        PID:11008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        6⤵
        
        PID:14228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13391.exe
        6⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23535.exe
        5⤵
        
        PID:8072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64777.exe
        5⤵
        
        PID:11276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
        5⤵
        
        PID:15336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56565.exe
        5⤵
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20034.exe
        5⤵
        
        PID:8664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44760.exe
      4⤵
      PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18130.exe
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43942.exe
        6⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15296.exe
        6⤵
        
        PID:14016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14535.exe
        6⤵
        
        PID:17052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
        6⤵
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9572.exe
        5⤵
        
        PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26136.exe
        5⤵
        
        PID:15524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64274.exe
        5⤵
        
        PID:6772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45021.exe
      4⤵
      PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10309.exe
        5⤵
        
        PID:8736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54601.exe
        5⤵
        
        PID:12032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        5⤵
        
        PID:16548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
        5⤵
        
        PID:8872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31503.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26800.exe
      4⤵
      PID:13368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
      4⤵
      PID:17492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
      4⤵
      PID:7872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11076.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11076.exe
    3⤵
    - Executes dropped EXE
    PID:1516
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 220
      4⤵
      Program crash
      PID:2320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1171.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1171.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45654.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20678.exe
        5⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41808.exe
        6⤵
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13131.exe
        6⤵
        
        PID:13096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2528.exe
        6⤵
        
        PID:16660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34771.exe
        6⤵
        
        PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50553.exe
        5⤵
        
        PID:8764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16447.exe
        5⤵
        
        PID:12412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        5⤵
        
        PID:16288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52317.exe
      4⤵
      PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
        5⤵
        
        PID:9764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
        5⤵
        
        PID:14172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
        5⤵
        
        PID:17240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27563.exe
        5⤵
        
        PID:10132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58232.exe
      4⤵
      PID:9424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62717.exe
      4⤵
      PID:13352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40324.exe
      4⤵
      PID:17072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2969.exe
      4⤵
      PID:6784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37484.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37484.exe
    3⤵
    PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29334.exe
      4⤵
      PID:7036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2733.exe
        5⤵
        
        PID:12840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65185.exe
        5⤵
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45932.exe
        5⤵
        
        PID:7832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24076.exe
      4⤵
      PID:9496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40132.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11464.exe
      4⤵
      PID:15324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51985.exe
      4⤵
      PID:17124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27322.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27322.exe
    3⤵
    PID:7764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22322.exe
      4⤵
      PID:5908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
    3⤵
    PID:10956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
    3⤵
    PID:14072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-264.exe
    3⤵
    PID:18280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26125.exe
    3⤵
    PID:7104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2127.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2127.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32273.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32273.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64221.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4481.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59878.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38446.exe
        7⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63054.exe
        8⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25110.exe
        9⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40428.exe
        9⤵
        
        PID:12684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9299.exe
        9⤵
        
        PID:16304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28554.exe
        9⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50553.exe
        8⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16447.exe
        8⤵
        
        PID:12420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        8⤵
        
        PID:16412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19312.exe
        8⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3116.exe
        7⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2769.exe
        8⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34844.exe
        8⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        8⤵
        
        PID:15384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59965.exe
        8⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56312.exe
        7⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44461.exe
        7⤵
        
        PID:13036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6499.exe
        7⤵
        
        PID:14796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
        7⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43084.exe
        6⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-361.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23434.exe
        8⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52244.exe
        8⤵
        
        PID:16200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43437.exe
        8⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        7⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50185.exe
        7⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58309.exe
        7⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50012.exe
        6⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63262.exe
        7⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30532.exe
        7⤵
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22304.exe
        7⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25141.exe
        6⤵
        
        PID:11212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41512.exe
        6⤵
        
        PID:15480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60241.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4320.exe
        6⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29334.exe
        7⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16662.exe
        8⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-304.exe
        8⤵
        
        PID:13552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62532.exe
        8⤵
        
        PID:18060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2788.exe
        8⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24076.exe
        7⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27687.exe
        7⤵
        
        PID:13928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49757.exe
        7⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51985.exe
        7⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35840.exe
        6⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51918.exe
        7⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31632.exe
        7⤵
        
        PID:13868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10835.exe
        7⤵
        
        PID:17268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36277.exe
        6⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-959.exe
        6⤵
        
        PID:14244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29408.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
        5⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14045.exe
        6⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        7⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43396.exe
        7⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        7⤵
        
        PID:15476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        7⤵
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5244.exe
        6⤵
        
        PID:9072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54164.exe
        6⤵
        
        PID:12672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
        6⤵
        
        PID:15312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47984.exe
        6⤵
        
        PID:9312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3796.exe
        5⤵
        
        PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52308.exe
        5⤵
        
        PID:9948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5228.exe
        5⤵
        
        PID:14156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42390.exe
        5⤵
        
        PID:17216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14923.exe
        5⤵
        
        PID:8740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59804.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14569.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34170.exe
        6⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23174.exe
        7⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
        8⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13568.exe
        8⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        8⤵
        
        PID:16628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
        7⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31579.exe
        7⤵
        
        PID:12564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
        7⤵
        
        PID:16648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51985.exe
        7⤵
        
        PID:1192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
        6⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65253.exe
        7⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30411.exe
        6⤵
        
        PID:10228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9624.exe
        6⤵
        
        PID:13236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45560.exe
        6⤵
        
        PID:17500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31448.exe
        6⤵
        
        PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55145.exe
        5⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18898.exe
        6⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15597.exe
        7⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
        7⤵
        
        PID:12956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43132.exe
        7⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55405.exe
        6⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35918.exe
        7⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
        6⤵
        
        PID:12880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        6⤵
        
        PID:16372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19696.exe
        6⤵
        
        PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31947.exe
        5⤵
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-221.exe
        6⤵
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64933.exe
        6⤵
        
        PID:12800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
        6⤵
        
        PID:16396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23209.exe
        6⤵
        
        PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43485.exe
        5⤵
        
        PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42568.exe
        5⤵
        
        PID:13888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61313.exe
        5⤵
        
        PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34170.exe
        5⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65358.exe
        6⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
        7⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45368.exe
        7⤵
        
        PID:13900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-556.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14948.exe
        6⤵
        
        PID:9236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47532.exe
        6⤵
        
        PID:12572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15740.exe
        6⤵
        
        PID:17272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52068.exe
        6⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22296.exe
        5⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        6⤵
        
        PID:10688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64241.exe
        6⤵
        
        PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51756.exe
        5⤵
        
        PID:9772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2224.exe
        5⤵
        
        PID:14216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
        5⤵
        
        PID:17552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9876.exe
        5⤵
        
        PID:7464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16506.exe
        5⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        6⤵
        
        PID:9064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
        6⤵
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-940.exe
        6⤵
        
        PID:17104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
        5⤵
        
        PID:14204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
        5⤵
        
        PID:17368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34771.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62965.exe
      4⤵
      PID:7996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10181.exe
      4⤵
      PID:9928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11583.exe
      4⤵
      PID:14604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
      4⤵
      PID:7436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24968.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24968.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11549.exe
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36698.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
        9⤵
        
        PID:18096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60833.exe
        8⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64828.exe
        8⤵
        
        PID:13528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57733.exe
        8⤵
        
        PID:17300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
        8⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15856.exe
        7⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19978.exe
        8⤵
        
        PID:14380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16191.exe
        8⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60692.exe
        7⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        7⤵
        
        PID:13972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59269.exe
        7⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44969.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37118.exe
        7⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17326.exe
        8⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61617.exe
        8⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9107.exe
        8⤵
        
        PID:15000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        8⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        7⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
        7⤵
        
        PID:14180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
        7⤵
        
        PID:17224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29015.exe
        6⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61314.exe
        7⤵
        
        PID:17156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5488.exe
        6⤵
        
        PID:10636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11971.exe
        6⤵
        
        PID:14808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9837.exe
        6⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25020.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48114.exe
        6⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45042.exe
        7⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
        8⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30532.exe
        8⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
        8⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35560.exe
        7⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
        7⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
        7⤵
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
        6⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7163.exe
        6⤵
        
        PID:11996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-548.exe
        6⤵
        
        PID:15248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63744.exe
        6⤵
        
        PID:18180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54236.exe
        5⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61165.exe
        6⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23434.exe
        7⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4736.exe
        7⤵
        
        PID:15008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26159.exe
        7⤵
        
        PID:17016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28554.exe
        7⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41616.exe
        6⤵
        
        PID:10424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49993.exe
        6⤵
        
        PID:15124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43972.exe
        6⤵
        
        PID:17624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14536.exe
        6⤵
        
        PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27865.exe
        5⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4049.exe
        6⤵
        
        PID:18224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53385.exe
        6⤵
        
        PID:10180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32811.exe
        5⤵
        
        PID:10060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51497.exe
        5⤵
        
        PID:14488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10677.exe
        5⤵
        
        PID:18228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
        5⤵
        
        PID:8184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55965.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4045.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64834.exe
        6⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41586.exe
        7⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15597.exe
        8⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
        8⤵
        
        PID:12964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
        8⤵
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9572.exe
        7⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26136.exe
        7⤵
        
        PID:15516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        7⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15856.exe
        6⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8029.exe
        7⤵
        
        PID:17056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60692.exe
        6⤵
        
        PID:10788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        6⤵
        
        PID:14084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43124.exe
        6⤵
        
        PID:7412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        5⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8337.exe
        6⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37814.exe
        7⤵
        
        PID:15240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33679.exe
        7⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53625.exe
        6⤵
        
        PID:9832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8227.exe
        6⤵
        
        PID:14132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
        6⤵
        
        PID:17192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29591.exe
        5⤵
        
        PID:7732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12525.exe
        6⤵
        
        PID:11712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1560.exe
        6⤵
        
        PID:16296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8804.exe
        5⤵
        
        PID:10940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
        5⤵
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
        5⤵
        
        PID:18252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38756.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38912.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16470.exe
        7⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24808.exe
        7⤵
        
        PID:13592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64241.exe
        7⤵
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54741.exe
        6⤵
        
        PID:10896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        6⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9307.exe
        6⤵
        
        PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19451.exe
        5⤵
        
        PID:8112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64777.exe
        5⤵
        
        PID:11188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
        5⤵
        
        PID:14032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56565.exe
        5⤵
        
        PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63698.exe
        5⤵
        
        PID:7740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43765.exe
      4⤵
      PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-361.exe
        5⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35494.exe
        6⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30392.exe
        6⤵
        
        PID:15132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61226.exe
        6⤵
        
        PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        5⤵
        
        PID:9916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50185.exe
        5⤵
        
        PID:15064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
        5⤵
        
        PID:17548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30872.exe
        5⤵
        
        PID:5560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47212.exe
      4⤵
      PID:7812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29786.exe
        5⤵
        
        PID:16232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23644.exe
        5⤵
        
        PID:7836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49140.exe
      4⤵
      PID:10988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3217.exe
      4⤵
      PID:12384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34092.exe
      4⤵
      PID:7596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41968.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41968.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45654.exe
        5⤵
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16594.exe
        6⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43558.exe
        7⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60029.exe
        7⤵
        
        PID:14220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
        7⤵
        
        PID:16876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60650.exe
        7⤵
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23308.exe
        6⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43833.exe
        6⤵
        
        PID:13540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45560.exe
        6⤵
        
        PID:17520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64569.exe
        5⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
        6⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21928.exe
        6⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        6⤵
        
        PID:16640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18932.exe
        6⤵
        
        PID:7228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29835.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8088.exe
        5⤵
        
        PID:12916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24748.exe
        5⤵
        
        PID:17844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28094.exe
        5⤵
        
        PID:9208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6136.exe
      4⤵
      PID:1344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18130.exe
        5⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        6⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46189.exe
        6⤵
        
        PID:13512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2991.exe
        6⤵
        
        PID:17208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27364.exe
        6⤵
        
        PID:8488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
        5⤵
        
        PID:8988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        5⤵
        
        PID:16284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19696.exe
        5⤵
        
        PID:7240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2015.exe
      4⤵
      PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12385.exe
        5⤵
        
        PID:10440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48161.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36229.exe
        5⤵
        
        PID:9728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44445.exe
      4⤵
      PID:9336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43336.exe
      4⤵
      PID:12848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
      4⤵
      PID:17476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38425.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38425.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
      4⤵
      PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63054.exe
        5⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4217.exe
        6⤵
        
        PID:10492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-304.exe
        6⤵
        
        PID:13576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62532.exe
        6⤵
        
        PID:18020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
        6⤵
        
        PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23308.exe
        5⤵
        
        PID:8888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35664.exe
        5⤵
        
        PID:12512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
        5⤵
        
        PID:16620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
        5⤵
        
        PID:7332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48233.exe
      4⤵
      PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25110.exe
        5⤵
        
        PID:9164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64933.exe
        5⤵
        
        PID:13076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58308.exe
        5⤵
        
        PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        5⤵
        
        PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12155.exe
      4⤵
      PID:9112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41529.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
      4⤵
      PID:16612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6944.exe
      4⤵
      PID:9684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37683.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37683.exe
    3⤵
    PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
      4⤵
      PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14564.exe
        5⤵
        
        PID:8512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10391.exe
        5⤵
        
        PID:12900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        5⤵
        
        PID:14260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51985.exe
        5⤵
        
        PID:7668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9572.exe
      4⤵
      PID:10780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
      4⤵
      PID:14896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8528.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8528.exe
    3⤵
    PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32370.exe
      4⤵
      PID:11376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47689.exe
      4⤵
      PID:11956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56730.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56730.exe
    3⤵
    PID:10156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45495.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45495.exe
    3⤵
    PID:14300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:17512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47907.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47907.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22354.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        6⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        7⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15597.exe
        8⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        8⤵
        
        PID:11960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9299.exe
        8⤵
        
        PID:16240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19892.exe
        8⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3603.exe
        7⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20340.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6499.exe
        7⤵
        
        PID:16152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15176.exe
        6⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52297.exe
        7⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
        7⤵
        
        PID:16496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35653.exe
        7⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60204.exe
        6⤵
        
        PID:8788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22313.exe
        6⤵
        
        PID:12404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10583.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26788.exe
        6⤵
        
        PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30499.exe
        5⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13381.exe
        6⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19006.exe
        7⤵
        
        PID:11612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16868.exe
        6⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7137.exe
        7⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50185.exe
        6⤵
        
        PID:15048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
        6⤵
        
        PID:17312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-940.exe
        6⤵
        
        PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30797.exe
        5⤵
        
        PID:8088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53385.exe
        6⤵
        
        PID:384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        5⤵
        
        PID:10524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19748.exe
        5⤵
        
        PID:14840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42743.exe
        5⤵
        
        PID:7396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10656.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
        5⤵
        
        PID:872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16594.exe
        6⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28322.exe
        7⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39810.exe
        8⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27496.exe
        7⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23323.exe
        7⤵
        
        PID:14484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31071.exe
        7⤵
        
        PID:7280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39504.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        6⤵
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
        6⤵
        
        PID:14564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
        6⤵
        
        PID:8636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64569.exe
        5⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        6⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46188.exe
        6⤵
        
        PID:12544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        6⤵
        
        PID:16420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43900.exe
        6⤵
        
        PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59820.exe
        5⤵
        
        PID:8948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11404.exe
        5⤵
        
        PID:12516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10583.exe
        5⤵
        
        PID:16448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30872.exe
        5⤵
        
        PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40484.exe
      4⤵
      PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18898.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29666.exe
        6⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53634.exe
        7⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45217.exe
        7⤵
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        6⤵
        
        PID:10384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2903.exe
        6⤵
        
        PID:15356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51757.exe
        5⤵
        
        PID:8228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        5⤵
        
        PID:11604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
        5⤵
        
        PID:15740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
        5⤵
        
        PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
      4⤵
      PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65338.exe
        5⤵
        
        PID:12936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61101.exe
        5⤵
        
        PID:16360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59900.exe
      4⤵
      PID:9544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46644.exe
      4⤵
      PID:14280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17117.exe
      4⤵
      PID:17592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62780.exe
      4⤵
      PID:8720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36592.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36592.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22354.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        5⤵
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55270.exe
        6⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25686.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20776.exe
        7⤵
        
        PID:13216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21359.exe
        7⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55881.exe
        7⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62892.exe
        6⤵
        
        PID:7852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52001.exe
        6⤵
        
        PID:13348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45560.exe
        6⤵
        
        PID:17380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2777.exe
        6⤵
        
        PID:8280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29504.exe
        5⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6521.exe
        6⤵
        
        PID:11192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38368.exe
        6⤵
        
        PID:15188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
        6⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1823.exe
        5⤵
        
        PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41520.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9837.exe
        5⤵
        
        PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38669.exe
      4⤵
      PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25198.exe
        5⤵
        
        PID:8004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21056.exe
        5⤵
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56136.exe
        5⤵
        
        PID:14620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55881.exe
        5⤵
        
        PID:8484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44384.exe
      4⤵
      PID:8580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16800.exe
      4⤵
      PID:12264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11113.exe
      4⤵
      PID:16440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
      4⤵
      PID:3236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24391.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24391.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30470.exe
      4⤵
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30382.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17326.exe
        6⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20776.exe
        6⤵
        
        PID:13208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21359.exe
        6⤵
        
        PID:16672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59965.exe
        6⤵
        
        PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26624.exe
        5⤵
        
        PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exe
        5⤵
        
        PID:13000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        5⤵
        
        PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19312.exe
        5⤵
        
        PID:7584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-532.exe
      4⤵
      PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58846.exe
        5⤵
        
        PID:10888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33219.exe
        5⤵
        
        PID:15556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
        5⤵
        
        PID:5452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55108.exe
      4⤵
      PID:9904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60788.exe
      4⤵
      PID:14988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6824.exe
      4⤵
      PID:17584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
      4⤵
      PID:8412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37989.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37989.exe
    3⤵
    PID:5172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31342.exe
      4⤵
      PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39910.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35768.exe
        5⤵
        
        PID:12020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
        5⤵
        
        PID:16464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28554.exe
        5⤵
        
        PID:1188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59873.exe
      4⤵
      PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59785.exe
      4⤵
      PID:13968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57812.exe
      4⤵
      PID:17356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15112.exe
      4⤵
      PID:10184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12427.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12427.exe
    3⤵
    PID:7340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35494.exe
      4⤵
      PID:10872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43884.exe
      4⤵
      PID:16324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
      4⤵
      PID:5200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40012.exe
    3⤵
    PID:10612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24021.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24021.exe
    3⤵
    PID:13808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40485.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40485.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63282.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63282.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37922.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64922.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9473.exe
        6⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        7⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27850.exe
        8⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        8⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
        8⤵
        
        PID:16480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58337.exe
        7⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54164.exe
        7⤵
        
        PID:12664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        7⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47216.exe
        7⤵
        
        PID:8016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54201.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36999.exe
        7⤵
        
        PID:16216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2092.exe
        7⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1823.exe
        6⤵
        
        PID:9840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44260.exe
        6⤵
        
        PID:14968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48048.exe
        6⤵
        
        PID:18384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exe
        6⤵
        
        PID:9264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42892.exe
        5⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29334.exe
        6⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5753.exe
        7⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33219.exe
        7⤵
        
        PID:15564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
        7⤵
        
        PID:17428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24076.exe
        6⤵
        
        PID:9520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31771.exe
        6⤵
        
        PID:13812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49565.exe
        6⤵
        
        PID:17284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47984.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50012.exe
        5⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23960.exe
        6⤵
        
        PID:16572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
        6⤵
        
        PID:8696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8804.exe
        5⤵
        
        PID:10924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
        5⤵
        
        PID:13976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64850.exe
        5⤵
        
        PID:8828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58674.exe
        5⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
        6⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
        7⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45368.exe
        7⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        7⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59873.exe
        6⤵
        
        PID:9132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27303.exe
        6⤵
        
        PID:12448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
        6⤵
        
        PID:16580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47216.exe
        6⤵
        
        PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14128.exe
        5⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17378.exe
        6⤵
        
        PID:12012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30532.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16191.exe
        6⤵
        
        PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59000.exe
        5⤵
        
        PID:10164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36992.exe
        5⤵
        
        PID:16168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52707.exe
        5⤵
        
        PID:6800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56628.exe
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46910.exe
        5⤵
        
        PID:6172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        6⤵
        
        PID:9184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64933.exe
        6⤵
        
        PID:13088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62200.exe
        6⤵
        
        PID:16692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18740.exe
        6⤵
        
        PID:8012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29467.exe
        5⤵
        
        PID:12816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        5⤵
        
        PID:16380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
        5⤵
        
        PID:8248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36661.exe
      4⤵
      PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        5⤵
        
        PID:10736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33219.exe
        5⤵
        
        PID:15572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26141.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:18196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64560.exe
      4⤵
      PID:9876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49961.exe
      4⤵
      PID:14264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
      4⤵
      PID:17464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38476.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1388
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 488
        5⤵
        Program crash
        
        PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15228.exe
      4⤵
      PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
        5⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        6⤵
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21824.exe
        6⤵
        
        PID:11336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        6⤵
        
        PID:15364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
        6⤵
        
        PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58337.exe
        5⤵
        
        PID:9044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41912.exe
        5⤵
        
        PID:12628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        5⤵
        
        PID:16280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
        5⤵
        
        PID:8632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36032.exe
      4⤵
      PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42022.exe
        5⤵
        
        PID:8136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24668.exe
        5⤵
        
        PID:13240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9107.exe
        5⤵
        
        PID:14116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18740.exe
        5⤵
        
        PID:8300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
      4⤵
      PID:9932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21763.exe
      4⤵
      PID:14308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
      4⤵
      PID:17528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
      4⤵
      PID:7536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43416.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43416.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35286.exe
      4⤵
      PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51394.exe
        6⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17740.exe
        6⤵
        
        PID:11352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        6⤵
        
        PID:14932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22056.exe
        6⤵
        
        PID:18428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45788.exe
        5⤵
        
        PID:9620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51233.exe
        5⤵
        
        PID:13876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12311.exe
        5⤵
        
        PID:16852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31448.exe
        5⤵
        
        PID:676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62753.exe
      4⤵
      PID:7240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
      4⤵
      PID:10576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19904.exe
      4⤵
      PID:13676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18236.exe
      4⤵
      PID:6712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
    3⤵
    PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53838.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        5⤵
        
        PID:11076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45168.exe
        5⤵
        
        PID:16180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34764.exe
        5⤵
        
        PID:1480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
      4⤵
      PID:9976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50185.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
      4⤵
      PID:17252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36025.exe
      4⤵
      PID:18104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47212.exe
    3⤵
    PID:7772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49140.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49140.exe
    3⤵
    PID:10916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
    3⤵
    PID:15388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33900.exe
    3⤵
    PID:8424
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5151.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5151.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20382.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39178.exe
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33994.exe
        6⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        7⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40480.exe
        7⤵
        
        PID:16108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33744.exe
        6⤵
        
        PID:10244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61896.exe
        6⤵
        
        PID:14232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25253.exe
        6⤵
        
        PID:17576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20708.exe
        5⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28478.exe
        6⤵
        
        PID:12092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30532.exe
        6⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16191.exe
        6⤵
        
        PID:17108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41616.exe
        5⤵
        
        PID:10720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36999.exe
        5⤵
        
        PID:16208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
      4⤵
      PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        5⤵
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        6⤵
        
        PID:9648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48161.exe
        6⤵
        
        PID:12528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        6⤵
        
        PID:17604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23977.exe
        6⤵
        
        PID:10192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        5⤵
        
        PID:10000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
        5⤵
        
        PID:14196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
        5⤵
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31647.exe
        5⤵
        
        PID:9232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5663.exe
      4⤵
      PID:8140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25141.exe
      4⤵
      PID:11204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43528.exe
      4⤵
      PID:14472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31410.exe
      4⤵
      PID:6532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49717.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49717.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64834.exe
      4⤵
      PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13189.exe
        5⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9173.exe
        6⤵
        
        PID:14464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48725.exe
        6⤵
        
        PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16676.exe
        5⤵
        
        PID:10212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50185.exe
        5⤵
        
        PID:15072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62393.exe
        5⤵
        
        PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4180.exe
      4⤵
      PID:6552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
      4⤵
      PID:10116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44025.exe
      4⤵
      PID:14536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3929.exe
      4⤵
      PID:9484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34007.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34007.exe
    3⤵
    PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45042.exe
      4⤵
      PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62126.exe
        5⤵
        
        PID:15316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62165.exe
        5⤵
        
        PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50784.exe
        5⤵
        
        PID:9252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23604.exe
      4⤵
      PID:10392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35768.exe
      4⤵
      PID:15172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65237.exe
      4⤵
      PID:7252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
      4⤵
      PID:6224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10480.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10480.exe
    3⤵
    PID:8036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50398.exe
      4⤵
      PID:892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19944.exe
      4⤵
      PID:6012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61732.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61732.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:12024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
    3⤵
    PID:15504
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54449.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54449.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3853.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3853.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56474.exe
      4⤵
      PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37502.exe
        5⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46490.exe
        6⤵
        
        PID:8588
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 660
        6⤵
        Program crash
        
        PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24076.exe
        5⤵
        
        PID:9512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48300.exe
        5⤵
        
        PID:13668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48605.exe
        5⤵
        
        PID:16064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10267.exe
        5⤵
        
        PID:7556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15856.exe
      4⤵
      PID:7696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60692.exe
      4⤵
      PID:10756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
      4⤵
      PID:12236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22399.exe
      4⤵
      PID:18264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3552.exe
    3⤵
    PID:6024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57486.exe
      4⤵
      PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56210.exe
        5⤵
        
        PID:12700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65185.exe
        5⤵
        
        PID:14404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
      4⤵
      PID:6216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17475.exe
      4⤵
      PID:11108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29119.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29119.exe
    3⤵
    PID:7616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21388.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21388.exe
    3⤵
    PID:12068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
    3⤵
    PID:14456
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 14456 -s 220
      4⤵
      Program crash
      PID:15408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14344.exe
    3⤵
    PID:6604
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25386.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25386.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48114.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48114.exe
    3⤵
    PID:6036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65514.exe
      4⤵
      PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-657.exe
        5⤵
        
        PID:12180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30532.exe
        5⤵
        
        PID:13936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
      4⤵
      PID:14188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
      4⤵
      PID:1244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11196.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11196.exe
    3⤵
    PID:8096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65160.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65160.exe
    3⤵
    PID:10996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
    3⤵
    PID:14940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15112.exe
    3⤵
    PID:4892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30435.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30435.exe
  2⤵
  PID:6088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-169.exe
    3⤵
    PID:4160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19630.exe
      4⤵
      PID:9688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48161.exe
      4⤵
      PID:12500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
      4⤵
      PID:17564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40313.exe
      4⤵
      PID:9556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
    3⤵
    PID:9968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
    3⤵
    PID:14144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
    3⤵
    PID:17176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
    3⤵
    PID:8288
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36828.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36828.exe
  2⤵
  PID:7944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61221.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61221.exe
  2⤵
  PID:9528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48249.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48249.exe
  2⤵
  PID:14592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7804.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7804.exe
  2⤵
  PID:18112
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6796.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6796.exe
  2⤵
  PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 872 -ip 872
1⤵
PID:1476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 1516 -ip 1516
1⤵
PID:1404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 1388 -ip 1388
1⤵
PID:2412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 6980 -ip 6980
1⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6968 -ip 6968
1⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 14456 -ip 14456
1⤵
PID:14960

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
- Suspicious behavior: AddClipboardFormatListener
PID:18424

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11076.exe

Filesize
468KB

MD5
6f94fdad587b97ceb1afe27c5a1fcdec

SHA1
cc1cea350e502e3fef7b10cd95b8f250c54cb858

SHA256
cf6eb9d7e735634796b4a153fb913facd387696f8648b6f1086106f758b02603

SHA512
acc86ba945977ae7de0e7481624ce8c26c937c513f75555240ca8942cb2cf694fa7b9f91134e4aec1dca1ed0415ebb5e469bdb80144d9fa9ab9d3ac8276b7431

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe

Filesize
468KB

MD5
0cde6ae9a8b223b26fdcdd59673f0b5e

SHA1
6440e24f0b2e1c086da077adbd2424b84a3746cf

SHA256
21c5f214b2aa95b46d7d12e62f80719e82fe842bd2961243e6839e9454197e65

SHA512
c82ff9f768500f823799843c115dd778fee5a7655b476fb450e40ce86348438ff88321066c6e1c791d124143124b302b8f788024c765732673ab5f2280a79e4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18091.exe

Filesize
468KB

MD5
cf060d406c6f95e2f9ca2df50705c0c4

SHA1
eaf32e23b6e9f28b511934fc15c75fd8b85ad655

SHA256
7ea312754097d4edbfd3c257cd3760d30510e4ebbbedd148c5ce9af8950adb0f

SHA512
b1886b7831298cd93ee5a2d52d47d2ad478fa26979a19edbc7a444d10a48cada759ee2e8dbcf9ac93e9eec10cda196244a449a678205ddb92b6f076c766df544

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18124.exe

Filesize
468KB

MD5
283619be3267f3aa05913ee8116a6ab3

SHA1
814fb79475677f6cb142521c360b084f8cfc0bc3

SHA256
2d502839183bc22d2ffce2d35cd31c8a7fff0180a02e730b4d5df9ee09bbde55

SHA512
b25c8281056b73a154042fd762d0f951930aac870b1e0b009fbf5a726b755c18e24e819eda6015af69dd381084b7fddce0a59d5bf337748adcba4e6a8c390ff6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe

Filesize
468KB

MD5
0e80f43ea751612eaf9481627946e0ae

SHA1
781044af5ad92e74034944fcb85fba76181f40b1

SHA256
04cb746d015db14ce7b7947dba31ba711295a43e4a3e1c2b5099c18de7cd5742

SHA512
68c3175cb4f707c7c6988c704c7fc46fc78790f208f27fb3bf0428dbc9fbe7ab176c5dee1dfd39b8af224cdc63f23da7eb13bcb303bd9a5b750be689501805f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2125.exe

Filesize
468KB

MD5
451103afa09dc01c87b5c2bb80d4570a

SHA1
0e70787edb62c0287a9615ea5d1ef223a7acf6d5

SHA256
d06b2ea809ca1cfe584b873c0d98eb7265708c0b9885ece33c495635ca4db593

SHA512
8de0bc0d95eedb35f36496bedc1e2ba34d8fca3c6a707231cb51ca7708a33e17987c4e3fe9da259d5a575a56876e056d16f8545d6f7877fdb62424b648de6dc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2127.exe

Filesize
468KB

MD5
154f83b84a219b68a023432e7df37416

SHA1
9fe9ae8926418a14cb22adf851c973ad2bad9a40

SHA256
b02774189fb431f8f0ce7f95c9a2419af57b41b2aad5792edb01e9503fd967de

SHA512
3f9cbe63dc533c4966b11459a1e4391334edf830bae15d9cb12136892ebd4507addddcecdc4277eb2ba18ec7af5a01ec31eac421878042609913971cab991605

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24968.exe

Filesize
468KB

MD5
61100731ffb47d7cfff8370c2f6534a0

SHA1
1552698911f219cf269ee17b1b6db6618ea4267a

SHA256
27bc9444d3ceffb22c896537908af405ff9c257d1edee8af210f974d38be23c4

SHA512
0e772d2dc8c0cd403c0de4ac50df6c87c16597ea236b03c3dfc2685ac288ae29581beffbec208910b761c0d726d839b7f7a25430c40080f7ec0852a2497a4ffb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe

Filesize
468KB

MD5
e0bdc8af137d2d13d742de9e8e34cb26

SHA1
4a2d90f76c04f07f56073f572a8ba20e183baa54

SHA256
8d8ae475945e0ad4f1e35e81499ffefb8f7c3913031b6d7f9836d71d6a28a471

SHA512
5f5356b8a5e2cb68d6e7142bf5664dccbecc9103a43f0967b4041d1ea45166efb0c4f44377f29ed969263a98fc689ccf24d9b3c338cf0ce86cf68f9f6778e4ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe

Filesize
468KB

MD5
d848c97a0ddc5a0ec9013ac06f044414

SHA1
3a5aa67f688c6f08bd2ea8e486b2ecb917888e17

SHA256
2fa699a49d7f5b15a828435d2729d5d62cc941d9f1240e815bf3035888be0782

SHA512
9cb2576f1f14102479bf5204cf9f4f933fe04e429ea69fbe09d915ea12a219cd35bb08435dd5858b8a5ae8a2f61480a716bfc6e79cb26fdb495de5eae64e5167

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32273.exe

Filesize
468KB

MD5
d7ed25f6b3dff588363aedf129f064e4

SHA1
c86ca127cd8b6739a325aedd7731e2340a72dbfe

SHA256
e14872c30959245ac31a5bd160602ade4cfa76d9976265f4708f5504b329559b

SHA512
ceef97c751134b5d6fd5177268d4a4a09874d96f8cdf107a65aae980583a4b8a22e9effdcb5553c03ae35ffe4d9b90ab81b678dd90c3ac6a2b5e21dcd6560dee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe

Filesize
468KB

MD5
32981f310b681b9006a709591d9eac75

SHA1
7ecc4d95a41c628e495a0ea66fde1c46fc799f6f

SHA256
49ceb1ca3089b84fd14b104690cbef73f70859c87d683025126871817659ed10

SHA512
4e94579a19fcf768f600841e3017ba1da4abd1814bf65707c89adfcaaa58b77266559a6dd645b4e5649d49c08fd7af754acf2285b9233a583a12b045c82150a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36025.exe

Filesize
468KB

MD5
b8898c98039f7a8e2c8d3826e120b98b

SHA1
e152fca3d9197742102beb9592f9670949609321

SHA256
177f11cc96279fcdf789739c9d60287c64165837e301493c737ee7aaf926ec4b

SHA512
4c1047049c4465359c6d866a5ef75f26fb1e9e9ad64345282e0598f86920b0a8ab814f6fb2489769851fb3b0d7227d74d6c3eaca793be1cd6a83bd68c9376d27

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36592.exe

Filesize
468KB

MD5
77525c4dd0b117b30bed9c7cae47d5b6

SHA1
3a3219f87adad516b6f8f2b20febf35ef651adaf

SHA256
34010924cdd2ae7edb41688ac3d7b5848b945e9dd3cc32e1da080c404d853ce2

SHA512
f28d3da02d2b87a4b1b0771beb5ff278683bada7da9ce9e925f5b4d08137e3180cb0cca20ea87147b271a399783a67fbfc51267b293469d08bd1d3ceec88fc73

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37922.exe

Filesize
468KB

MD5
df48b323019c26d0be78306c0dae989a

SHA1
67f8db64a8a70238059dd0acc61379b54c570c1d

SHA256
4dadf3daeb5ef3bf95944c36dc0edffc182c02d4bb8353bb05d8783edb6b63d7

SHA512
ee7a60d08be6eebbb040f4c4ba0269ac5f54fdf568229972376d0ecdd0851cc5863cf8aa46388ae6cd46f2a730b49d32ee0f2b2e947b825fce7123df2c756433

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38476.exe

Filesize
468KB

MD5
b406779787423a5493080ef676da55a2

SHA1
45c4ccdcd285b0eab44007d2695029e31bff891f

SHA256
345e9a69f528d30104db9e9933a3e91a454a330ba9749a368da8f84d662fa972

SHA512
ac960e82b149a558b6ff1e04e051aba8b59f065b6145aea4fef90bd7de45ce115fed4377505395301768ef7e0aa19eae9daf9145f8df5a55d04ec61d242e5961

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40485.exe

Filesize
468KB

MD5
7f6d5b604721d9291a7e77b4b56eaa9e

SHA1
74dc6897c5f223e8354d3e6552c0e5095f260fd9

SHA256
f3ac7ce9f7e10f6a0421357346d3f59fdc9cc9ff1eb07358b2726335647ca29f

SHA512
6dfa4cd3377c5665ab0d1e0d974d6cfd18cad17a8137d5ebfa6a835b53de65045e02ed5e6e26ea056b2b1b0a3f7bd1b3a332f419045d55cb7cba0fdbb239096f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe

Filesize
468KB

MD5
88e2b18e948eb18021bb53590da46747

SHA1
6c504845bda96dc88f997bfbd9ce269444d5ca91

SHA256
eeea71a6499de7e8195b1c91f497e07986022465d0cc032c3ad0a3485578bc67

SHA512
7ad9a6414c6c98806e1b6ebf9c07becade4170a92c723524c91264c4bf7ad075887199382de83923cd3a0d539fd2f13c0763bd96f0f997a7362ed21ceb9f2503

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41968.exe

Filesize
468KB

MD5
d08781736630ef796033ead66f52cb7f

SHA1
4e83771e98e4edf96bb475fdbff590ba0e8f6c41

SHA256
11d08c8b927f3a2fe3fb1151fce85217a0f93c6657e3befc97f866d7a18df98d

SHA512
855b994eb163c0a689b14b1cd2b8f11ab17622249ce45b3490d30abeae550bf7c2e78c1a73b3a0c35409d349284b1352b86c78428abe27867aa5b829a8b0b132

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41986.exe

Filesize
468KB

MD5
86a35650cfb1e4dcd413d2f33a0fd2ab

SHA1
590bb57adb834ad9720fac9c4253b370b2ac1d34

SHA256
31a17545077710f4a500dd12bde5be37d6d084e1fd1bf371afd0f67ab596cf4d

SHA512
ffda90e4b90cd6cbd84495dfad1fb8ae43aa5d9e3c82c8da654ac19b84c8b78f4f09424b65accb53b8a59fd68406ce1359f2088f7fe8965cf2a24917204f7328

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42147.exe

Filesize
468KB

MD5
edd72b7fb6a35da9a3531d0cd346a9c9

SHA1
6fe0521657c03b768264a1f939b6bfecdc63ee6b

SHA256
96979ccca74cbf67d8b762840be93b86e47c7421abf7d8efa1e8c0ddeafbe33a

SHA512
43074380f6ac9b2c77402e5ba159865414fbe47bf09f33b60a43fb5b8d7169f5547f47312e6e943dc8c4779cf034ce2d0d7a0d3e8236123e65bbb9186dfae13d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4481.exe

Filesize
468KB

MD5
d1fd89a411c26c22e16e8d8595cbf783

SHA1
5019c7262c56816fffc2caef5ba8fef5d0442d4b

SHA256
45ec843b30ad22b510513e276f899e85613b29f215276bd79eec28e7758583fc

SHA512
cdcf73cbaa051e3547f8688898d443e3d5315d3fa9e029cd0e048aa9c0bc036f127439bfdc7b0ad81d67a295908d570027a90b92544feaf56088e5ce1b0eca2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47907.exe

Filesize
468KB

MD5
eb9f916d6c22214e9e0dcabfa3a9c760

SHA1
8beab37c16ef39731bf5c28d160af5960c111a91

SHA256
ecb8cdc3386876b4e6a3a423c4b0d57622140f600afce9e8f95d8cf41422c43c

SHA512
94e699e8533340b3f53e39e262d50df28f3ac7b3043f6b7653097229e1e82e134eeceb2a6dcf82797b76b12fdcc10087455408459e1ae056bc869d2fbcbf3fda

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48845.exe

Filesize
468KB

MD5
46ee344e5b7f3c36ac43e449e502c24c

SHA1
7e9138ad614e03c37e6d3418f318e284e90d24d6

SHA256
f5c0e2fe8fc61176255390bc4700eb036ec607fbc43b84b3ea6ad4591f7d3101

SHA512
748524ff169d5e1353a133efc23e978c7af4324a03cc54a7cfd11b0be9af806344e11b7ff63da0da725a47248a2676aff0c7a90b60e619be9107b6b1bdae4a91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe

Filesize
468KB

MD5
f384c89efbd5c9d2a8af0eedb39013df

SHA1
6daf356276158b99945155b5ca25c5ab58676f12

SHA256
9c39855da96f5ffb833cea89bb3900d8669bc0d75aa91d1c2617e406f7a54e1a

SHA512
7cd4f82a60fe69ffb3722c8a1fbbef784526f392abf3764422023660a81699f7f835e98cc310c22146901b3de3526fd3872cf9737d43a68ae822a29037dd45ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5151.exe

Filesize
468KB

MD5
caddd31b719f8e11ad91bdf3b460bf72

SHA1
ef2e6fb4d83837304ba281ac38925723aa052e46

SHA256
708fc54f025304e23b66cd68412d1388254ff0143a045925f536de20304617d3

SHA512
a2377fb873516d9619a7e756ffee5e8a774ffde747fe2d3e7fcede49e8f4d3608081704d317189d1e79923ba02741eeec0c8a1191dd98725e2f5b6fe71add138

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54449.exe

Filesize
468KB

MD5
66c195e2d22c0d64c05c987a625136eb

SHA1
5e8f36675b2f128729f01c5273a3983434e7a4fe

SHA256
9a77bd499b7bb50ac60eb25e694b161f2bdbcead3394852de75379b229cc59b6

SHA512
e386a6aa7ee280289113e46c83bfbf80cb0c2e4e62568273c286539a4dddb8a034ab24a850278f86efc245200e8c8ceb895339fab5298cfe4fce9e3935a19797

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55965.exe

Filesize
468KB

MD5
e3009b19e281c887f06312adf3108720

SHA1
ae9d8ae5faa71112b5135f84060b57faec6d69d9

SHA256
576b9d53184b325a362c3a76c6c6505992649542c165d33f5a3ac14712674395

SHA512
4cd5630b815f198b0c258f80c2ce357b81b903bcf37a8e5bf34f23e694399b58b496c1643beec5027b9c6f4fb31b617c2ffcddbec6e10c2a2498329a4e1b5e6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56458.exe

Filesize
468KB

MD5
2472a4e01b879b6ae5999351c78fde8a

SHA1
84da28df080bfeb808f09d5d26058d2901189c61

SHA256
7dcf16a7e801fb064090c615d0f60abad3d7789c2a1e6fabaf9eef5160e58ecd

SHA512
d47c6ebb781692a43b10aa36e32e10a6710caf6592a3a0cd4d40e9e2cee1998611a34127cd9df529f239fcbc87a0d8f73fc6ceea3c81fe2ee3a1fac1558ac5f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59804.exe

Filesize
468KB

MD5
5af22ecb8affd58600cdcaeaab54a057

SHA1
c2ab5965818a7103c7886ed9ba080b9603eef052

SHA256
4b35aba004c2fe77cbb188d78b23efe1893f3300ed3d3e88d109c1a0e4bdcc9d

SHA512
d8f8307ca37701e9e060380c037d00b5b45d878b8dec2d5b8202bb55737ac11debe917d78dbfafabc3f70805055270b90974806a9545273c3f4992d2995ada20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63282.exe

Filesize
468KB

MD5
b5bc456ba80c06b716c2ad7e9111dd96

SHA1
8cbd91913fa3d2aaa0cf09de8dd1ad551ce30aa9

SHA256
49f31f8e5f550a3631fc78b09fdd965d39b6738d314325032d3ea1b7bad4023d

SHA512
c8b4de14ef1a52163055a6649f9fdfa7a8be570927ac88edd726faf32042570d7400687e09bc2d7b308fd0e765ed848205c132da196dc247621b04acfab0eaf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64221.exe

Filesize
468KB

MD5
fbdb81207b3b9f494cfa09cb456e9394

SHA1
b3f31790b83885e8be60c12490aa43da080ecd7c

SHA256
4e7adba9d614205b1e29a4e16913712ce558eb263fc15ac27e34eae35fff9126

SHA512
379bd947a6737c4eb09beca5c2ef3208ec0435f993bbd4eba9957d2106c64dfed1e61ae5974d663ba3c64961c32181657201cebae9ee0151c3f40a6026893e0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65446.exe

Filesize
468KB

MD5
42d09cfe187b6479a15cae12d3fce6f2

SHA1
b1080beeb361179e1c7de64ba89687f7c91f579b

SHA256
48610041242bd62964e723b9a408e9c13ba515eb8163b46bcae68a903b84af16

SHA512
f316b8c9e9997c90714eb5dee63ddeb0aebe461d70cef24e9b1a50c625cf861fe44e25caaf48521a617f4ca5b42c3ccf0d577dd7fbeb6cc0457fb789ad6c2714

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe

Filesize
468KB

MD5
19451da280e9887b2ec5be903d87195e

SHA1
e0594823eabcb056e54ef81407d412c1d34e33a9

SHA256
e262688f62b7c6685e438f4067e891d6a2b757e02de3f6ac87f6631b93520e06

SHA512
1e38d9ebc0853b810743a4307b01e9761a37b2cb83e6f3646807400eba42d849f84986e939b145fd58d1b873e6813d574f602ba3f1c093771282f526506c9c29

Download Submit
memory/17584-2788-0x0000000076150000-0x0000000076174000-memory.dmp

Filesize
144KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads