0763ef18bec627798d8271584ff4a63d7d844326c09395ddb3f2a7677002aee0

Analysis

max time kernel
115s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18/10/2024, 05:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0763ef18bec627798d8271584ff4a63d7d844326c09395ddb3f2a7677002aee0N.exe
Size

468KB
MD5

520f97a3f7fa59a4eac67ad7d1b6b3a0
SHA1

bda000279a7cfb2ed23b8143cf9e2ca95c9363f5
SHA256

0763ef18bec627798d8271584ff4a63d7d844326c09395ddb3f2a7677002aee0
SHA512

217265cc95134b30b06b06bbc8a52e7c7175ab7698787ef89e4bb31b7c47b92a0a45a09f66e1351c1c6deb4433218349aafdfe5ee6b25e0c8671d501d750473b
SSDEEP

3072:MTANoSCVId5UQbYxPztjcf8/SChMPgpwVmHeevU3zKB8LVyCwZKV:MTqoQbUQSPJjcfzcQVzKORyCw

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1472	Unicorn-53806.exe
4644	Unicorn-36998.exe
976	Unicorn-33468.exe
880	Unicorn-9125.exe
1060	Unicorn-9125.exe
4968	Unicorn-30100.exe
3712	Unicorn-43836.exe
3912	Unicorn-58007.exe
3724	Unicorn-61022.exe
4744	Unicorn-20845.exe
2820	Unicorn-40711.exe
4472	Unicorn-20845.exe
1068	Unicorn-19222.exe
4516	Unicorn-29427.exe
4288	Unicorn-35293.exe
4184	Unicorn-2989.exe
4300	Unicorn-37861.exe
4632	Unicorn-63046.exe
1748	Unicorn-52941.exe
3392	Unicorn-12885.exe
3736	Unicorn-12885.exe
3144	Unicorn-50711.exe
4948	Unicorn-29222.exe
776	Unicorn-33860.exe
4760	Unicorn-34494.exe
4912	Unicorn-28628.exe
4788	Unicorn-25828.exe
2912	Unicorn-14893.exe
2328	Unicorn-34759.exe
4092	Unicorn-53254.exe
2480	Unicorn-5677.exe
4480	Unicorn-52159.exe
4032	Unicorn-21332.exe
3404	Unicorn-64996.exe
1032	Unicorn-51261.exe
1392	Unicorn-62766.exe
3016	Unicorn-29191.exe
4492	Unicorn-45205.exe
4964	Unicorn-64805.exe
4404	Unicorn-42812.exe
216	Unicorn-62678.exe
2384	Unicorn-62678.exe
1868	Unicorn-13477.exe
3532	Unicorn-13477.exe
4716	Unicorn-43135.exe
4988	Unicorn-43135.exe
4956	Unicorn-46150.exe
1312	Unicorn-14141.exe
2544	Unicorn-41660.exe
1940	Unicorn-52596.exe
2616	Unicorn-52397.exe
1000	Unicorn-12060.exe
3652	Unicorn-6195.exe
2024	Unicorn-6195.exe
4708	Unicorn-57997.exe
3056	Unicorn-57997.exe
4040	Unicorn-58084.exe
1856	Unicorn-64214.exe
3488	Unicorn-44671.exe
1400	Unicorn-62989.exe
4660	Unicorn-43388.exe
4112	Unicorn-63254.exe
4784	Unicorn-15677.exe
3860	Unicorn-15205.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
320	4948	WerFault.exe	121
5728	3016	WerFault.exe	135
8020	3996	WerFault.exe	220
7980	4316	WerFault.exe	172
5252	5500	WerFault.exe	226
11528	5564	WerFault.exe	225
18032	16084	WerFault.exe	808

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41965.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8459.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9295.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42317.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31037.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41988.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12795.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24886.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43102.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8072.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6193.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9684.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44893.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17124.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65441.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5043.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31182.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41965.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29948.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3885.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11877.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53806.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38309.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64320.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26043.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52453.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4893.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18470.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22635.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4653.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27711.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1317.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59040.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14790.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40134.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25569.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13830.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3877.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7542.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62221.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26751.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46341.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6274.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	3800	dwm.exe
Token: SeChangeNotifyPrivilege	3800	dwm.exe
Token: 33	3800	dwm.exe
Token: SeIncBasePriorityPrivilege	3800	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1260	0763ef18bec627798d8271584ff4a63d7d844326c09395ddb3f2a7677002aee0N.exe
1472	Unicorn-53806.exe
4644	Unicorn-36998.exe
976	Unicorn-33468.exe
880	Unicorn-9125.exe
1060	Unicorn-9125.exe
3712	Unicorn-43836.exe
4968	Unicorn-30100.exe
3912	Unicorn-58007.exe
4744	Unicorn-20845.exe
1068	Unicorn-19222.exe
2820	Unicorn-40711.exe
4472	Unicorn-20845.exe
3724	Unicorn-61022.exe
4516	Unicorn-29427.exe
4288	Unicorn-35293.exe
4184	Unicorn-2989.exe
4300	Unicorn-37861.exe
4632	Unicorn-63046.exe
1748	Unicorn-52941.exe
3736	Unicorn-12885.exe
4948	Unicorn-29222.exe
3144	Unicorn-50711.exe
3392	Unicorn-12885.exe
4788	Unicorn-25828.exe
2912	Unicorn-14893.exe
776	Unicorn-33860.exe
4760	Unicorn-34494.exe
2328	Unicorn-34759.exe
4912	Unicorn-28628.exe
4092	Unicorn-53254.exe
2480	Unicorn-5677.exe
4032	Unicorn-21332.exe
4480	Unicorn-52159.exe
1032	Unicorn-51261.exe
3404	Unicorn-64996.exe
1392	Unicorn-62766.exe
3016	Unicorn-29191.exe
4964	Unicorn-64805.exe
4492	Unicorn-45205.exe
4404	Unicorn-42812.exe
216	Unicorn-62678.exe
2384	Unicorn-62678.exe
3532	Unicorn-13477.exe
4956	Unicorn-46150.exe
1868	Unicorn-13477.exe
4716	Unicorn-43135.exe
1312	Unicorn-14141.exe
4988	Unicorn-43135.exe
2544	Unicorn-41660.exe
1940	Unicorn-52596.exe
2024	Unicorn-6195.exe
1000	Unicorn-12060.exe
3652	Unicorn-6195.exe
3056	Unicorn-57997.exe
4708	Unicorn-57997.exe
2616	Unicorn-52397.exe
4040	Unicorn-58084.exe
1400	Unicorn-62989.exe
1856	Unicorn-64214.exe
3488	Unicorn-44671.exe
4784	Unicorn-15677.exe
3860	Unicorn-15205.exe
4112	Unicorn-63254.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1260 wrote to memory of 1472	1260	0763ef18bec627798d8271584ff4a63d7d844326c09395ddb3f2a7677002aee0N.exe	89
PID 1260 wrote to memory of 1472	1260	0763ef18bec627798d8271584ff4a63d7d844326c09395ddb3f2a7677002aee0N.exe	89
PID 1260 wrote to memory of 1472	1260	0763ef18bec627798d8271584ff4a63d7d844326c09395ddb3f2a7677002aee0N.exe	89
PID 1472 wrote to memory of 4644	1472	Unicorn-53806.exe	94
PID 1472 wrote to memory of 4644	1472	Unicorn-53806.exe	94
PID 1472 wrote to memory of 4644	1472	Unicorn-53806.exe	94
PID 1260 wrote to memory of 976	1260	0763ef18bec627798d8271584ff4a63d7d844326c09395ddb3f2a7677002aee0N.exe	95
PID 1260 wrote to memory of 976	1260	0763ef18bec627798d8271584ff4a63d7d844326c09395ddb3f2a7677002aee0N.exe	95
PID 1260 wrote to memory of 976	1260	0763ef18bec627798d8271584ff4a63d7d844326c09395ddb3f2a7677002aee0N.exe	95
PID 976 wrote to memory of 1060	976	Unicorn-33468.exe	99
PID 976 wrote to memory of 1060	976	Unicorn-33468.exe	99
PID 976 wrote to memory of 1060	976	Unicorn-33468.exe	99
PID 4644 wrote to memory of 880	4644	Unicorn-36998.exe	100
PID 4644 wrote to memory of 880	4644	Unicorn-36998.exe	100
PID 4644 wrote to memory of 880	4644	Unicorn-36998.exe	100
PID 1472 wrote to memory of 4968	1472	Unicorn-53806.exe	102
PID 1472 wrote to memory of 4968	1472	Unicorn-53806.exe	102
PID 1472 wrote to memory of 4968	1472	Unicorn-53806.exe	102
PID 1260 wrote to memory of 3712	1260	0763ef18bec627798d8271584ff4a63d7d844326c09395ddb3f2a7677002aee0N.exe	101
PID 1260 wrote to memory of 3712	1260	0763ef18bec627798d8271584ff4a63d7d844326c09395ddb3f2a7677002aee0N.exe	101
PID 1260 wrote to memory of 3712	1260	0763ef18bec627798d8271584ff4a63d7d844326c09395ddb3f2a7677002aee0N.exe	101
PID 1060 wrote to memory of 3912	1060	Unicorn-9125.exe	106
PID 1060 wrote to memory of 3912	1060	Unicorn-9125.exe	106
PID 1060 wrote to memory of 3912	1060	Unicorn-9125.exe	106
PID 880 wrote to memory of 3724	880	Unicorn-9125.exe	107
PID 880 wrote to memory of 3724	880	Unicorn-9125.exe	107
PID 880 wrote to memory of 3724	880	Unicorn-9125.exe	107
PID 976 wrote to memory of 4744	976	Unicorn-33468.exe	108
PID 976 wrote to memory of 4744	976	Unicorn-33468.exe	108
PID 976 wrote to memory of 4744	976	Unicorn-33468.exe	108
PID 4644 wrote to memory of 4472	4644	Unicorn-36998.exe	110
PID 4644 wrote to memory of 4472	4644	Unicorn-36998.exe	110
PID 4644 wrote to memory of 4472	4644	Unicorn-36998.exe	110
PID 3712 wrote to memory of 2820	3712	Unicorn-43836.exe	109
PID 3712 wrote to memory of 2820	3712	Unicorn-43836.exe	109
PID 3712 wrote to memory of 2820	3712	Unicorn-43836.exe	109
PID 4968 wrote to memory of 1068	4968	Unicorn-30100.exe	111
PID 4968 wrote to memory of 1068	4968	Unicorn-30100.exe	111
PID 4968 wrote to memory of 1068	4968	Unicorn-30100.exe	111
PID 1472 wrote to memory of 4516	1472	Unicorn-53806.exe	112
PID 1472 wrote to memory of 4516	1472	Unicorn-53806.exe	112
PID 1472 wrote to memory of 4516	1472	Unicorn-53806.exe	112
PID 1260 wrote to memory of 4288	1260	0763ef18bec627798d8271584ff4a63d7d844326c09395ddb3f2a7677002aee0N.exe	113
PID 1260 wrote to memory of 4288	1260	0763ef18bec627798d8271584ff4a63d7d844326c09395ddb3f2a7677002aee0N.exe	113
PID 1260 wrote to memory of 4288	1260	0763ef18bec627798d8271584ff4a63d7d844326c09395ddb3f2a7677002aee0N.exe	113
PID 3912 wrote to memory of 4184	3912	Unicorn-58007.exe	114
PID 3912 wrote to memory of 4184	3912	Unicorn-58007.exe	114
PID 3912 wrote to memory of 4184	3912	Unicorn-58007.exe	114
PID 1060 wrote to memory of 4300	1060	Unicorn-9125.exe	115
PID 1060 wrote to memory of 4300	1060	Unicorn-9125.exe	115
PID 1060 wrote to memory of 4300	1060	Unicorn-9125.exe	115
PID 4744 wrote to memory of 4632	4744	Unicorn-20845.exe	116
PID 4744 wrote to memory of 4632	4744	Unicorn-20845.exe	116
PID 4744 wrote to memory of 4632	4744	Unicorn-20845.exe	116
PID 976 wrote to memory of 1748	976	Unicorn-33468.exe	117
PID 976 wrote to memory of 1748	976	Unicorn-33468.exe	117
PID 976 wrote to memory of 1748	976	Unicorn-33468.exe	117
PID 2820 wrote to memory of 3736	2820	Unicorn-40711.exe	119
PID 4472 wrote to memory of 3392	4472	Unicorn-20845.exe	118
PID 4472 wrote to memory of 3392	4472	Unicorn-20845.exe	118
PID 4472 wrote to memory of 3392	4472	Unicorn-20845.exe	118
PID 2820 wrote to memory of 3736	2820	Unicorn-40711.exe	119
PID 2820 wrote to memory of 3736	2820	Unicorn-40711.exe	119
PID 1068 wrote to memory of 3144	1068	Unicorn-19222.exe	120

C:\Users\Admin\AppData\Local\Temp\0763ef18bec627798d8271584ff4a63d7d844326c09395ddb3f2a7677002aee0N.exe
"C:\Users\Admin\AppData\Local\Temp\0763ef18bec627798d8271584ff4a63d7d844326c09395ddb3f2a7677002aee0N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1260
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53806.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53806.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36998.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36998.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9125.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61022.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51261.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21895.exe
        7⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52974.exe
        8⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4422.exe
        9⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 724
        9⤵
        Program crash
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61957.exe
        8⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        8⤵
        
        PID:11720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        8⤵
        
        PID:16052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39242.exe
        8⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56845.exe
        7⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25095.exe
        8⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16693.exe
        8⤵
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31847.exe
        8⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42317.exe
        7⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
        7⤵
        
        PID:12996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39783.exe
        7⤵
        
        PID:18140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53614.exe
        7⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15572.exe
        6⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9253.exe
        7⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
        8⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29958.exe
        9⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11068.exe
        9⤵
        
        PID:15408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1105.exe
        9⤵
        
        PID:17780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31804.exe
        8⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61028.exe
        8⤵
        
        PID:16324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
        8⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
        7⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        7⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        7⤵
        
        PID:15592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60559.exe
        7⤵
        
        PID:17816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40566.exe
        6⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64342.exe
        7⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        7⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        7⤵
        
        PID:16036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64911.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39517.exe
        6⤵
        
        PID:8660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5125.exe
        6⤵
        
        PID:12504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8989.exe
        6⤵
        
        PID:16688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28742.exe
        6⤵
        
        PID:11252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64996.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21895.exe
        6⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15558.exe
        7⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
        8⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
        9⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46341.exe
        9⤵
        
        PID:16428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52543.exe
        9⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64238.exe
        8⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
        8⤵
        
        PID:14360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42319.exe
        8⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
        7⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24675.exe
        7⤵
        
        PID:12568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1996.exe
        7⤵
        
        PID:13984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65489.exe
        7⤵
        
        PID:17160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56845.exe
        6⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48390.exe
        7⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        7⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        7⤵
        
        PID:16044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4918.exe
        7⤵
        
        PID:17748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42317.exe
        6⤵
        
        PID:8804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61182.exe
        6⤵
        
        PID:12624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
        6⤵
        
        PID:17200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58947.exe
        6⤵
        
        PID:18524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46134.exe
        5⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64998.exe
        7⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18951.exe
        8⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6739.exe
        8⤵
        
        PID:14520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        8⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15468.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30179.exe
        7⤵
        
        PID:13140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5089.exe
        7⤵
        
        PID:17436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
        6⤵
        
        PID:7536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        6⤵
        
        PID:11728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12277.exe
        6⤵
        
        PID:15528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60559.exe
        6⤵
        
        PID:17796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2243.exe
        5⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43590.exe
        6⤵
        
        PID:9888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
        6⤵
        
        PID:12756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        6⤵
        
        PID:17548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58408.exe
        6⤵
        
        PID:10916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22981.exe
        5⤵
        
        PID:8752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53047.exe
        5⤵
        
        PID:12604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41270.exe
        5⤵
        
        PID:17172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6687.exe
        5⤵
        
        PID:15888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20845.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46150.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40198.exe
        7⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40831.exe
        8⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49599.exe
        9⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3180.exe
        9⤵
        
        PID:13248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24230.exe
        9⤵
        
        PID:17040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17458.exe
        9⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
        8⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24460.exe
        8⤵
        
        PID:12552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17124.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
        8⤵
        
        PID:18116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29132.exe
        7⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12230.exe
        8⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61005.exe
        8⤵
        
        PID:16272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51263.exe
        8⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31182.exe
        7⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5148.exe
        7⤵
        
        PID:14136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22658.exe
        7⤵
        
        PID:17580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51508.exe
        7⤵
        
        PID:9592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exe
        6⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
        7⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18199.exe
        8⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49797.exe
        8⤵
        
        PID:14708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
        8⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15468.exe
        7⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3668.exe
        7⤵
        
        PID:15164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        7⤵
        
        PID:18308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40591.exe
        7⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51188.exe
        6⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1701.exe
        7⤵
        
        PID:12324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25378.exe
        7⤵
        
        PID:16952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39205.exe
        6⤵
        
        PID:11760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45221.exe
        6⤵
        
        PID:15580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48913.exe
        6⤵
        
        PID:16696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57997.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        6⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
        7⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40326.exe
        8⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30637.exe
        8⤵
        
        PID:15176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33203.exe
        8⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22629.exe
        7⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30947.exe
        7⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14138.exe
        7⤵
        
        PID:18304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5198.exe
        7⤵
        
        PID:17788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
        6⤵
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31037.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3612.exe
        6⤵
        
        PID:15536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65441.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5043.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11542.exe
        6⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31124.exe
        7⤵
        
        PID:17472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63872.exe
        7⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20844.exe
        6⤵
        
        PID:10696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22883.exe
        6⤵
        
        PID:15152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
        6⤵
        
        PID:6208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36366.exe
        5⤵
        
        PID:7696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23046.exe
        6⤵
        
        PID:13280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10495.exe
        6⤵
        
        PID:17056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23715.exe
        5⤵
        
        PID:12272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61405.exe
        5⤵
        
        PID:16164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        5⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29977.exe
        5⤵
        
        PID:11364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28628.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13477.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38335.exe
        6⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50966.exe
        7⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43590.exe
        8⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51966.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        8⤵
        
        PID:17608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58408.exe
        8⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31788.exe
        7⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
        7⤵
        
        PID:12728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16630.exe
        7⤵
        
        PID:17488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50273.exe
        7⤵
        
        PID:10540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4837.exe
        6⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52526.exe
        7⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17212.exe
        7⤵
        
        PID:13940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8273.exe
        7⤵
        
        PID:18368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8039.exe
        7⤵
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12436.exe
        6⤵
        
        PID:9724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36813.exe
        6⤵
        
        PID:13896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8072.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exe
        5⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
        6⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21702.exe
        7⤵
        
        PID:14400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5311.exe
        7⤵
        
        PID:17756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
        7⤵
        
        PID:18360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15468.exe
        6⤵
        
        PID:10672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12556.exe
        6⤵
        
        PID:14372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9151.exe
        6⤵
        
        PID:17540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63823.exe
        6⤵
        
        PID:18340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24571.exe
        5⤵
        
        PID:8948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17413.exe
        5⤵
        
        PID:10276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
        5⤵
        
        PID:14276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        5⤵
        
        PID:18332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28255.exe
        5⤵
        
        PID:17444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28842.exe
        5⤵
        
        PID:11368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12060.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21780.exe
        5⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45375.exe
        6⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29692.exe
        6⤵
        
        PID:12196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25571.exe
        6⤵
        
        PID:16076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56743.exe
        6⤵
        
        PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45332.exe
        5⤵
        
        PID:8700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33341.exe
        5⤵
        
        PID:12588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
        5⤵
        
        PID:17264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23399.exe
        5⤵
        
        PID:8608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24308.exe
      4⤵
      PID:3996
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 720
        5⤵
        Program crash
        
        PID:8020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6964.exe
      4⤵
      PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39750.exe
        5⤵
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25292.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3902.exe
        5⤵
        
        PID:13508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31070.exe
      4⤵
      PID:11640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48148.exe
      4⤵
      PID:15544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34223.exe
      4⤵
      PID:18020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30100.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19222.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50711.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43135.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38854.exe
        7⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1381.exe
        8⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51270.exe
        9⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36812.exe
        9⤵
        
        PID:12880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65071.exe
        9⤵
        
        PID:17164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34355.exe
        9⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27475.exe
        8⤵
        
        PID:12928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39499.exe
        8⤵
        
        PID:16456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29948.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42926.exe
        8⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16444.exe
        8⤵
        
        PID:13976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33971.exe
        8⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16852.exe
        7⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60414.exe
        7⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
        7⤵
        
        PID:17288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
        7⤵
        
        PID:10852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30228.exe
        6⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65351.exe
        7⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26751.exe
        8⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27404.exe
        8⤵
        
        PID:15452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2174.exe
        8⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23781.exe
        7⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
        7⤵
        
        PID:14160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8578.exe
        7⤵
        
        PID:748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22163.exe
        6⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27550.exe
        7⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62246.exe
        7⤵
        
        PID:13032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
        7⤵
        
        PID:8184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
        6⤵
        
        PID:10312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28147.exe
        6⤵
        
        PID:14328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3262.exe
        6⤵
        
        PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14141.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8677.exe
        6⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28958.exe
        7⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
        8⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13519.exe
        9⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43797.exe
        8⤵
        
        PID:13036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15238.exe
        8⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21420.exe
        7⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11627.exe
        7⤵
        
        PID:13336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48057.exe
        7⤵
        
        PID:8708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-260.exe
        6⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11877.exe
        7⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6739.exe
        7⤵
        
        PID:14536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        7⤵
        
        PID:13504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39764.exe
        6⤵
        
        PID:10292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36813.exe
        6⤵
        
        PID:14060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe
        6⤵
        
        PID:17428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
        5⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
        6⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27031.exe
        7⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64597.exe
        7⤵
        
        PID:14992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26187.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29260.exe
        6⤵
        
        PID:10364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
        6⤵
        
        PID:14928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
        6⤵
        
        PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48013.exe
        5⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46341.exe
        6⤵
        
        PID:16444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18484.exe
        5⤵
        
        PID:11008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50206.exe
        5⤵
        
        PID:14720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29442.exe
        5⤵
        
        PID:9084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14893.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13477.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49518.exe
        6⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36358.exe
        7⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27031.exe
        8⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64597.exe
        8⤵
        
        PID:14984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13950.exe
        8⤵
        
        PID:18096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
        8⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
        7⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44788.exe
        7⤵
        
        PID:12308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24336.exe
        7⤵
        
        PID:18076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7343.exe
        7⤵
        
        PID:3492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        6⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19335.exe
        7⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43797.exe
        7⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47527.exe
        7⤵
        
        PID:18028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2068.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36813.exe
        6⤵
        
        PID:14048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57273.exe
        6⤵
        
        PID:1360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exe
        5⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49046.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40134.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56044.exe
        7⤵
        
        PID:16200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65216.exe
        7⤵
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10756.exe
        6⤵
        
        PID:10940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15379.exe
        6⤵
        
        PID:14660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60559.exe
        6⤵
        
        PID:17504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43487.exe
        6⤵
        
        PID:18512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56725.exe
        5⤵
        
        PID:7728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39205.exe
        5⤵
        
        PID:11680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61557.exe
        5⤵
        
        PID:15628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
        5⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51508.exe
        5⤵
        
        PID:18424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6195.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49326.exe
        5⤵
        
        PID:5592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42606.exe
        6⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51374.exe
        7⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62718.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44407.exe
        7⤵
        
        PID:17072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31788.exe
        6⤵
        
        PID:8500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
        6⤵
        
        PID:12720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33552.exe
        6⤵
        
        PID:17020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49743.exe
        6⤵
        
        PID:10912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4261.exe
        5⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40814.exe
        6⤵
        
        PID:12148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11836.exe
        6⤵
        
        PID:16060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33203.exe
        6⤵
        
        PID:7972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12436.exe
        5⤵
        
        PID:9940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36813.exe
        5⤵
        
        PID:11820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59385.exe
        5⤵
        
        PID:6804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42429.exe
      4⤵
      PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54998.exe
        5⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44358.exe
        6⤵
        
        PID:9704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6739.exe
        6⤵
        
        PID:14860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        6⤵
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22245.exe
        5⤵
        
        PID:9108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6443.exe
        5⤵
        
        PID:13156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        5⤵
        
        PID:17696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60559.exe
        5⤵
        
        PID:17784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17635.exe
      4⤵
      PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30015.exe
        5⤵
        
        PID:12260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1468.exe
        5⤵
        
        PID:16172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2174.exe
        5⤵
        
        PID:16556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe
      4⤵
      PID:9560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48475.exe
      4⤵
      PID:12512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36719.exe
      4⤵
      PID:4860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29427.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29427.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29222.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4948
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 720
        5⤵
        Program crash
        
        PID:320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42812.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7141.exe
        5⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40447.exe
        6⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40222.exe
        7⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        7⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        7⤵
        
        PID:16084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16084 -s 436
        8⤵
        Program crash
        
        PID:18032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16582.exe
        7⤵
        
        PID:11148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
        6⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4893.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18038.exe
        7⤵
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24460.exe
        6⤵
        
        PID:12544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17124.exe
        6⤵
        
        PID:16656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39359.exe
        6⤵
        
        PID:18056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30140.exe
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15141.exe
        6⤵
        
        PID:8384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3517.exe
        6⤵
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-652.exe
        6⤵
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18703.exe
        6⤵
        
        PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45332.exe
        5⤵
        
        PID:8688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30326.exe
        5⤵
        
        PID:12524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        5⤵
        
        PID:10768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
      4⤵
      PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23063.exe
        5⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62438.exe
        6⤵
        
        PID:10704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
        6⤵
        
        PID:14840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8039.exe
        6⤵
        
        PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4653.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33552.exe
        5⤵
        
        PID:14752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
        5⤵
        
        PID:11220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15501.exe
      4⤵
      PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10372.exe
        5⤵
        
        PID:10444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12795.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64911.exe
        5⤵
        
        PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
      4⤵
      PID:9476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11612.exe
      4⤵
      PID:14096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6003.exe
      4⤵
      PID:18316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49734.exe
      4⤵
      PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23407.exe
      4⤵
      PID:2728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34494.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34494.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43135.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13638.exe
        5⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21527.exe
        6⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25095.exe
        7⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59541.exe
        7⤵
        
        PID:13880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23355.exe
        7⤵
        
        PID:17412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11014.exe
        7⤵
        
        PID:18456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27813.exe
        6⤵
        
        PID:9028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        6⤵
        
        PID:12960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30096.exe
        6⤵
        
        PID:17332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3389.exe
        5⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51270.exe
        6⤵
        
        PID:8924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
        6⤵
        
        PID:12864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24230.exe
        6⤵
        
        PID:17028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63867.exe
        6⤵
        
        PID:10020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19348.exe
        5⤵
        
        PID:7576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62718.exe
        5⤵
        
        PID:12292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24886.exe
        5⤵
        
        PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18358.exe
        5⤵
        
        PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exe
      4⤵
      PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
        5⤵
        
        PID:7500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15468.exe
        5⤵
        
        PID:10656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12556.exe
        5⤵
        
        PID:14364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60559.exe
        5⤵
        
        PID:17920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41109.exe
      4⤵
      PID:8320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
      4⤵
      PID:12220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38685.exe
      4⤵
      PID:16160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
      4⤵
      PID:5228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37759.exe
      4⤵
      PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43094.exe
        5⤵
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32454.exe
        6⤵
        
        PID:12184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60845.exe
        6⤵
        
        PID:16108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12646.exe
        6⤵
        
        PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22629.exe
        5⤵
        
        PID:9484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-845.exe
        5⤵
        
        PID:14632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55195.exe
        5⤵
        
        PID:8576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28412.exe
      4⤵
      PID:7896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40444.exe
      4⤵
      PID:10776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28941.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48375.exe
      4⤵
      PID:18336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10404.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10404.exe
    3⤵
    PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64342.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
      4⤵
      PID:12092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53221.exe
      4⤵
      PID:16132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7542.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:17108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40047.exe
    3⤵
    PID:8788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47852.exe
    3⤵
    PID:12688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35935.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35935.exe
    3⤵
    PID:17300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36159.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36159.exe
    3⤵
    PID:11180
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33468.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33468.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9125.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58007.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2989.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53254.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44671.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39932.exe
        8⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51270.exe
        9⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:12848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65071.exe
        9⤵
        
        PID:17152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25227.exe
        9⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31182.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60193.exe
        9⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5148.exe
        8⤵
        
        PID:14152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22658.exe
        8⤵
        
        PID:17516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51508.exe
        8⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16580.exe
        7⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20871.exe
        8⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        8⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        8⤵
        
        PID:15936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48959.exe
        8⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43412.exe
        7⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        7⤵
        
        PID:11872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9035.exe
        7⤵
        
        PID:16196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43388.exe
        6⤵
        Executes dropped EXE
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40774.exe
        7⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3877.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59158.exe
        9⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34669.exe
        9⤵
        
        PID:14332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        9⤵
        
        PID:17656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
        8⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58005.exe
        8⤵
        
        PID:12380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
        8⤵
        
        PID:17708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        7⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57238.exe
        8⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55334.exe
        8⤵
        
        PID:15140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        7⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36813.exe
        7⤵
        
        PID:14004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
        7⤵
        
        PID:18400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54200.exe
        7⤵
        
        PID:18048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
        6⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
        7⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44582.exe
        8⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47152.exe
        8⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31804.exe
        7⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3659.exe
        7⤵
        
        PID:16308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55195.exe
        7⤵
        
        PID:8956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        6⤵
        
        PID:8352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5701.exe
        6⤵
        
        PID:12248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
        6⤵
        
        PID:16512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46598.exe
        6⤵
        
        PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15205.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39932.exe
        7⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60118.exe
        8⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30284.exe
        8⤵
        
        PID:14008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        8⤵
        
        PID:17588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41846.exe
        7⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3643.exe
        7⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2001.exe
        7⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56845.exe
        6⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
        7⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43797.exe
        7⤵
        
        PID:13404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56655.exe
        7⤵
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42317.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39693.exe
        6⤵
        
        PID:12644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21430.exe
        6⤵
        
        PID:17088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33207.exe
        6⤵
        
        PID:10404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58084.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40774.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46446.exe
        7⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59158.exe
        8⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
        8⤵
        
        PID:14316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        8⤵
        
        PID:17620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10442.exe
        8⤵
        
        PID:18560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11581.exe
        7⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19323.exe
        7⤵
        
        PID:14052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39883.exe
        7⤵
        
        PID:17464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49134.exe
        6⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44390.exe
        7⤵
        
        PID:14852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51759.exe
        7⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62836.exe
        6⤵
        
        PID:10456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36045.exe
        6⤵
        
        PID:14204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54091.exe
        6⤵
        
        PID:17460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-732.exe
        5⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64998.exe
        6⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50518.exe
        7⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2711.exe
        7⤵
        
        PID:16940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61095.exe
        7⤵
        
        PID:11188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25451.exe
        6⤵
        
        PID:10480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44893.exe
        6⤵
        
        PID:14636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59040.exe
        6⤵
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7355.exe
        5⤵
        
        PID:704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-669.exe
        6⤵
        
        PID:15848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14004.exe
        5⤵
        
        PID:11624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
        5⤵
        
        PID:15504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52894.exe
        5⤵
        
        PID:16568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37861.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52159.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63254.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59414.exe
        7⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
        8⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
        9⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31052.exe
        9⤵
        
        PID:11780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25569.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:18084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56551.exe
        9⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11581.exe
        8⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19323.exe
        8⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
        8⤵
        
        PID:17700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        7⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38126.exe
        8⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
        8⤵
        
        PID:15424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11599.exe
        8⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2068.exe
        7⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36813.exe
        7⤵
        
        PID:14028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65441.exe
        7⤵
        
        PID:736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38309.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60036.exe
        6⤵
        
        PID:10472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64507.exe
        6⤵
        
        PID:1300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15677.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39932.exe
        6⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43590.exe
        7⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23163.exe
        7⤵
        
        PID:14528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56551.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25500.exe
        6⤵
        
        PID:10824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12764.exe
        6⤵
        
        PID:14348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
        6⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29977.exe
        6⤵
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5428.exe
        5⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37742.exe
        6⤵
        
        PID:11164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49797.exe
        6⤵
        
        PID:14824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8231.exe
        6⤵
        
        PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3638.exe
        5⤵
        
        PID:11048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37484.exe
        5⤵
        
        PID:15232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35951.exe
        5⤵
        
        PID:13636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21332.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51054.exe
        6⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20894.exe
        7⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
        8⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17212.exe
        8⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1174.exe
        8⤵
        
        PID:18292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31475.exe
        8⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64238.exe
        7⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
        7⤵
        
        PID:14416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6274.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58885.exe
        6⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37534.exe
        7⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43797.exe
        7⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58087.exe
        7⤵
        
        PID:18012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21284.exe
        6⤵
        
        PID:11028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9869.exe
        6⤵
        
        PID:14756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
        6⤵
        
        PID:17756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50273.exe
        6⤵
        
        PID:11376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22635.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45375.exe
        6⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20846.exe
        7⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26989.exe
        7⤵
        
        PID:16572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42735.exe
        7⤵
        
        PID:8588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29692.exe
        6⤵
        
        PID:12212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        6⤵
        
        PID:16016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10422.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49718.exe
        5⤵
        
        PID:7816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33414.exe
        6⤵
        
        PID:12372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25378.exe
        6⤵
        
        PID:16988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48900.exe
        5⤵
        
        PID:11432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8351.exe
        5⤵
        
        PID:16684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62989.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40774.exe
        5⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
        6⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43590.exe
        7⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51966.exe
        7⤵
        
        PID:14260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        7⤵
        
        PID:17524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22629.exe
        6⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-845.exe
        6⤵
        
        PID:14656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8002.exe
        6⤵
        
        PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
        5⤵
        
        PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24675.exe
        5⤵
        
        PID:12576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29837.exe
        5⤵
        
        PID:14064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39724.exe
        5⤵
        
        PID:17560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29977.exe
        5⤵
        
        PID:17760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2243.exe
      4⤵
      PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20871.exe
        5⤵
        
        PID:7424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        5⤵
        
        PID:12084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe
        5⤵
        
        PID:16000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63256.exe
        5⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
        5⤵
        
        PID:11380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22981.exe
      4⤵
      PID:8796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53047.exe
      4⤵
      PID:12612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41270.exe
      4⤵
      PID:17124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54055.exe
      4⤵
      PID:17504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20845.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20845.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63046.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46399.exe
        6⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41791.exe
        7⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13989.exe
        8⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17212.exe
        8⤵
        
        PID:13864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8273.exe
        8⤵
        
        PID:18352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31475.exe
        8⤵
        
        PID:15940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        7⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22924.exe
        7⤵
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46590.exe
        7⤵
        
        PID:16500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
        7⤵
        
        PID:13580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56845.exe
        6⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64534.exe
        7⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        7⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        7⤵
        
        PID:15984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
        7⤵
        
        PID:8112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exe
        6⤵
        
        PID:8780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
        6⤵
        
        PID:17100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31759.exe
        6⤵
        
        PID:13532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50125.exe
        6⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35422.exe
        7⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5588.exe
        7⤵
        
        PID:14112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        7⤵
        
        PID:17640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18109.exe
        6⤵
        
        PID:10248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
        6⤵
        
        PID:14392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35550.exe
        6⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43876.exe
        5⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57318.exe
        6⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19604.exe
        6⤵
        
        PID:11744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64357.exe
        6⤵
        
        PID:15620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48383.exe
        6⤵
        
        PID:556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14684.exe
        5⤵
        
        PID:8296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14971.exe
        5⤵
        
        PID:11712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13932.exe
        5⤵
        
        PID:16364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45205.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48070.exe
        5⤵
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12133.exe
        6⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37230.exe
        7⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
        8⤵
        
        PID:12516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15487.exe
        8⤵
        
        PID:17800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24107.exe
        7⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
        7⤵
        
        PID:14960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        7⤵
        
        PID:18144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31567.exe
        7⤵
        
        PID:9064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9684.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21284.exe
        6⤵
        
        PID:11020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9869.exe
        6⤵
        
        PID:14744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
        6⤵
        
        PID:18064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50273.exe
        6⤵
        
        PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46669.exe
        5⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18598.exe
        6⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59646.exe
        6⤵
        
        PID:11464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27686.exe
        6⤵
        
        PID:17136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58408.exe
        6⤵
        
        PID:10604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42317.exe
        5⤵
        
        PID:9056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60414.exe
        5⤵
        
        PID:13060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
        5⤵
        
        PID:17272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31332.exe
      4⤵
      PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50125.exe
        5⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14918.exe
        6⤵
        
        PID:9924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54981.exe
        6⤵
        
        PID:14296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        6⤵
        
        PID:17676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35348.exe
        5⤵
        
        PID:9368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63870.exe
        5⤵
        
        PID:13092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16033.exe
        5⤵
        
        PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34442.exe
        5⤵
        
        PID:18548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49933.exe
      4⤵
      PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63270.exe
        5⤵
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46574.exe
        6⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64597.exe
        6⤵
        
        PID:14968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23883.exe
        6⤵
        
        PID:16808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13221.exe
        5⤵
        
        PID:10508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2276.exe
        5⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40015.exe
        5⤵
        
        PID:5928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39156.exe
      4⤵
      PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54742.exe
        5⤵
        
        PID:10392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64597.exe
        5⤵
        
        PID:14976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14858.exe
        5⤵
        
        PID:8408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1949.exe
      4⤵
      PID:11000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1734.exe
      4⤵
      PID:14712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29191.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
        5⤵
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52974.exe
        6⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51270.exe
        7⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 636
        7⤵
        Program crash
        
        PID:11528
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 640
        6⤵
        Program crash
        
        PID:7980
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 736
        5⤵
        Program crash
        
        PID:5728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45885.exe
      4⤵
      PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41791.exe
        5⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        6⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38126.exe
        7⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27404.exe
        7⤵
        
        PID:15440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25451.exe
        6⤵
        
        PID:9524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44893.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
        6⤵
        
        PID:6760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61957.exe
        5⤵
        
        PID:7384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        5⤵
        
        PID:11648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        5⤵
        
        PID:15912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63363.exe
        5⤵
        
        PID:8888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
      4⤵
      PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11877.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43797.exe
        5⤵
        
        PID:15356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64911.exe
        5⤵
        
        PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7621.exe
      4⤵
      PID:10492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6.exe
      4⤵
      PID:548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52671.exe
      4⤵
      PID:7996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64805.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45055.exe
      4⤵
      PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50094.exe
        5⤵
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61319.exe
        6⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43206.exe
        7⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62718.exe
        7⤵
        
        PID:13692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44407.exe
        7⤵
        
        PID:17356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13221.exe
        6⤵
        
        PID:10500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10444.exe
        6⤵
        
        PID:11612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31847.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        5⤵
        
        PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26515.exe
        5⤵
        
        PID:12108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        5⤵
        
        PID:16008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5198.exe
        5⤵
        
        PID:17720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2621.exe
      4⤵
      PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47814.exe
        5⤵
        
        PID:7736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        5⤵
        
        PID:12052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        5⤵
        
        PID:16028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:18376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exe
      4⤵
      PID:8732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
      4⤵
      PID:12704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39783.exe
      4⤵
      PID:18184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53614.exe
      4⤵
      PID:6164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12196.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12196.exe
    3⤵
    PID:1536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60950.exe
      4⤵
      PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64998.exe
        5⤵
        
        PID:7548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31804.exe
        5⤵
        
        PID:10736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61028.exe
        5⤵
        
        PID:16340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
      4⤵
      PID:8280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64934.exe
        5⤵
        
        PID:12160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46341.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53778.exe
        5⤵
        
        PID:9652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
      4⤵
      PID:11932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9035.exe
      4⤵
      PID:16244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
      4⤵
      PID:4260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15365.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15365.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
      4⤵
      PID:8940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24230.exe
      4⤵
      PID:17048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23027.exe
      4⤵
      PID:9000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40047.exe
    3⤵
    PID:8740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10027.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10027.exe
    3⤵
    PID:12652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35935.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35935.exe
    3⤵
    PID:17184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54415.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54415.exe
    3⤵
    PID:18468
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43836.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43836.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40711.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40711.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62678.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29015.exe
        6⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32663.exe
        7⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12118.exe
        8⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8317.exe
        8⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6739.exe
        8⤵
        
        PID:14604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2062.exe
        8⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20356.exe
        7⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26515.exe
        7⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        7⤵
        
        PID:15992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60559.exe
        7⤵
        
        PID:16824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64820.exe
        6⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17446.exe
        7⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
        7⤵
        
        PID:12916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17105.exe
        7⤵
        
        PID:15928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8335.exe
        7⤵
        
        PID:8304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31182.exe
        6⤵
        
        PID:9832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5148.exe
        6⤵
        
        PID:14144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22658.exe
        6⤵
        
        PID:17628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51508.exe
        6⤵
        
        PID:180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18085.exe
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34630.exe
        6⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45375.exe
        7⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29692.exe
        7⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25571.exe
        7⤵
        
        PID:16068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28192.exe
        7⤵
        
        PID:17544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9945.exe
        7⤵
        
        PID:18540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30117.exe
        6⤵
        
        PID:8196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51700.exe
        6⤵
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33552.exe
        6⤵
        
        PID:16936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
        6⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
        5⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31198.exe
        6⤵
        
        PID:9848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46398.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56960.exe
        6⤵
        
        PID:13512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45245.exe
        5⤵
        
        PID:10200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
        5⤵
        
        PID:14464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2961.exe
        5⤵
        
        PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41660.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
        5⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10149.exe
        6⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31052.exe
        6⤵
        
        PID:11808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18470.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:18048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48103.exe
        6⤵
        
        PID:8532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
        5⤵
        
        PID:10148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41988.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64672.exe
        5⤵
        
        PID:18092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11488.exe
        5⤵
        
        PID:17484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
        5⤵
        
        PID:8548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16356.exe
      4⤵
      PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54446.exe
        5⤵
        
        PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26253.exe
        5⤵
        
        PID:15896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22809.exe
        5⤵
        
        PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48182.exe
      4⤵
      PID:8676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21660.exe
      4⤵
      PID:12532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
      4⤵
      PID:16632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33860.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33860.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30892.exe
      4⤵
      PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44806.exe
        5⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61319.exe
        6⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38126.exe
        7⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32173.exe
        7⤵
        
        PID:15788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25609.exe
        7⤵
        
        PID:18112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57518.exe
        6⤵
        
        PID:11136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20300.exe
        6⤵
        
        PID:16228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59040.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        5⤵
        
        PID:7420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26515.exe
        5⤵
        
        PID:12036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        5⤵
        
        PID:15956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60559.exe
        5⤵
        
        PID:17908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3228.exe
      4⤵
      PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26751.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
        5⤵
        
        PID:15464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
        5⤵
        
        PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33507.exe
      4⤵
      PID:10056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
      4⤵
      PID:12460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16200.exe
      4⤵
      PID:18068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63464.exe
      4⤵
      PID:5988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6195.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49518.exe
      4⤵
      PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34630.exe
        5⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43590.exe
        6⤵
        
        PID:9880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
        6⤵
        
        PID:12776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        6⤵
        
        PID:17648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29588.exe
        5⤵
        
        PID:9424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52660.exe
        5⤵
        
        PID:13320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33552.exe
        5⤵
        
        PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
        5⤵
        
        PID:11248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61438.exe
      4⤵
      PID:628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59158.exe
        5⤵
        
        PID:9912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
        5⤵
        
        PID:14308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        5⤵
        
        PID:17684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46309.exe
      4⤵
      PID:10260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9995.exe
      4⤵
      PID:14940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23339.exe
      4⤵
      PID:18152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42429.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42429.exe
    3⤵
    PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
      4⤵
      PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40959.exe
        5⤵
        
        PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20300.exe
        5⤵
        
        PID:16236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48383.exe
        5⤵
        
        PID:16888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25644.exe
      4⤵
      PID:10172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
      4⤵
      PID:14380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55195.exe
      4⤵
      PID:13584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11636.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11636.exe
    3⤵
    PID:7768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13324.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13324.exe
    3⤵
    PID:10960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
    3⤵
    PID:14680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36470.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36470.exe
    3⤵
    PID:17796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34223.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34223.exe
    3⤵
    PID:17600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27607.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27607.exe
    3⤵
    PID:10548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35293.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35293.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30892.exe
      4⤵
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15943.exe
        5⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64998.exe
        6⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29055.exe
        7⤵
        
        PID:11408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21836.exe
        7⤵
        
        PID:16528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12838.exe
        7⤵
        
        PID:7272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31804.exe
        6⤵
        
        PID:10720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21615.exe
        6⤵
        
        PID:16844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-200.exe
        6⤵
        
        PID:13496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
        5⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62720.exe
        6⤵
        
        PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        5⤵
        
        PID:11736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        5⤵
        
        PID:15976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23399.exe
        5⤵
        
        PID:8604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5148.exe
      4⤵
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64534.exe
        5⤵
        
        PID:7776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        5⤵
        
        PID:12068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        5⤵
        
        PID:15944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39359.exe
        5⤵
        
        PID:8952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60212.exe
      4⤵
      PID:9160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54373.exe
      4⤵
      PID:13120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25417.exe
      4⤵
      PID:16640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57997.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57997.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13830.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56046.exe
        5⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43102.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36428.exe
        6⤵
        
        PID:12712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65071.exe
        6⤵
        
        PID:17280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1215.exe
        6⤵
        
        PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25316.exe
        5⤵
        
        PID:9804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25189.exe
        5⤵
        
        PID:14076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14689.exe
        5⤵
        
        PID:17452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34442.exe
        5⤵
        
        PID:11232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12709.exe
      4⤵
      PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50502.exe
        5⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59973.exe
        5⤵
        
        PID:13148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27686.exe
        5⤵
        
        PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63012.exe
      4⤵
      PID:9152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14036.exe
      4⤵
      PID:13132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24886.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
      4⤵
      PID:9204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9428.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9428.exe
    3⤵
    PID:6048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
      4⤵
      PID:7468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38126.exe
        5⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32173.exe
        5⤵
        
        PID:15280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25035.exe
        5⤵
        
        PID:7944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15468.exe
      4⤵
      PID:10688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61028.exe
      4⤵
      PID:16332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58080.exe
      4⤵
      PID:5196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
    3⤵
    PID:7648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23902.exe
      4⤵
      PID:12136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58770.exe
      4⤵
      PID:13528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
    3⤵
    PID:11660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45021.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45021.exe
    3⤵
    PID:15636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61089.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61089.exe
    3⤵
    PID:3120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25828.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25828.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62678.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62678.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38335.exe
      4⤵
      PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5766.exe
        5⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51270.exe
        6⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
        6⤵
        
        PID:12856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65071.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48024.exe
        6⤵
        
        PID:17720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3117.exe
        5⤵
        
        PID:9076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26414.exe
        6⤵
        
        PID:13900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45384.exe
        6⤵
        
        PID:18196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32051.exe
        6⤵
        
        PID:6848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54549.exe
        5⤵
        
        PID:13048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5399.exe
        5⤵
        
        PID:17312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3389.exe
      4⤵
      PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45375.exe
        5⤵
        
        PID:7276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1981.exe
        5⤵
        
        PID:12224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        5⤵
        
        PID:15964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
        5⤵
        
        PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46292.exe
      4⤵
      PID:9208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62718.exe
      4⤵
      PID:12012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24886.exe
      4⤵
      PID:16996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61089.exe
      4⤵
      PID:17904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28742.exe
      4⤵
      PID:10832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exe
    3⤵
    PID:6108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38574.exe
      4⤵
      PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30342.exe
        5⤵
        
        PID:11812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50430.exe
        5⤵
        
        PID:15668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51759.exe
        5⤵
        
        PID:6788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49101.exe
      4⤵
      PID:10464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8821.exe
      4⤵
      PID:15072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-410.exe
      4⤵
      PID:6364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42148.exe
    3⤵
    PID:7784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46663.exe
      4⤵
      PID:16488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27150.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27150.exe
    3⤵
    PID:10992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1204.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1204.exe
    3⤵
    PID:14732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
    3⤵
    PID:8748
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52397.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52397.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40774.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40774.exe
    3⤵
    PID:5864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27980.exe
        5⤵
        
        PID:15736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1105.exe
        5⤵
        
        PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24107.exe
      4⤵
      PID:9528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
      4⤵
      PID:14948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
      4⤵
      PID:6780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28412.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28412.exe
    3⤵
    PID:7832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23902.exe
      4⤵
      PID:12168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21836.exe
      4⤵
      PID:16316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20900.exe
    3⤵
    PID:2952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
    3⤵
    PID:14920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48375.exe
    3⤵
    PID:868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2773.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2773.exe
  2⤵
  PID:5456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
    3⤵
    PID:7380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8363.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8363.exe
    3⤵
    PID:13076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30096.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30096.exe
    3⤵
    PID:17064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39359.exe
    3⤵
    PID:17508
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25667.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25667.exe
  2⤵
  PID:8272
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54172.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54172.exe
  2⤵
  PID:11676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
  2⤵
  PID:15856
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
  2⤵
  PID:17692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4948 -ip 4948
1⤵
PID:1856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3016 -ip 3016
1⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3996 -ip 3996
1⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4316 -ip 4316
1⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 5500 -ip 5500
1⤵
PID:10132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 5564 -ip 5564
1⤵
PID:11484

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe

Filesize
468KB

MD5
eedd937155c475b69439fa5a7a7538be

SHA1
318c593c5c9a1af22ab2c87e02ad2d0fb843078b

SHA256
9cdb1ad9e57c51e1a6bace136b94930a3ded198b2247beec053ae5ec7ded57ad

SHA512
6597ed5bacb39ade1c102da3fd7e162a5aee1cfce756d4ed1a3c95d10bf9daca87b15cc2f9d45770ff89ccbd50e17abe38553306f50c43dcf2030ce4934b6b2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14893.exe

Filesize
468KB

MD5
6061ebaebbeade7a6bdf929ac73017ec

SHA1
3b24cd546a264d64cce1a3c72fdfee41b5e612f1

SHA256
d467d1c7ac787a1fd50f1c658f40affcd68c9ee6ed7470f75de41667c8d7a8f0

SHA512
f45363e32565cd91d4bee761fc1511c415bf480f9378fdf79ca04a3450a08751d98beb8e7e3d5f41c72535b0d7ddcde51e2fb55781b3e1abd562396a6aae0f69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19222.exe

Filesize
468KB

MD5
866380e8fc346f1e13af932e695b4081

SHA1
5448f84f4ed39c503d18ef181eeb962d70dffce2

SHA256
380d15062ec3b630a24f6de8c51ef607d790d35e556de438b0476d73878fa0b4

SHA512
658f563404c9e8631144c5a500b1ded729d9ab45020d8b7caba69ce2e861dcc578f5c677ea4d849bad983c4a8460a5f8a0e1f807e37e75df65c94bff32cfdd76

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20845.exe

Filesize
468KB

MD5
e88c99c64d7fa8930fc952da396e043d

SHA1
e373697fe2d569e49fcf04006d11066887a64bdc

SHA256
877fa7b4a36488f78f576196b5e885386a2d89c47f530ec646451148f6d3ab2b

SHA512
b633fedd1586741f5a8c56b44860991e0403fdcdfb08fc49684a09868082b0a16e007d21a3c69d44b3cd423cb1ebfcec9cac569a8a353aa510e577450614f14d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25828.exe

Filesize
468KB

MD5
60d75d2102c6a5e68e2d5be52436765d

SHA1
7a1c733c6c9d2b13a60b1017d795a7ba6d714201

SHA256
64c98463b25e3b882ce1bcdaa97b4320a7404c5557f4d382ca6487048a0deb61

SHA512
580c8af9ad7b8c02ea07002ffe2d3ba7d094ffd30f64b0335f450a3c7b9c629cc6c2cb076c16b6cb4ed3cdb2954545587a2780ada38ec7c1aab738f8b4205fca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28628.exe

Filesize
468KB

MD5
a5026d9173f030d4b54d244784544628

SHA1
3af50a46153254111b7af04d3fd8591a6242585c

SHA256
e93cf3dc2d679cd5fa0f4cf010d56f1a1a264282817771162848f65048389e39

SHA512
a98183e8f1f779cb59932de84c37370f116714d9eb542608ec0d3da20c86254692fcf4f54cd19cd61391d413ddacf751664b1878276cfbe849ca3368a06d645f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29222.exe

Filesize
468KB

MD5
119f1b1501f62fefe51f9ce7ff93a1c2

SHA1
b3f12070745199ee2a9b4414945931a181597687

SHA256
d359ff74f73d5ef17f5c1136e1c61fd3cb8bf61e2e58714386728734d5f85aaf

SHA512
7fae7fc975461d6e4e3a8c72e49fdfe41850bba59516527259bea18ea2f24740c96d24f0ec6047c9541a93803f8e9f1008a868292f4053de9df234974476c0fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29427.exe

Filesize
468KB

MD5
9820e2e1a09e2ea42b4d712ba845e74f

SHA1
a5393d816534a91a1ae879fd4e9cc063face50d3

SHA256
9e27eea70cde2d1b17db48fcbd2699d28e8c1cbaeb55b8cae298530008a15910

SHA512
f7fd4e4565117067a6b7ab8198af77cfecf20963301ff7a848d95289b99b4a518e42909d472067208b72c07a78a86aa05ffe296e38c406a6a2b4f5ee679e030c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2989.exe

Filesize
468KB

MD5
cf77f9245d726b5e199523211b9d3586

SHA1
64682b6d9ccf5a31b7766c95871790976f2bafb9

SHA256
91e199639a90b031526e0a8ff26cef6911e1a317fcd3b63381076d0ae0b0e843

SHA512
181d403df924a349f0c595b71f35f03becf76c461227218512acf43f1c3482023ead0aab87230773b30c710d997c2c9497c245a382c04beaa1fe1b2de2768f13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30100.exe

Filesize
468KB

MD5
69ef10b310da8f00ad5a66fb743ba1b2

SHA1
42b61add294eebe22032eff1db9fc12ff06005d8

SHA256
454b001943234b0e8f87c7262610466d8b42dd7da30784b69f12fed11b22bcf8

SHA512
6b0f11570c7c6364749504a01c3eae72485bf3da0aa8763b24d2f64797ff0a7e3c6f27eb7b5a9cf33a7a55e0452a93b82bf47e7bfabbcaf51d5852a7a7a7b549

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33468.exe

Filesize
468KB

MD5
5d7571448f04535ce2ad4a657719af1c

SHA1
6d0fe7bb9704cb5149c9c96be20cc703dea22db0

SHA256
a6639fb4d0f6f5815d5ca34eb458c3db53a79b23d6b23e85beff5ca80eff6882

SHA512
69faaaa6e0a357da908e06dac91b12bc2b057fd673e2c3e23f8cb42c5ae82e78e3abb8deda2cfed46e27944a855c373026a53f03280013750db0cb5f64529191

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33860.exe

Filesize
468KB

MD5
0c22f519f8d8f753031a33ad8fa9f0a9

SHA1
809cd0822f11b3222ccb94225b6238bdc6f3e8c3

SHA256
132aa80c202bc038baff64bbea406abb236d57770398f3fe98f62db3685292ff

SHA512
a938d6984e42fc8ca74c76a420309ed68c0a79d6a6e800ef9f2c1c7f80dbc53b314966619baf6bf67f0a9841ba571cd21f905d379c61fb0a72f4478475a6c7be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34494.exe

Filesize
468KB

MD5
61838f72b31b0ce75bf65e51f632d7e9

SHA1
9affc9edf5248444db6fd529b6a579b9ba73e18f

SHA256
681642a4ef65bd0976e2f301400cf187f6d4f9228e2638b51911975db4648989

SHA512
358edf44dd1cc0d142f50a88e0a67007b06eef4db2f86173f1a6652665a91869006b20cd80e20a046a6130e2355677df68fb6da4091f0a92ada3926de8994abc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe

Filesize
468KB

MD5
b954e5e7d03d23b173ea7eb1f8660ba2

SHA1
a68a700eb3a35a5c4e86099259b8da83dec2e889

SHA256
399e2666be82e27fe2efbe70ea0585ab2e8114c1643b8d2612c50d08a351b8cd

SHA512
b30ba3edb1be80a96a5794eba1cb5cceedd44fab92d60f0dbf0e358d862eb4116dd77ef738bd5f0e3c51853a2089bc4cc4a51aa1c6270bff8cc0ea3778f2f167

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35293.exe

Filesize
468KB

MD5
ef6d157eb347e1356864a6ac6a8f2954

SHA1
b875c6efde64ea35b5409cf37879aba13eb63700

SHA256
deb48e2dfa18bfa1a9f5969c735a70e9568915269eea3a950839bd921240084a

SHA512
179c34aec9bc8eafe53ef43236114d4d1d4eda44bdf662f6d9a99ec9174f4bfefc7a1a5c380e90cc62580901ded2b2ab70dd2d28f98e1d12d537a1a66c0efd53

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36998.exe

Filesize
468KB

MD5
d9699c13cc388df3a0f40c87551faebc

SHA1
37e784c9cf2d1b4718e04dda604cacfe6f4c2446

SHA256
67d81369219ae13703c9ad2ba0cdd54cb3807c4d93398516634b9ec7d845de3f

SHA512
f7c8352ac8d707e629bafdfe4096c750b4a215b0a3cb1e06015c204d5121b440f9fb310eabaf9ca498e0f48f19f4d0cd0609321a722cfce1a26b4bc82c8c9878

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37861.exe

Filesize
468KB

MD5
60a3cb26a554bfff621d8c62fdafbc2d

SHA1
787136a9e468b7d9300aee2e8886babff285da19

SHA256
78f2bf3cbd6211d66a0514a6deda545dd1ca44223761c16ebdb72dce934a8f2c

SHA512
990fdeee5a50d9fdb46fa32533fd2fb0c5a21612b69c9ebf208effeebf8af2291602f994d58cd3d9e059ebd3dafe5936094cd045339e1b940b56148f33b6231a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40711.exe

Filesize
468KB

MD5
787e9f9ef0ba8e0e681fd772e089199e

SHA1
f079da4d7d8111f2919148dc4127c35ad3830afc

SHA256
2a304d18cfe51b05e632f0cb210e0cafb621c8ecb05fb3e6bd08cb1c33dade76

SHA512
ac47abe2e4d852a7bcc5add3c24fff8aeaf76a3c2222a058f9a3275abbc0d6881ebd97bb1d35300e470d0bbd79bc7610590a69dd43c2540c5aaf1327a6b91470

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43836.exe

Filesize
468KB

MD5
82c911e75ae41d53d227bbcc4ae087b5

SHA1
1432a851bd7baf3edc78a553e16226f4ff0aae64

SHA256
6ba98ab8ca9413e8a5e314812e44d6607020b97431681a5c11dfefaa3fdcc788

SHA512
197311465e2ca99196c7fd45051efdd623780b3cf3ce20478f3b5a9357719bc0c6514decfe5626c4ffe000ea86d67bf23bce0c6f243e83fb1c90becead08af08

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48024.exe

Filesize
468KB

MD5
6e365c51835cf614797bc9154aa9998b

SHA1
f160b23329b48c2354cd4ba72a3deea21752e41b

SHA256
624345bd3a16721713238ccc8034275523ae3126c228ba127b714515a4b8add7

SHA512
bb9086fe8bfbc8a753868e0395b24f0e6ecb3218bec0415a6d3a7c5722fc533610b9ece17e247c6a62bd927d116af9ddbb421c3771ffbc898fb865c8bfb0f2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50711.exe

Filesize
468KB

MD5
2197e8d02396379eca7d121105118d4b

SHA1
4fe3e8ddbf4814641dadc729ef969d452c86a667

SHA256
4365d3017f2715a6d18d425dc76f999270f7f388678803635f2874bfbee554e6

SHA512
d9d0d787c34de18828b078e45ac083e1a197c827edfa734919883f9714604b95239c4365fc1ef79c1006b1c10d70dfbc2efd85bdbfb514bc63bcaca01fe1ee06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52159.exe

Filesize
468KB

MD5
d3ecf4dda888da166884905686e4781e

SHA1
e8294ac6c99a3330d2ae7e3e32aac886d51ab59a

SHA256
8be44143e8f62acb04510c069baa8c18c580c1fe8ef20623d6234c1aac737a8e

SHA512
af7b5b159f8e8fca091514ba71eba49e17ecb70bedd1aa7aab2f1d443eb34a09d93915490da9e48940c971fac7bf07ee3106d1fa0a7ac85d507cf762023f8b97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe

Filesize
468KB

MD5
4d04792f261ee1d82edd41ccab792242

SHA1
d1d70fd85d940e35d873920b283193b9dc1e4ee8

SHA256
896ce56a6232fd74a19cebb30f2cf970edae6ae7ccd2c837c3a0d33f3e8cf89b

SHA512
48555b8cb4525c1a714b39560df80a53725ea72de00ee02d81321fc3c9c6eae4989aadeab20344ea2618a52e65d6b048f3b2a02bbe856fe8d4674da64ddd59d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53254.exe

Filesize
468KB

MD5
0745dcf778ef16fd1ee429d1dbf241c5

SHA1
fde959e24c84a9eef0452ad8732f20ac3d3e7363

SHA256
b582d70387a159ab809088c61f714ac40e5a09a5a6212530223741b966210abb

SHA512
a0f2b6af6f15d785eb62cb241fec36f4454ff562fa0291657445dd7d05f282a1785464ad37e161593c5e2742726db1f50e6ad1e833248b6c46c0994dc8b1217f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53806.exe

Filesize
468KB

MD5
2056f9579e7afc5ea140aeefe99b6fb6

SHA1
921fa10107040c0e820c8c009a834517b80c9436

SHA256
c239efc7c76403be2750c05a2ebd0f50e168f68edca77a8300413b8e5982d0a7

SHA512
8554311445fe5cf6c0daf7a9d81660b2b59debae27d9a3646ac07ec95aecb47627525bfa79e164663e39a6c22cb8cbd75215053fbaae762204611fd3455f116d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe

Filesize
468KB

MD5
5d3cad24792efe4d4707eaa223462547

SHA1
8d3fa00e0f7429a1caf608d1d35f737492c18ff1

SHA256
d679d48add067c4d6cd7ad38b8b465ed89099c682b367ed49a3009c273869587

SHA512
c8657842b0411c01ddf7a434059ad34bdb7efdc0bf2d95c8f3af38b01c5d957a479fc834bc1fb99c0c30319618a799cce4efe7fdec01c7e834ab2ef1970b6875

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58007.exe

Filesize
468KB

MD5
b35b36169f41c7f73845f7f4c4265b1a

SHA1
3d8eadd99ea9386119829553fc90a0a49a2579ed

SHA256
9093db307b6dcb97fc421f5b3d409eff6bfc294dcad9c6dc004d3b569aa98641

SHA512
4860c203fdbf1dce21e3b6dfa92c65c208452f8742bc76801f8566a0f357dae6baf2fd4e890573c04aff971450753b0b3bb7dba10d8762bb0a0c75dae853472f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61022.exe

Filesize
468KB

MD5
1deccd9712a14852522da0e3ace1d173

SHA1
e95ffbd531503dac2b3a661ea64a71add3b67b97

SHA256
db721cfc7dbd529bc2086506cfa9343f84c6c2253660ac4b01bad5712ad66d2f

SHA512
db87ce2dd80d9a907f647e6f21751c4df03adbf815f3e848e6580e350a2b7ce7006451b8b9e628d108fc4ce6595945f575d55b355d1483386a9cd658584105ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63046.exe

Filesize
468KB

MD5
c6c5526f7e020946c0be3bf1ad181b46

SHA1
62bd5e2ef5e365dfd89547d1e59e5730871b2ae3

SHA256
2893d0fb475a98eb2170cd5cc8c89b2b832601637206ad0600921489829dee21

SHA512
4b534ef2825ce430748de541155e60f8109daa0f9606bd710427db7e4cb5cc63e60729ad078d92cecc2f42634e945392301bffbcf1447ca4c1e0c002916c4322

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9125.exe

Filesize
468KB

MD5
b0da00b2fc34f30c6418e0abefceee55

SHA1
9d0310cf4753721d4e5ac178084855e543914256

SHA256
0298416c8bb8ca7e0b6d214a9a59eb89e0cc85becf765b22687ae39ba266b0e2

SHA512
532911fe6e1ed9dd2e6470f00d655564601b05a7a09eae2c664b097281257e3d5c071c5877c151c0881fe6678311ed44c826d6ff89f232af3fe15fff7f2f82dc

Download Submit
memory/976-2807-0x00000000758F0000-0x00000000759AF000-memory.dmp

Filesize
764KB

Download
memory/2820-2787-0x0000000075B50000-0x0000000075BCA000-memory.dmp

Filesize
488KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads