b53f0cf37e5672bf86292523be6e7033330e91f02c371e4836870ede2cf550b3

Analysis

max time kernel
149s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 02:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b53f0cf37e5672bf86292523be6e7033330e91f02c371e4836870ede2cf550b3.exe
Size

468KB
MD5

7317300331577de4e8b9e02479a10eea
SHA1

2fa8f2a20259f7961e8399d9560b259d5d7e21e2
SHA256

b53f0cf37e5672bf86292523be6e7033330e91f02c371e4836870ede2cf550b3
SHA512

f7aab7d316b8d6b9bee6ff803a700f79536af59e0738f61bd39868703892d820237b7539a2ef92636cf36f9a1cb63b9b321539be5587192116f52317653288d0
SSDEEP

3072:xfx8zgsMj6V8U2bYEPz3Crfc/YjCiK7IpCNYHvuVPCkFh31kANbRlu:xfqza6eU2DPDCrf40x/kFZyANb

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4068	Unicorn-56707.exe
1424	Unicorn-52963.exe
2228	Unicorn-49434.exe
232	Unicorn-22995.exe
1168	Unicorn-3351.exe
4136	Unicorn-55153.exe
4664	Unicorn-39139.exe
3460	Unicorn-8786.exe
2716	Unicorn-63882.exe
3696	Unicorn-28003.exe
2476	Unicorn-27235.exe
3720	Unicorn-26970.exe
4808	Unicorn-21104.exe
2756	Unicorn-7369.exe
3112	Unicorn-7369.exe
2308	Unicorn-31475.exe
2068	Unicorn-44090.exe
4312	Unicorn-53130.exe
2100	Unicorn-33587.exe
2160	Unicorn-49731.exe
2980	Unicorn-16099.exe
4520	Unicorn-16099.exe
732	Unicorn-16099.exe
848	Unicorn-9968.exe
1768	Unicorn-9968.exe
4640	Unicorn-7168.exe
4036	Unicorn-61770.exe
3852	Unicorn-15833.exe
4064	Unicorn-30937.exe
4992	Unicorn-63256.exe
1820	Unicorn-63256.exe
2044	Unicorn-3138.exe
4056	Unicorn-3138.exe
4720	Unicorn-35235.exe
3492	Unicorn-36579.exe
2180	Unicorn-16713.exe
4492	Unicorn-63121.exe
456	Unicorn-39401.exe
2464	Unicorn-22681.exe
4440	Unicorn-63626.exe
2740	Unicorn-14233.exe
3020	Unicorn-11218.exe
724	Unicorn-11218.exe
4856	Unicorn-43699.exe
3076	Unicorn-42857.exe
4812	Unicorn-23728.exe
5072	Unicorn-9993.exe
4576	Unicorn-29859.exe
1064	Unicorn-4393.exe
2580	Unicorn-42665.exe
2248	Unicorn-46195.exe
5016	Unicorn-65281.exe
1908	Unicorn-56616.exe
3016	Unicorn-62723.exe
4580	Unicorn-9609.exe
3500	Unicorn-62074.exe
2920	Unicorn-40641.exe
2968	Unicorn-46771.exe
2208	Unicorn-5842.exe
1216	Unicorn-38323.exe
1412	Unicorn-54202.exe
840	Unicorn-54467.exe
4980	Unicorn-50746.exe
4304	Unicorn-5074.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
6928	220	WerFault.exe	178
6288	4716	WerFault.exe	230
5428	6040	WerFault.exe	226
7372	5688	WerFault.exe	202
3100	5680	WerFault.exe	201
8788	5912	WerFault.exe	208

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40986.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32026.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61200.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46493.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16099.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48792.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48182.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31424.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27899.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32026.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63018.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43825.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46426.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3296.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8969.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29232.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31340.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24115.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29687.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60849.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60721.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61979.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53818.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14898.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23453.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62077.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3591.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24711.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13817.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32026.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-473.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29687.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32115.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44792.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18185.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10177.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42218.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
16632	svchost.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	5848	dwm.exe
Token: SeChangeNotifyPrivilege	5848	dwm.exe
Token: 33	5848	dwm.exe
Token: SeIncBasePriorityPrivilege	5848	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4432	b53f0cf37e5672bf86292523be6e7033330e91f02c371e4836870ede2cf550b3.exe
4068	Unicorn-56707.exe
1424	Unicorn-52963.exe
2228	Unicorn-49434.exe
4136	Unicorn-55153.exe
1168	Unicorn-3351.exe
232	Unicorn-22995.exe
4664	Unicorn-39139.exe
2716	Unicorn-63882.exe
3460	Unicorn-8786.exe
3696	Unicorn-28003.exe
2476	Unicorn-27235.exe
4808	Unicorn-21104.exe
3720	Unicorn-26970.exe
3112	Unicorn-7369.exe
2756	Unicorn-7369.exe
2308	Unicorn-31475.exe
2068	Unicorn-44090.exe
2100	Unicorn-33587.exe
4312	Unicorn-53130.exe
3852	Unicorn-15833.exe
4036	Unicorn-61770.exe
4640	Unicorn-7168.exe
732	Unicorn-16099.exe
1768	Unicorn-9968.exe
4520	Unicorn-16099.exe
2160	Unicorn-49731.exe
848	Unicorn-9968.exe
2980	Unicorn-16099.exe
4064	Unicorn-30937.exe
4992	Unicorn-63256.exe
1820	Unicorn-63256.exe
4056	Unicorn-3138.exe
2044	Unicorn-3138.exe
4720	Unicorn-35235.exe
4492	Unicorn-63121.exe
2180	Unicorn-16713.exe
3492	Unicorn-36579.exe
456	Unicorn-39401.exe
2464	Unicorn-22681.exe
4440	Unicorn-63626.exe
2740	Unicorn-14233.exe
3020	Unicorn-11218.exe
724	Unicorn-11218.exe
4856	Unicorn-43699.exe
3076	Unicorn-42857.exe
4812	Unicorn-23728.exe
5072	Unicorn-9993.exe
2580	Unicorn-42665.exe
4576	Unicorn-29859.exe
5016	Unicorn-65281.exe
2248	Unicorn-46195.exe
3500	Unicorn-62074.exe
3016	Unicorn-62723.exe
1064	Unicorn-4393.exe
4580	Unicorn-9609.exe
1908	Unicorn-56616.exe
2968	Unicorn-46771.exe
2920	Unicorn-40641.exe
2208	Unicorn-5842.exe
3608	Unicorn-53818.exe
1412	Unicorn-54202.exe
1216	Unicorn-38323.exe
4304	Unicorn-5074.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4432 wrote to memory of 4068	4432	b53f0cf37e5672bf86292523be6e7033330e91f02c371e4836870ede2cf550b3.exe	90
PID 4432 wrote to memory of 4068	4432	b53f0cf37e5672bf86292523be6e7033330e91f02c371e4836870ede2cf550b3.exe	90
PID 4432 wrote to memory of 4068	4432	b53f0cf37e5672bf86292523be6e7033330e91f02c371e4836870ede2cf550b3.exe	90
PID 4068 wrote to memory of 1424	4068	Unicorn-56707.exe	95
PID 4068 wrote to memory of 1424	4068	Unicorn-56707.exe	95
PID 4068 wrote to memory of 1424	4068	Unicorn-56707.exe	95
PID 4432 wrote to memory of 2228	4432	b53f0cf37e5672bf86292523be6e7033330e91f02c371e4836870ede2cf550b3.exe	96
PID 4432 wrote to memory of 2228	4432	b53f0cf37e5672bf86292523be6e7033330e91f02c371e4836870ede2cf550b3.exe	96
PID 4432 wrote to memory of 2228	4432	b53f0cf37e5672bf86292523be6e7033330e91f02c371e4836870ede2cf550b3.exe	96
PID 1424 wrote to memory of 232	1424	Unicorn-52963.exe	99
PID 1424 wrote to memory of 232	1424	Unicorn-52963.exe	99
PID 1424 wrote to memory of 232	1424	Unicorn-52963.exe	99
PID 2228 wrote to memory of 4664	2228	Unicorn-49434.exe	100
PID 2228 wrote to memory of 4664	2228	Unicorn-49434.exe	100
PID 2228 wrote to memory of 4664	2228	Unicorn-49434.exe	100
PID 4432 wrote to memory of 1168	4432	b53f0cf37e5672bf86292523be6e7033330e91f02c371e4836870ede2cf550b3.exe	101
PID 4432 wrote to memory of 1168	4432	b53f0cf37e5672bf86292523be6e7033330e91f02c371e4836870ede2cf550b3.exe	101
PID 4432 wrote to memory of 1168	4432	b53f0cf37e5672bf86292523be6e7033330e91f02c371e4836870ede2cf550b3.exe	101
PID 4068 wrote to memory of 4136	4068	Unicorn-56707.exe	102
PID 4068 wrote to memory of 4136	4068	Unicorn-56707.exe	102
PID 4068 wrote to memory of 4136	4068	Unicorn-56707.exe	102
PID 4664 wrote to memory of 3460	4664	Unicorn-39139.exe	107
PID 4664 wrote to memory of 3460	4664	Unicorn-39139.exe	107
PID 4664 wrote to memory of 3460	4664	Unicorn-39139.exe	107
PID 1168 wrote to memory of 2716	1168	Unicorn-3351.exe	108
PID 1168 wrote to memory of 2716	1168	Unicorn-3351.exe	108
PID 1168 wrote to memory of 2716	1168	Unicorn-3351.exe	108
PID 4136 wrote to memory of 3696	4136	Unicorn-55153.exe	109
PID 4136 wrote to memory of 3696	4136	Unicorn-55153.exe	109
PID 4136 wrote to memory of 3696	4136	Unicorn-55153.exe	109
PID 232 wrote to memory of 2476	232	Unicorn-22995.exe	110
PID 232 wrote to memory of 2476	232	Unicorn-22995.exe	110
PID 232 wrote to memory of 2476	232	Unicorn-22995.exe	110
PID 1424 wrote to memory of 3112	1424	Unicorn-52963.exe	111
PID 1424 wrote to memory of 3112	1424	Unicorn-52963.exe	111
PID 1424 wrote to memory of 3112	1424	Unicorn-52963.exe	111
PID 4432 wrote to memory of 3720	4432	b53f0cf37e5672bf86292523be6e7033330e91f02c371e4836870ede2cf550b3.exe	112
PID 4432 wrote to memory of 3720	4432	b53f0cf37e5672bf86292523be6e7033330e91f02c371e4836870ede2cf550b3.exe	112
PID 4432 wrote to memory of 3720	4432	b53f0cf37e5672bf86292523be6e7033330e91f02c371e4836870ede2cf550b3.exe	112
PID 2228 wrote to memory of 2756	2228	Unicorn-49434.exe	114
PID 2228 wrote to memory of 2756	2228	Unicorn-49434.exe	114
PID 2228 wrote to memory of 2756	2228	Unicorn-49434.exe	114
PID 4068 wrote to memory of 4808	4068	Unicorn-56707.exe	113
PID 4068 wrote to memory of 4808	4068	Unicorn-56707.exe	113
PID 4068 wrote to memory of 4808	4068	Unicorn-56707.exe	113
PID 3460 wrote to memory of 2308	3460	Unicorn-8786.exe	115
PID 3460 wrote to memory of 2308	3460	Unicorn-8786.exe	115
PID 3460 wrote to memory of 2308	3460	Unicorn-8786.exe	115
PID 4664 wrote to memory of 2068	4664	Unicorn-39139.exe	116
PID 4664 wrote to memory of 2068	4664	Unicorn-39139.exe	116
PID 4664 wrote to memory of 2068	4664	Unicorn-39139.exe	116
PID 2716 wrote to memory of 4312	2716	Unicorn-63882.exe	117
PID 2716 wrote to memory of 4312	2716	Unicorn-63882.exe	117
PID 2716 wrote to memory of 4312	2716	Unicorn-63882.exe	117
PID 3696 wrote to memory of 2100	3696	Unicorn-28003.exe	118
PID 3696 wrote to memory of 2100	3696	Unicorn-28003.exe	118
PID 3696 wrote to memory of 2100	3696	Unicorn-28003.exe	118
PID 2756 wrote to memory of 2160	2756	Unicorn-7369.exe	119
PID 2756 wrote to memory of 2160	2756	Unicorn-7369.exe	119
PID 2756 wrote to memory of 2160	2756	Unicorn-7369.exe	119
PID 2476 wrote to memory of 2980	2476	Unicorn-27235.exe	120
PID 2476 wrote to memory of 2980	2476	Unicorn-27235.exe	120
PID 2476 wrote to memory of 2980	2476	Unicorn-27235.exe	120
PID 3720 wrote to memory of 4520	3720	Unicorn-26970.exe	121

C:\Users\Admin\AppData\Local\Temp\b53f0cf37e5672bf86292523be6e7033330e91f02c371e4836870ede2cf550b3.exe
"C:\Users\Admin\AppData\Local\Temp\b53f0cf37e5672bf86292523be6e7033330e91f02c371e4836870ede2cf550b3.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4432
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56707.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56707.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52963.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52963.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22995.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27235.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16099.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46195.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10466.exe
        8⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49146.exe
        10⤵
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5776.exe
        10⤵
        
        PID:15700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:16340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43000.exe
        9⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6535.exe
        9⤵
        
        PID:16252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42937.exe
        9⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34496.exe
        8⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19162.exe
        9⤵
        
        PID:13268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29232.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:15748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10675.exe
        9⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
        8⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
        8⤵
        
        PID:16344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45265.exe
        8⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9641.exe
        7⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
        8⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43000.exe
        8⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6535.exe
        8⤵
        
        PID:16236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28428.exe
        8⤵
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55928.exe
        7⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16192.exe
        7⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64817.exe
        7⤵
        
        PID:14976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3628.exe
        7⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
        7⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15859.exe
        8⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37466.exe
        9⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17639.exe
        9⤵
        
        PID:12392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17177.exe
        9⤵
        
        PID:15900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7875.exe
        9⤵
        
        PID:17276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22695.exe
        8⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61656.exe
        8⤵
        
        PID:14132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14122.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
        7⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16122.exe
        8⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49441.exe
        8⤵
        
        PID:11328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        8⤵
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62077.exe
        8⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42680.exe
        7⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51569.exe
        7⤵
        
        PID:13032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40168.exe
        7⤵
        
        PID:15912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10242.exe
        7⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6256.exe
        6⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41024.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42170.exe
        8⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40473.exe
        8⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
        7⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7280.exe
        7⤵
        
        PID:14304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49910.exe
        7⤵
        
        PID:9568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8736.exe
        6⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58042.exe
        7⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38704.exe
        7⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42968.exe
        7⤵
        
        PID:15732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        7⤵
        
        PID:12676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62472.exe
        6⤵
        
        PID:8752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49305.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27818.exe
        6⤵
        
        PID:16836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-673.exe
        6⤵
        
        PID:10688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61770.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11218.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24115.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32115.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47642.exe
        9⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
        9⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59096.exe
        9⤵
        
        PID:15676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56317.exe
        9⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61617.exe
        8⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45704.exe
        8⤵
        
        PID:13016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48833.exe
        8⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3609.exe
        8⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61393.exe
        7⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
        8⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        8⤵
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60641.exe
        8⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16071.exe
        7⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        7⤵
        
        PID:14324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26371.exe
        7⤵
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58058.exe
        6⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39754.exe
        7⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44053.exe
        8⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44433.exe
        7⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57457.exe
        7⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10073.exe
        7⤵
        
        PID:8760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63416.exe
        6⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53464.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
        6⤵
        
        PID:15336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53558.exe
        6⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23728.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        6⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63251.exe
        7⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42218.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54785.exe
        8⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47764.exe
        8⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59041.exe
        7⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35063.exe
        7⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27249.exe
        7⤵
        
        PID:696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31424.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26528.exe
        7⤵
        
        PID:15460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56897.exe
        7⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49144.exe
        6⤵
        
        PID:11104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
        6⤵
        
        PID:15244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58714.exe
        6⤵
        
        PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        5⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56090.exe
        6⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47658.exe
        7⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18185.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30087.exe
        7⤵
        
        PID:17104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54564.exe
        7⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27273.exe
        6⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26160.exe
        6⤵
        
        PID:13120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48833.exe
        6⤵
        
        PID:15936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59473.exe
        6⤵
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13143.exe
        5⤵
        
        PID:8084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52650.exe
        5⤵
        
        PID:11980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45736.exe
        5⤵
        
        PID:16140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35516.exe
        5⤵
        
        PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7369.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30937.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46771.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27187.exe
        7⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56090.exe
        8⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61306.exe
        9⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        9⤵
        
        PID:14180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49531.exe
        9⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        8⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56280.exe
        8⤵
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16464.exe
        8⤵
        
        PID:16868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53412.exe
        8⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49681.exe
        7⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40858.exe
        7⤵
        
        PID:11756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64817.exe
        7⤵
        
        PID:14968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21609.exe
        7⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65178.exe
        6⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56090.exe
        7⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12105.exe
        8⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4880.exe
        8⤵
        
        PID:12988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10544.exe
        8⤵
        
        PID:16892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47652.exe
        8⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        7⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56280.exe
        7⤵
        
        PID:13780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34151.exe
        7⤵
        
        PID:1192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63416.exe
        6⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37127.exe
        6⤵
        
        PID:12136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48281.exe
        6⤵
        
        PID:15084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        6⤵
        
        PID:7644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 616
        7⤵
        Program crash
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44554.exe
        6⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19159.exe
        6⤵
        
        PID:11168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
        6⤵
        
        PID:15252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24889.exe
        6⤵
        
        PID:15216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5785.exe
        5⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56090.exe
        6⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
        7⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
        7⤵
        
        PID:12372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
        7⤵
        
        PID:15756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23453.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59697.exe
        6⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18615.exe
        6⤵
        
        PID:12956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50369.exe
        6⤵
        
        PID:16620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56861.exe
        6⤵
        
        PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60616.exe
        5⤵
        
        PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34224.exe
        5⤵
        
        PID:10584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27418.exe
        5⤵
        
        PID:13920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32411.exe
        5⤵
        
        PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9968.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29859.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        6⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43347.exe
        7⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe
        8⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22409.exe
        8⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        8⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4736.exe
        7⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52440.exe
        7⤵
        
        PID:13184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48833.exe
        7⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51459.exe
        7⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11232.exe
        6⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10953.exe
        7⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21792.exe
        7⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42584.exe
        7⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6480.exe
        7⤵
        
        PID:17364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
        7⤵
        
        PID:9672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        6⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53750.exe
        6⤵
        
        PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50097.exe
        5⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52899.exe
        6⤵
        
        PID:8460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41568.exe
        6⤵
        
        PID:11928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        6⤵
        
        PID:13008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62077.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49640.exe
        5⤵
        
        PID:13192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23632.exe
        5⤵
        
        PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27430.exe
        5⤵
        
        PID:16772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62074.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        5⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24362.exe
        6⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22931.exe
        7⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38714.exe
        8⤵
        
        PID:16160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12425.exe
        7⤵
        
        PID:12488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42968.exe
        7⤵
        
        PID:15440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16042.exe
        7⤵
        
        PID:16920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7808.exe
        6⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48792.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
        6⤵
        
        PID:14324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45653.exe
        6⤵
        
        PID:13380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54673.exe
        5⤵
        
        PID:7160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3591.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22871.exe
        6⤵
        
        PID:15952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10073.exe
        6⤵
        
        PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
        5⤵
        
        PID:10288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        5⤵
        
        PID:13752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7799.exe
        5⤵
        
        PID:16720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7468.exe
        5⤵
        
        PID:1180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
      4⤵
      PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63018.exe
        5⤵
        
        PID:7852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17344.exe
        5⤵
        
        PID:11100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        5⤵
        
        PID:4924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61693.exe
        5⤵
        
        PID:17020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53313.exe
      4⤵
      PID:8076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44762.exe
      4⤵
      PID:11272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43816.exe
      4⤵
      PID:3920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28145.exe
      4⤵
      PID:16016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55153.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55153.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28003.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33587.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36579.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
        7⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16435.exe
        8⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12489.exe
        9⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
        9⤵
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44504.exe
        9⤵
        
        PID:16612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21691.exe
        9⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44513.exe
        8⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51272.exe
        8⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19040.exe
        8⤵
        
        PID:17144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19964.exe
        8⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-656.exe
        7⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61306.exe
        8⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4880.exe
        8⤵
        
        PID:12972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10544.exe
        8⤵
        
        PID:16984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3465.exe
        8⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9712.exe
        8⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54984.exe
        7⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-962.exe
        7⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64700.exe
        7⤵
        
        PID:6776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37481.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38339.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 488
        8⤵
        Program crash
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
        7⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32026.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40168.exe
        7⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18636.exe
        7⤵
        
        PID:12164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52593.exe
        6⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
        7⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        7⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
        7⤵
        
        PID:13764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30666.exe
        7⤵
        
        PID:5592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47393.exe
        6⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36707.exe
        7⤵
        
        PID:10572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12592.exe
        6⤵
        
        PID:12064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        6⤵
        
        PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39401.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
        6⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41354.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        8⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46810.exe
        8⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58913.exe
        7⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
        7⤵
        
        PID:15320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53412.exe
        7⤵
        
        PID:17316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28857.exe
        6⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61347.exe
        7⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1879.exe
        7⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        7⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4247.exe
        6⤵
        
        PID:10316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36944.exe
        6⤵
        
        PID:13772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10713.exe
        6⤵
        
        PID:17120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54372.exe
        6⤵
        
        PID:8968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51217.exe
        5⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
        6⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
        7⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29705.exe
        7⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
        7⤵
        
        PID:13852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        7⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58913.exe
        6⤵
        
        PID:7936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        6⤵
        
        PID:11288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35553.exe
        6⤵
        
        PID:13828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53604.exe
        6⤵
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48458.exe
        5⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63402.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30800.exe
        6⤵
        
        PID:11164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        6⤵
        
        PID:15184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46810.exe
        6⤵
        
        PID:17068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20144.exe
        5⤵
        
        PID:8904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61594.exe
        5⤵
        
        PID:12208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13209.exe
        5⤵
        
        PID:15768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
        5⤵
        
        PID:10984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63256.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5842.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27379.exe
        6⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53267.exe
        7⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25792.exe
        8⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39752.exe
        8⤵
        
        PID:13812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18848.exe
        8⤵
        
        PID:17160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19964.exe
        8⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20016.exe
        7⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20784.exe
        7⤵
        
        PID:13720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16464.exe
        7⤵
        
        PID:16792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53412.exe
        7⤵
        
        PID:14608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-480.exe
        6⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
        6⤵
        
        PID:10388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35553.exe
        6⤵
        
        PID:13908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21616.exe
        6⤵
        
        PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51722.exe
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
        6⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20857.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12448.exe
        6⤵
        
        PID:14688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62269.exe
        6⤵
        
        PID:1252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48056.exe
        5⤵
        
        PID:8280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        5⤵
        
        PID:11660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64817.exe
        5⤵
        
        PID:14956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23036.exe
        5⤵
        
        PID:8536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54202.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5474.exe
        5⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63962.exe
        6⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42531.exe
        7⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        7⤵
        
        PID:14212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34105.exe
        7⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48906.exe
        6⤵
        
        PID:8868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3104.exe
        6⤵
        
        PID:13596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49585.exe
        6⤵
        
        PID:16680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51466.exe
        5⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54090.exe
        6⤵
        
        PID:15820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27868.exe
        6⤵
        
        PID:6904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58168.exe
        5⤵
        
        PID:10440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
        5⤵
        
        PID:13936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40088.exe
        5⤵
        
        PID:16908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37945.exe
        5⤵
        
        PID:15948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6928.exe
      4⤵
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59811.exe
        5⤵
        
        PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50017.exe
        5⤵
        
        PID:10300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        5⤵
        
        PID:15156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45549.exe
        5⤵
        
        PID:14032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3609.exe
      4⤵
      PID:8896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
      4⤵
      PID:12480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
      4⤵
      PID:15840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65333.exe
      4⤵
      PID:10540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21104.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21104.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16099.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63626.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16227.exe
        6⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12018.exe
        7⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43667.exe
        8⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51080.exe
        8⤵
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50753.exe
        8⤵
        
        PID:16532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44435.exe
        8⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
        7⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32026.exe
        7⤵
        
        PID:13236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40168.exe
        7⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
        7⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22272.exe
        6⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
        7⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
        8⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17344.exe
        7⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        7⤵
        
        PID:15144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
        7⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe
        6⤵
        
        PID:8940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56945.exe
        6⤵
        
        PID:11524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11143.exe
        6⤵
        
        PID:16820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55670.exe
        6⤵
        
        PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30377.exe
        5⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43347.exe
        6⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-569.exe
        7⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6592.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
        7⤵
        
        PID:16056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63805.exe
        7⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4736.exe
        6⤵
        
        PID:9772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38609.exe
        6⤵
        
        PID:14068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56547.exe
        6⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8631.exe
        5⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39114.exe
        6⤵
        
        PID:10056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15936.exe
        6⤵
        
        PID:13880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37512.exe
        6⤵
        
        PID:16464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        5⤵
        
        PID:13736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9865.exe
        5⤵
        
        PID:16968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
        5⤵
        
        PID:7376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42857.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
        5⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40506.exe
        6⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
        7⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
        7⤵
        
        PID:15148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47469.exe
        7⤵
        
        PID:16852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16176.exe
        6⤵
        
        PID:8880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40529.exe
        6⤵
        
        PID:14204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7907.exe
        6⤵
        
        PID:12216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5280.exe
        5⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        6⤵
        
        PID:9368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12425.exe
        6⤵
        
        PID:13100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42968.exe
        6⤵
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42444.exe
        6⤵
        
        PID:11684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        5⤵
        
        PID:8888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        5⤵
        
        PID:13564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48182.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6256.exe
      4⤵
      PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
        5⤵
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43306.exe
        6⤵
        
        PID:15276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60961.exe
        5⤵
        
        PID:10844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16423.exe
        5⤵
        
        PID:15032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
        5⤵
        
        PID:9380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12592.exe
      4⤵
      PID:7332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2834.exe
        5⤵
        
        PID:16240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53020.exe
        5⤵
        
        PID:13432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7527.exe
      4⤵
      PID:10384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48281.exe
      4⤵
      PID:15076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55011.exe
      4⤵
      PID:16452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15833.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15833.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62723.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16419.exe
        5⤵
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16435.exe
        6⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47642.exe
        7⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
        7⤵
        
        PID:11560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33927.exe
        7⤵
        
        PID:15532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53629.exe
        7⤵
        
        PID:11864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39224.exe
        6⤵
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57153.exe
        6⤵
        
        PID:12848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
        6⤵
        
        PID:16648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27584.exe
        6⤵
        
        PID:14060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11127.exe
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61690.exe
        6⤵
        
        PID:10060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4880.exe
        6⤵
        
        PID:12964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44504.exe
        6⤵
        
        PID:16704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37376.exe
        6⤵
        
        PID:7392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7136.exe
        5⤵
        
        PID:9448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18368.exe
        5⤵
        
        PID:13672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20693.exe
        5⤵
        
        PID:6816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63258.exe
      4⤵
      PID:5912
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 636
        5⤵
        Program crash
        
        PID:8788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56888.exe
      4⤵
      PID:7996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53089.exe
      4⤵
      PID:10868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64817.exe
      4⤵
      PID:14928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35999.exe
      4⤵
      PID:16044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56616.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56616.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
      4⤵
      PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
        6⤵
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50017.exe
        6⤵
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        6⤵
        
        PID:3748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62077.exe
        6⤵
        
        PID:16068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11648.exe
        5⤵
        
        PID:9100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22304.exe
        5⤵
        
        PID:12200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62657.exe
        5⤵
        
        PID:15444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56401.exe
        5⤵
        
        PID:7284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15456.exe
      4⤵
      PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37082.exe
        5⤵
        
        PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24080.exe
        5⤵
        
        PID:11796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56024.exe
        5⤵
        
        PID:14112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61885.exe
        5⤵
        
        PID:6920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27879.exe
      4⤵
      PID:9060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32026.exe
      4⤵
      PID:13284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40168.exe
      4⤵
      PID:15328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
      4⤵
      PID:1624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29017.exe
    3⤵
    PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51290.exe
      4⤵
      PID:7892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5040.exe
      4⤵
      PID:11224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31280.exe
      4⤵
      PID:15224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54948.exe
      4⤵
      PID:7236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4841.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4841.exe
    3⤵
    PID:8100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23231.exe
    3⤵
    PID:11280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38481.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38481.exe
    3⤵
    PID:4700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12060.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12060.exe
    3⤵
    PID:9316
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49434.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49434.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39139.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39139.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8786.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31475.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3138.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54467.exe
        7⤵
        Executes dropped EXE
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        8⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 640
        9⤵
        Program crash
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32871.exe
        8⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
        8⤵
        
        PID:11936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64817.exe
        8⤵
        
        PID:14952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36876.exe
        8⤵
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35328.exe
        7⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
        8⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62074.exe
        9⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        9⤵
        
        PID:14552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21232.exe
        9⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59617.exe
        8⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe
        8⤵
        
        PID:12816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26425.exe
        8⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58721.exe
        7⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54040.exe
        7⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48281.exe
        7⤵
        
        PID:15092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        7⤵
        
        PID:9088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50746.exe
        6⤵
        Executes dropped EXE
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12402.exe
        7⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50122.exe
        8⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42474.exe
        9⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        9⤵
        
        PID:14228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
        9⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1863.exe
        8⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35553.exe
        8⤵
        
        PID:13820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53604.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44554.exe
        7⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57338.exe
        8⤵
        
        PID:15200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30227.exe
        8⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19159.exe
        7⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
        7⤵
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
        7⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13152.exe
        6⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33434.exe
        7⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52913.exe
        7⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17207.exe
        7⤵
        
        PID:16008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29514.exe
        7⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe
        6⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64817.exe
        6⤵
        
        PID:12840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8274.exe
        6⤵
        
        PID:17032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        6⤵
        
        PID:8268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
        6⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14898.exe
        7⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14777.exe
        8⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
        8⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
        8⤵
        
        PID:16256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9228.exe
        8⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54305.exe
        7⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31920.exe
        7⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35953.exe
        7⤵
        
        PID:16856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-473.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-464.exe
        6⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14793.exe
        7⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11216.exe
        7⤵
        
        PID:12768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35656.exe
        7⤵
        
        PID:15800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
        7⤵
        
        PID:8772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54984.exe
        6⤵
        
        PID:8344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24481.exe
        6⤵
        
        PID:12820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39784.exe
        6⤵
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8857.exe
        5⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50195.exe
        6⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39824.exe
        6⤵
        
        PID:10312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46024.exe
        6⤵
        
        PID:13664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62269.exe
        6⤵
        
        PID:17096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12951.exe
        5⤵
        
        PID:8136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15257.exe
        5⤵
        
        PID:10924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65347.exe
        5⤵
        
        PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19064.exe
        5⤵
        
        PID:6496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44090.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3138.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5074.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20467.exe
        7⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
        8⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17344.exe
        8⤵
        
        PID:11232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        8⤵
        
        PID:15120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62077.exe
        8⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
        7⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32026.exe
        7⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40168.exe
        7⤵
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
        7⤵
        
        PID:10976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48216.exe
        6⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40938.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5264.exe
        7⤵
        
        PID:13328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10544.exe
        7⤵
        
        PID:17296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19779.exe
        7⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
        6⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15815.exe
        6⤵
        
        PID:12708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25168.exe
        6⤵
        
        PID:16672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26651.exe
        6⤵
        
        PID:16448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12016.exe
        5⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60049.exe
        6⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25235.exe
        7⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        7⤵
        
        PID:14156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        7⤵
        
        PID:11316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        6⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        6⤵
        
        PID:13584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59768.exe
        6⤵
        
        PID:17284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8389.exe
        6⤵
        
        PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30833.exe
        5⤵
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60922.exe
        6⤵
        
        PID:8988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4880.exe
        6⤵
        
        PID:404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11831.exe
        6⤵
        
        PID:16636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9854.exe
        6⤵
        
        PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60168.exe
        5⤵
        
        PID:9512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53089.exe
        5⤵
        
        PID:14388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34682.exe
        5⤵
        
        PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46493.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63121.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27011.exe
        6⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        7⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54849.exe
        7⤵
        
        PID:13164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42968.exe
        7⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47652.exe
        7⤵
        
        PID:8800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53937.exe
        6⤵
        
        PID:9796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52440.exe
        6⤵
        
        PID:13224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48833.exe
        6⤵
        
        PID:14128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7377.exe
        6⤵
        
        PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21895.exe
        5⤵
        
        PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15024.exe
        5⤵
        
        PID:10856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64152.exe
        5⤵
        
        PID:14296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31944.exe
        5⤵
        
        PID:10164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57082.exe
      4⤵
      PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38339.exe
        5⤵
        
        PID:4716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 460
        6⤵
        Program crash
        
        PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
        5⤵
        
        PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32026.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40168.exe
        5⤵
        
        PID:15412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26809.exe
        5⤵
        
        PID:11136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
      4⤵
      PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
        5⤵
        
        PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32720.exe
        5⤵
        
        PID:11388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
        5⤵
        
        PID:13692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45933.exe
        5⤵
        
        PID:5920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22192.exe
      4⤵
      PID:9180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13122.exe
      4⤵
      PID:11348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57215.exe
      4⤵
      PID:15780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17284.exe
      4⤵
      PID:10808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7369.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7369.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49731.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        6⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59875.exe
        7⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63018.exe
        8⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49441.exe
        8⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
        8⤵
        
        PID:13896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45933.exe
        8⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60465.exe
        7⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51272.exe
        7⤵
        
        PID:11764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3664.exe
        7⤵
        
        PID:16768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41017.exe
        7⤵
        
        PID:1204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
        6⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-569.exe
        7⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6592.exe
        7⤵
        
        PID:12428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47192.exe
        7⤵
        
        PID:15892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61610.exe
        7⤵
        
        PID:9624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24423.exe
        6⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
        6⤵
        
        PID:15024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13195.exe
        6⤵
        
        PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35328.exe
        5⤵
        
        PID:1408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14242.exe
        6⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49770.exe
        7⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19721.exe
        7⤵
        
        PID:12492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-871.exe
        7⤵
        
        PID:15928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
        7⤵
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43168.exe
        6⤵
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18615.exe
        6⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50369.exe
        6⤵
        
        PID:16712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3244.exe
        6⤵
        
        PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28631.exe
        5⤵
        
        PID:7876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46506.exe
        6⤵
        
        PID:10008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        6⤵
        
        PID:14188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28428.exe
        6⤵
        
        PID:11872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        5⤵
        
        PID:10456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11879.exe
        5⤵
        
        PID:13984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48681.exe
        5⤵
        
        PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38813.exe
        5⤵
        
        PID:12588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42665.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        5⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17450.exe
        6⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46506.exe
        7⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4880.exe
        7⤵
        
        PID:12744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37760.exe
        7⤵
        
        PID:13964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59041.exe
        6⤵
        
        PID:10480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30439.exe
        6⤵
        
        PID:14012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56877.exe
        6⤵
        
        PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31424.exe
        5⤵
        
        PID:7800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29120.exe
        5⤵
        
        PID:11420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10944.exe
        5⤵
        
        PID:16796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26651.exe
        5⤵
        
        PID:14180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
      4⤵
      PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47642.exe
        5⤵
        
        PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
        5⤵
        
        PID:11528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23543.exe
        5⤵
        
        PID:15540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56317.exe
        5⤵
        
        PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39880.exe
      4⤵
      PID:8292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26368.exe
      4⤵
      PID:13044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40698.exe
      4⤵
      PID:16004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60433.exe
      4⤵
      PID:9712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9968.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9968.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43834.exe
      4⤵
      PID:836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14898.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        6⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50504.exe
        6⤵
        
        PID:12504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5968.exe
        6⤵
        
        PID:16080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44513.exe
        5⤵
        
        PID:9076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
        5⤵
        
        PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37297.exe
        5⤵
        
        PID:15864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23536.exe
        5⤵
        
        PID:6488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14199.exe
      4⤵
      PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37466.exe
        5⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24272.exe
        5⤵
        
        PID:11780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37000.exe
        5⤵
        
        PID:13148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63146.exe
        5⤵
        
        PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34129.exe
      4⤵
      PID:8872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23360.exe
      4⤵
      PID:13104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23632.exe
      4⤵
      PID:15884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50859.exe
      4⤵
      PID:6160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65281.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65281.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
      4⤵
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        5⤵
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44586.exe
        6⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        6⤵
        
        PID:14148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48906.exe
        5⤵
        
        PID:9384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42522.exe
        5⤵
        
        PID:14436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        5⤵
        
        PID:7408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
      4⤵
      PID:7632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61048.exe
      4⤵
      PID:10876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7472.exe
      4⤵
      PID:14260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39334.exe
      4⤵
      PID:7008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8656.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8656.exe
    3⤵
    PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53267.exe
      4⤵
      PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
        5⤵
        
        PID:9552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7376.exe
        5⤵
        
        PID:13360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10544.exe
        5⤵
        
        PID:17092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39572.exe
        5⤵
        
        PID:5160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58849.exe
      4⤵
      PID:10328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe
      4⤵
      PID:15016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58033.exe
      4⤵
      PID:16812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18636.exe
      4⤵
      PID:11688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44080.exe
    3⤵
    PID:7948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57914.exe
      4⤵
      PID:15040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
      4⤵
      PID:7280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51290.exe
    3⤵
    PID:10424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
    3⤵
    PID:13844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27761.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27761.exe
    3⤵
    PID:16692
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63882.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63882.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35235.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47674.exe
        6⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5874.exe
        7⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
        8⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17344.exe
        8⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        8⤵
        
        PID:15168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46810.exe
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9209.exe
        7⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26977.exe
        7⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7744.exe
        7⤵
        
        PID:16996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55094.exe
        7⤵
        
        PID:8572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63208.exe
        6⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        7⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12425.exe
        7⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42968.exe
        7⤵
        
        PID:15660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64682.exe
        7⤵
        
        PID:16400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15815.exe
        6⤵
        
        PID:12016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25168.exe
        6⤵
        
        PID:16692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
        6⤵
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1353.exe
        5⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37763.exe
        6⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-537.exe
        7⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46506.exe
        8⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        8⤵
        
        PID:14164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49531.exe
        8⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36648.exe
        7⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22871.exe
        7⤵
        
        PID:16028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56379.exe
        7⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28025.exe
        6⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        7⤵
        
        PID:13052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62346.exe
        7⤵
        
        PID:17044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-423.exe
        7⤵
        
        PID:17360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18377.exe
        7⤵
        
        PID:10012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18775.exe
        6⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
        6⤵
        
        PID:15212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
        6⤵
        
        PID:8332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42593.exe
        5⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
        6⤵
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        6⤵
        
        PID:11448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        6⤵
        
        PID:15192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46426.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28810.exe
        5⤵
        
        PID:8956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48088.exe
        5⤵
        
        PID:12360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60721.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49526.exe
        5⤵
        
        PID:8288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22681.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
        5⤵
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
        6⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37082.exe
        7⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43488.exe
        7⤵
        
        PID:12068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        7⤵
        
        PID:13296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30282.exe
        7⤵
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25383.exe
        6⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
        6⤵
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
        6⤵
        
        PID:15420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        6⤵
        
        PID:8364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28857.exe
        5⤵
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
        6⤵
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50017.exe
        6⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        6⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
        6⤵
        
        PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28561.exe
        5⤵
        
        PID:10112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15815.exe
        5⤵
        
        PID:12620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25168.exe
        5⤵
        
        PID:16732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        5⤵
        
        PID:6944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8857.exe
      4⤵
      PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22842.exe
        5⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51690.exe
        6⤵
        
        PID:9460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12425.exe
        6⤵
        
        PID:11408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42968.exe
        6⤵
        
        PID:15836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61610.exe
        6⤵
        
        PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48906.exe
        5⤵
        
        PID:10044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45729.exe
        5⤵
        
        PID:14404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35702.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39345.exe
      4⤵
      PID:7812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29808.exe
      4⤵
      PID:11080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29011.exe
      4⤵
      PID:15260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-273.exe
      4⤵
      PID:8576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63256.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63256.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38323.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64794.exe
        5⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56090.exe
        6⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        6⤵
        
        PID:10368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21277.exe
        6⤵
        
        PID:13832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18848.exe
        6⤵
        
        PID:17312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33612.exe
        6⤵
        
        PID:9288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2208.exe
        5⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60785.exe
        5⤵
        
        PID:11988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62440.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35999.exe
        5⤵
        
        PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51722.exe
      4⤵
      PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23418.exe
        5⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
        6⤵
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3193.exe
        6⤵
        
        PID:12580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
        6⤵
        
        PID:16048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63805.exe
        6⤵
        
        PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57009.exe
        5⤵
        
        PID:7756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18615.exe
        5⤵
        
        PID:12944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50369.exe
        5⤵
        
        PID:16600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7468.exe
        5⤵
        
        PID:8664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15943.exe
      4⤵
      PID:8112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
        5⤵
        
        PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53882.exe
        5⤵
        
        PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12512.exe
        5⤵
        
        PID:9756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40458.exe
      4⤵
      PID:10904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10816.exe
      4⤵
      PID:16032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49564.exe
      4⤵
      PID:17012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53818.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10290.exe
      4⤵
      PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31306.exe
        5⤵
        
        PID:7468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50977.exe
        5⤵
        
        PID:11588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2023.exe
        5⤵
        
        PID:16356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43837.exe
        5⤵
        
        PID:11740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45089.exe
      4⤵
      PID:8368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45704.exe
      4⤵
      PID:13068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48833.exe
      4⤵
      PID:15916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21116.exe
      4⤵
      PID:8696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
    3⤵
    PID:6560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11721.exe
      4⤵
      PID:8552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
      4⤵
      PID:12748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44504.exe
      4⤵
      PID:16724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
      4⤵
      PID:8660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43305.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43305.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-834.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-834.exe
    3⤵
    PID:13540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52280.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52280.exe
    3⤵
    PID:16880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53160.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53160.exe
    3⤵
    PID:1900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56653.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56653.exe
    3⤵
    PID:11152
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26970.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26970.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16099.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16099.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14233.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47747.exe
        5⤵
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
        6⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
        7⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32720.exe
        7⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
        7⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34320.exe
        6⤵
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54536.exe
        6⤵
        
        PID:11704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
        6⤵
        
        PID:1004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53412.exe
        6⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38857.exe
        5⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43667.exe
        6⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40800.exe
        6⤵
        
        PID:11728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        6⤵
        
        PID:15176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
        6⤵
        
        PID:16460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41528.exe
        5⤵
        
        PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37786.exe
        5⤵
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11143.exe
        5⤵
        
        PID:16808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30288.exe
        5⤵
        
        PID:17372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
        5⤵
        
        PID:7848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62858.exe
      4⤵
      PID:220
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 220 -s 724
        5⤵
        Program crash
        
        PID:6928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10953.exe
        5⤵
        
        PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5264.exe
        5⤵
        
        PID:13344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10544.exe
        5⤵
        
        PID:16916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
        5⤵
        
        PID:6172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8000.exe
      4⤵
      PID:9788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49640.exe
      4⤵
      PID:13204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23632.exe
      4⤵
      PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34309.exe
      4⤵
      PID:4612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9993.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
      4⤵
      PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56090.exe
        5⤵
        
        PID:7172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61306.exe
        6⤵
        
        PID:10184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        6⤵
        
        PID:14220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
        6⤵
        
        PID:9272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        5⤵
        
        PID:10344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38817.exe
        5⤵
        
        PID:15008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36409.exe
        5⤵
        
        PID:9608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31424.exe
      4⤵
      PID:7792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51937.exe
      4⤵
      PID:11468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6135.exe
      4⤵
      PID:15724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-473.exe
      4⤵
      PID:8724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65457.exe
    3⤵
    PID:5732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43000.exe
      4⤵
      PID:10420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
      4⤵
      PID:12864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
      4⤵
      PID:316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61793.exe
    3⤵
    PID:7304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36928.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36928.exe
    3⤵
    PID:12112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1871.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1871.exe
    3⤵
    PID:16064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57444.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57444.exe
    3⤵
    PID:8384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7168.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7168.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11218.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11218.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3481.exe
      4⤵
      PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61027.exe
        5⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63018.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30089.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        6⤵
        
        PID:13116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62077.exe
        6⤵
        
        PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
        5⤵
        
        PID:9000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32026.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40168.exe
        5⤵
        
        PID:15696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
        5⤵
        
        PID:10216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55194.exe
      4⤵
      PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47642.exe
        5⤵
        
        PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
        5⤵
        
        PID:11552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-544.exe
        5⤵
        
        PID:15672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5388.exe
        5⤵
        
        PID:11344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44792.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32026.exe
      4⤵
      PID:13132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40168.exe
      4⤵
      PID:2300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3673.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3673.exe
    3⤵
    PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15859.exe
      4⤵
      PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47642.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1968.exe
        5⤵
        
        PID:11572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16055.exe
        5⤵
        
        PID:16180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18377.exe
        5⤵
        
        PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39224.exe
      4⤵
      PID:10072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54858.exe
        5⤵
        
        PID:16268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61979.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12647.exe
      4⤵
      PID:14116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41643.exe
      4⤵
      PID:9576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3200.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3200.exe
    3⤵
    PID:6316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
      4⤵
      PID:7544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51553.exe
      4⤵
      PID:11484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
      4⤵
      PID:13796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62269.exe
      4⤵
      PID:1504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47393.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47393.exe
    3⤵
    PID:6596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50355.exe
      4⤵
      PID:10956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48280.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48280.exe
    3⤵
    PID:11416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56746.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56746.exe
    3⤵
    PID:16936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45099.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45099.exe
    3⤵
    PID:17040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4393.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4393.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43274.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43274.exe
    3⤵
    PID:5204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43347.exe
      4⤵
      PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
        5⤵
        
        PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18407.exe
        5⤵
        
        PID:12108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3664.exe
        5⤵
        
        PID:16776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24711.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36300.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60465.exe
      4⤵
      PID:9196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26977.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7744.exe
      4⤵
      PID:17020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48182.exe
      4⤵
      PID:7456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21895.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21895.exe
    3⤵
    PID:7536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53322.exe
      4⤵
      PID:16020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34988.exe
      4⤵
      PID:17372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
    3⤵
    PID:10760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
    3⤵
    PID:15052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56259.exe
    3⤵
    PID:17024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
    3⤵
    PID:13952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56394.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56394.exe
  2⤵
  PID:5712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63018.exe
    3⤵
    PID:7964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50017.exe
    3⤵
    PID:10560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
    3⤵
    PID:15288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61885.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61885.exe
    3⤵
    PID:7148
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24431.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24431.exe
  2⤵
  PID:8168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5457.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5457.exe
  2⤵
  PID:10968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42681.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42681.exe
  2⤵
  PID:14988
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3073.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3073.exe
  2⤵
  PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 220 -ip 220
1⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4716 -ip 4716
1⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 6040 -ip 6040
1⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5688 -ip 5688
1⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5680 -ip 5680
1⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5912 -ip 5912
1⤵
PID:7616

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
- Suspicious behavior: AddClipboardFormatListener
PID:16632

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:5848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15833.exe

Filesize
468KB

MD5
1450cf9256891377a3f4993e1672c12d

SHA1
0df881124a42ce3a8879c736b29d4ad9c0874ace

SHA256
63f7acc0e5ca2e93518729f45145e816b20e4c24c7d92e61f3c878607f68ae3f

SHA512
a86e2878c5c0393526feb43a7af350080999dd94d51f5c4f84a114df18d22e1e841603421bc778c14485c1cce44d0036ddbbe2ac4ae835f910b64c60ab83e0ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16099.exe

Filesize
468KB

MD5
4fb84d6e73c65ee8b64c43e953b585bb

SHA1
ec39978db3c33b8f4f06e2fe89b810def827e39d

SHA256
b270f8b0996c7afd1b173e58f0f4b043547f91b76dc310cf325c8503f86d03bf

SHA512
ee85c4c244afaef8bbeced1d73fc42b69dfd464a6da8590f7683c40da5a7891ba368664aa43383eb644f85fdff2713c0b96f66a7735886fe607cc049b6742521

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21104.exe

Filesize
468KB

MD5
9d8079bcfb27268a42acc6407544b3d8

SHA1
62187808f9d28f9696b9ae73f73d02d10ee3804c

SHA256
aac16e02c811e82509f35639281d3d40233f0b2bd3dc8eed42232c2101984b0f

SHA512
b05327036d896639db59d126dbba4c84e4ef33c278ef07b987d75dce9efc0b5ce3021b94c28334be7cfde4d0a8d77ee4ddaba5988e0d40f05c3c91521f00897a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22995.exe

Filesize
468KB

MD5
9ea102a8f81c948b0778186e90eccf00

SHA1
0d66c448837ed10395d712d463d96937a1cf528b

SHA256
b8956d5ce17512535dd4644dd02fef5e021ea40231d7f50d10c2bf294ab6f938

SHA512
502ca9f83e5653d34804fc8ce59dbc3c3b4f5bcdc1d98b52de3865ee81498fed8afb446721718f258a94c9bc5f116213be35387e85a15f781faffddecb115297

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25235.exe

Filesize
468KB

MD5
2f491af6b69bda5239717e11996d2f34

SHA1
5dc01f140114769e65b5a2e5c9173abe58d0f3e7

SHA256
ba6716a62cca1559713653a325cda654a9fc5d85beba75e45b42c57875df5592

SHA512
df65b1967aba62122a6cdcadf8162cb20c2281e44a50f2a877aec7a602148e80a43128a60d09b437a183731200acc3a4f7cfb33957d72de11c9feb868ff43d36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26970.exe

Filesize
468KB

MD5
23f993ce6a4c42273fb00d70b73ba597

SHA1
ac012dafe3e276516e322a4813e17abd68d1d95a

SHA256
00966ea21d91c2ca29c428edf9039363af766aaed4a3433c603128d4fe9ebe22

SHA512
8768993ecbea038e1bcfd06bf413813531700032b7462c444a9d300ad78697de0ac827740a4975ee9ba05f5368cc38ecb725af6be12f69ba5e8f33503a60a44c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27235.exe

Filesize
468KB

MD5
197f716805d3265e9a958aa8b4b1fa1f

SHA1
708ddaa04627e0c8a9e62a5a480c5267b0decce9

SHA256
48fd9cfc9be1651a0dba66a1d9a528dfcf5939a69ea9cee2a1aa97449e43abfc

SHA512
97b8b7caa15cb16d7e66f55499cb90ffbf48a0adb084738ff99e05d72160f7122331e195758e397ee7306efc02af1a7230edccb2406e3f581e7418b23e25faa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28003.exe

Filesize
468KB

MD5
a8a28539d6caece0b4d696d76e4d416f

SHA1
ac88169a1f39b84cffecc69a9b0d011d3712de3b

SHA256
0a86a258d732d98de9b8f20606413db456e2d5f05c763c7d6cc553a136637db5

SHA512
424b63736a51478edf545f3e1e1f64820f051ab37c4c94a5d2d3c9f6647f8a730b8fd7bb195b4e34314c9ebc381d08a84099425c03c1683b36ef913f09f555bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30937.exe

Filesize
468KB

MD5
9897da8b3e4d6c33fdc7b7bbffe435e5

SHA1
a0b1eda3a881c3938a6ad0eaa194cfab2b9461b6

SHA256
d167af6a8d11972f34a6076df2d31395fcc763b5dcc3a28e47d10a5c9f71c9f4

SHA512
c0fa69a946d763d61603752b4f99679f78dd64b5a9f8a0c86f5c2e67c9da0779e99b1e47f258f8a82be9509f333cc212bc3ac3b84d1a9029673e228c67210463

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3138.exe

Filesize
468KB

MD5
da359327b6f97f1a403bfd421b94fab5

SHA1
e8fd85b727dcbbccea41d0136b2f6a57e373dc31

SHA256
55a3cc472c1171daa4936123e90ff547dcaa1565486b3841d5ef8844e1b2a723

SHA512
7fa639574c5996e6967f51c7ed080abbb7714cf0bcd7f8e7c92e11103f5f6e437bc64be00f75e70e289ace9d0f7ed45ea3aaee4363d6ba5f924988442797b81c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31475.exe

Filesize
468KB

MD5
d2e2b436c37b52914c120106d49f5e71

SHA1
1747d1f14d4a763d517c48cb97b1f46dcdfa402e

SHA256
d7d28813e59ed88e2e6192483654752dfdb36c030a286f04d4ba515d7291ef0e

SHA512
1bb57180ef051a34367395577ada6a425f038e6af6e1b5e647058658cb3ac9992ef5b11197e1c5f24efaeae3621f3ac9e6f93d16605f67b93605004703162a3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe

Filesize
468KB

MD5
b411ee131948167692cc0808b3d76d3b

SHA1
57897f0103873ad2718639da244614801592027e

SHA256
da14add50689a08896b191790c3bad3b57be4902c38c39af2d19ad2e5b07e2fa

SHA512
a9c6e374b0ee857c05654b23f174a7bc3a234ffd3686337c786051e1a815b73c1742ac9116e49106a0be59e696d4eee246e42f7009fbf6171e33269269c0f9e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33587.exe

Filesize
468KB

MD5
fa984908426127f2ea032b148e927be4

SHA1
779e2cfd9c4fc53370eed42f03c1525431086ffd

SHA256
29d70598e71561998e7a9961037dd32c4cac312b563e0e99716bfcf71d5cf96e

SHA512
8be29c6cc594fc53aed947003f4fb76678df842441dbbe67829b422b33ebeb7c70d6a574b14f72b51bbf5dd305e60b4dc0d95d70075c2a39b68f61dedc7ae639

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35235.exe

Filesize
468KB

MD5
006dc013fd863f3fbb9f1339b96ef020

SHA1
282e8a77046e2932d7ed17da63ab6b1cd86a5339

SHA256
a9759f5ee88db87282f5959704766f74d7ca7341aeaff6e2bc1b341f96f28861

SHA512
67aef662f2e54f9f1c3221df658b17faa5dcf824238dee5e5f79e377248f3ffc4ad8e65ef6da97b5e929fda181434bcf96b353dcb17f2cd26baf1092fafc1a77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39139.exe

Filesize
468KB

MD5
ba13c721135246f2c02d0c5076e316d5

SHA1
029a95bcc4d6c89bf977c40dc06536a66f43ad98

SHA256
36d2ee5a37454260d8877b2432948c9a93d27081e61ae09d54c5ebb74522589b

SHA512
67e5bcd9545dc8a6696cb6f2fa50fca16fedfd408306c8c14583fbe1f24a2279d86ca6a7c885c3da5da97cf92a1afc98b93ac09cf80cf05868992bf7f39463b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44090.exe

Filesize
468KB

MD5
9fcf9af62fc48eda5b612fa465b3c19a

SHA1
555a87e2ee8b6e91fe40d03f0f1565ed50cb54cd

SHA256
5071f153cdd3f9f1e2b275ae8687a11faff683f79c9979e55bfed9ac594f58dc

SHA512
bcf1b90896e9f26419419f417fb2c52bdc883e8dddf4e05c9d2e6fb534715e580115b0eac526a954760fa75b5b7ca8d51b7f5358b251c94973307f2514c977f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49434.exe

Filesize
468KB

MD5
bd632d2f1d7f82961e3201105a859249

SHA1
70b006ade0fc02442d191c9c54b803a7e39bf199

SHA256
aa5d6a1788fce4308f3e7a4ef77db38a2f67f50d8e223fd5f3ab1920a61e5c79

SHA512
598c880ce0cabe1b87c67f3999c71ad6455023df745f4877bbc48e7ab7844e3e16a7b65dbec1dc242c8cbd2511616f1961e00242fcde63c2ca319877f697570b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49731.exe

Filesize
468KB

MD5
a583f5eee9a8ff3f201c8e054a67c1ae

SHA1
db98c9d0d1f9436a76921b754d3b86ffd550089f

SHA256
101904ebb5ce45d87b472daad65c03385e612df65d30b2cffccd95296ba63b1f

SHA512
fda46c0e353d632898e04bfd9d82f6e6226a080787b8451113a7dd1b8adb1cf790d670dc8c76f12ada6886cbe4d6ba72d5f7070b3acdd765b3eaef11279baf5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52963.exe

Filesize
468KB

MD5
b47be50f538b817bb31d24430bb7d1f8

SHA1
c4b41f96b2a6eb60ebc777c04298ce75f6242201

SHA256
07eeb2f32851fd7eaca94b5f361c709c600991e26b48ee0a73a09b913e663324

SHA512
416ac11503ca6379132e15b533a99dbfc2529bebcc42df0769e6d977f9b2e387b92919f02790fa30ec7e331a6cef97b8d1c028c620ff8c67333a1045d918ffda

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe

Filesize
468KB

MD5
4e031ec26bd733a24b0dbf4e7cbc5ee3

SHA1
8091404389ade7e3736c98ff4db4ddd3ce11e0b0

SHA256
0a3c40cc222f5d789cfa43f967fdd76b86269f48de7de4acb43b2623e2fcab24

SHA512
d2120df2ad5bdfa8dbace5dc708cf831013037f5f944aec5fbcdb1a37a2ea1b2f63817740a18f14db3e0d2070d78983df42d175af578b78aaf5ce42f6c934c5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55153.exe

Filesize
468KB

MD5
be53d576333f2ba535776cd4b168e091

SHA1
b85e75ecb044cdda23535f78f8b9e3c6f4efcc7b

SHA256
7518fcac6a06eb6662becf241d4447b05754f82beaca005b7fbf1cd54746bdfb

SHA512
9fc0fa96cc4a52871ef384c02468b33335274257041c2cd0d3e05deac68c630fc5177af9d5d2c17b75b9f8e7aab0bd2db84278c7fd3276bb6f8532a6f0a5a4e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56707.exe

Filesize
468KB

MD5
67ca70d3309b8d356167166b34406bef

SHA1
78ab9ba828928b2b100764d7c2800c77af36c25a

SHA256
a8fc183aa76dc9558326d7217956ba2ab6d533b7e4b414fb5835178283400b24

SHA512
8335c44bc82c9fa5af7350d02938c90576f37d59266c1383416fd78f3715509cf9df5f3d0c7a96e073510fb56ad1887294ee9216e1b1707b1575b5b7974e8328

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61770.exe

Filesize
468KB

MD5
a787fb3c32403c54d18134f8f413843f

SHA1
b946a980849c8a3c71c49123a770cfc8f439d8ab

SHA256
28f2f981897df463b857e80d48be797d0abf46284c2d1d32bed701ede40d2b6c

SHA512
b7a55479a4910e1326179476a3621dc552b24d25c942c19044bedba382feb38a0d129ddce1e15242c27d839e3e5231c84407c16813970c5a21267830df8ed352

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63256.exe

Filesize
468KB

MD5
4e00403dd3ac21b67b606abcc852527d

SHA1
4e70a68966f06b4b530875f9aaf1b393311e94b6

SHA256
d3598d4f19b2cff0cbd8132506cefb2943e9a53f6a5bbc5c920d757114b613a4

SHA512
f0d5802e884b47e102e74310c4ec792ddd6bde7da17dfdee88e8f68472b0d17238b9a748a86d850ced83c6c9c25c3648fd8087c4edf5baae5b4bfb0323e30ceb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63882.exe

Filesize
468KB

MD5
c6a77acb6b03bd5859d763435b6c4f25

SHA1
2dc3ca3702ebed947d0676a08184c78006cbcf54

SHA256
1e53cb5d251d2e626614789ec6409b6e20ef29299059dfa57d4af7aa5c76ff1b

SHA512
3d508a42ff7f69d508fca3d27fb1feec34301300093ef8ce74cb4f8c06b3a9f975003af07de0808f76c4212a64c54a2ea5df320bce3e4f6328d7d98679807a6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7168.exe

Filesize
468KB

MD5
d1406b6b9962d3ecf0718302d37cf8c6

SHA1
288fbae9c481d949b688f7e09c5251bcb5ca85ab

SHA256
7f3d1b37a173a17a8713b4aa22184de4dd629ad95c75f076611fad57334281d5

SHA512
5bf3a023b62f318cfa204f7030fcec1cf401f2ea30b03b40d042ab47727542605007815961ef3807c999c7979a8f6718cd90db3c1ae006ec38a89a371a49d9ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7369.exe

Filesize
468KB

MD5
998a6d6dea8cd897858f158cc64ebe4a

SHA1
bb4bb71469a166e97222b60880857e2fdbc4b3e3

SHA256
491005a659c26208401c4124b1f82c4bb4f64b15d02a29a7d372d096b9876c6b

SHA512
601d2e578f2cd7fd210cab7876a52ab3e8f6218354916a8581ba0dbe3dc0b356a640ce9c9467cd16326e0084c4bb2f8661e0d5a1f8753d7ace493a7785e0b309

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8786.exe

Filesize
468KB

MD5
1edad4f1177b52e7623454c1a1fe3f44

SHA1
259d46213f86259a61ca3f3b7e0adf4696a3febd

SHA256
f5aeb85d784d21abf670e0f616d1246b7d870897ab8cbd0704d02bf69e6871f8

SHA512
13065eb0581664a1c4c7cdda9c5bd6d40263c7e68c71a3a0d079d2253dfcc9667bd76c66d6e457b02a3396c95271fb2bbd84cb2ee7a7487a43101417a8541384

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9968.exe

Filesize
468KB

MD5
da35d353b9291ca9ebbb25e70d6cea7e

SHA1
55869e1891c63b5eb7d43b1ad8e67ed3fe0b5713

SHA256
13bf7a853768c7f6a863e7263768f36e94acc16145b89d824f414c6702beb3ba

SHA512
b9752ea2e848d94d5db955afbb013c1198d64747160641c57bfda4a9f74d1e84fb0857f11ab80047d47179122e2a60220eff217ae7c2460d0bb8b1c301046721

Download Submit
memory/220-435-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/232-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/456-240-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/732-170-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/836-422-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/840-361-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/848-2751-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/848-171-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1064-321-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1168-39-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1216-359-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1412-360-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1424-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1452-421-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1668-433-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1764-395-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1768-2752-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1908-329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2044-211-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2068-115-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2100-131-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2112-401-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2160-152-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2180-230-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2208-358-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2212-478-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2228-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2248-323-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2308-107-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2464-245-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2476-88-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2580-322-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2612-437-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2716-65-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2740-256-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2756-92-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2920-337-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2968-333-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2980-163-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3016-330-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3020-261-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3076-313-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3112-97-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3124-434-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3460-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3492-229-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3500-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3608-380-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3696-66-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3720-89-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3852-186-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3912-365-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3924-400-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4036-181-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4064-191-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4068-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4136-46-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4304-363-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4312-124-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4432-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4440-251-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4448-423-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4484-420-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4492-231-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4520-187-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4576-320-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4580-331-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4640-172-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4656-436-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4664-48-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4720-220-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4808-90-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4812-315-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4856-336-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4980-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4992-199-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5016-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5072-319-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5128-483-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5184-485-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5204-486-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5232-493-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5256-520-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5264-519-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5288-521-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5296-522-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5304-523-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5312-524-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5320-525-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5328-530-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5336-531-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5344-532-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5364-542-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5368-543-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5548-544-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5560-545-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5660-546-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5680-553-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16968-2743-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads