c05550d0252a3e650cee40796b367d42e85932030626a2a92edf9643d4735066

Analysis

max time kernel
147s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 03:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c05550d0252a3e650cee40796b367d42e85932030626a2a92edf9643d4735066.exe
Size

468KB
MD5

3fc9e798ef82d6c4ba22ac6e9e5dfc4d
SHA1

260d0f7d4be6d4ac44029a741625afc5a2fceb85
SHA256

c05550d0252a3e650cee40796b367d42e85932030626a2a92edf9643d4735066
SHA512

d91bd11ac19af308c7f90c1873db1b08c4e18c43b393fe34a80175be309c2ebb8f48d65c283fac395402c6c597584df18a072a4eedf930b39201493153b6c815
SSDEEP

3072:f6Z0oNpdj05+4AYJP00jff8/EgYFtIpCImHexVpg5Aj3uGyekvlT:f6Koh8+4fPRjffv0/i5A7tyek

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
996	Unicorn-54917.exe
748	Unicorn-52530.exe
1296	Unicorn-48809.exe
2744	Unicorn-19189.exe
4560	Unicorn-51020.exe
5076	Unicorn-22562.exe
3240	Unicorn-32959.exe
3680	Unicorn-22661.exe
3144	Unicorn-52489.exe
3644	Unicorn-39106.exe
3316	Unicorn-17979.exe
3600	Unicorn-41794.exe
4436	Unicorn-34402.exe
4280	Unicorn-41410.exe
1568	Unicorn-8088.exe
232	Unicorn-35349.exe
696	Unicorn-49033.exe
4368	Unicorn-2977.exe
4644	Unicorn-13375.exe
4580	Unicorn-20741.exe
544	Unicorn-49884.exe
3800	Unicorn-26997.exe
3228	Unicorn-42876.exe
1816	Unicorn-27298.exe
1376	Unicorn-59093.exe
2740	Unicorn-6363.exe
5000	Unicorn-20287.exe
4880	Unicorn-60629.exe
1844	Unicorn-40763.exe
1228	Unicorn-20783.exe
4464	Unicorn-12004.exe
1444	Unicorn-56130.exe
4640	Unicorn-35003.exe
3300	Unicorn-22690.exe
808	Unicorn-64499.exe
5012	Unicorn-54978.exe
2124	Unicorn-21656.exe
624	Unicorn-21787.exe
2100	Unicorn-37416.exe
2120	Unicorn-56898.exe
4216	Unicorn-36779.exe
2068	Unicorn-52003.exe
516	Unicorn-51916.exe
368	Unicorn-40453.exe
2800	Unicorn-27515.exe
628	Unicorn-63068.exe
1064	Unicorn-17397.exe
1204	Unicorn-33157.exe
4432	Unicorn-34226.exe
768	Unicorn-51059.exe
1812	Unicorn-49301.exe
964	Unicorn-16245.exe
2620	Unicorn-64869.exe
2036	Unicorn-28667.exe
3312	Unicorn-32306.exe
3836	Unicorn-868.exe
1960	Unicorn-8466.exe
2192	Unicorn-19736.exe
1040	Unicorn-57189.exe
4532	Unicorn-24325.exe
3972	Unicorn-12907.exe
4424	Unicorn-26523.exe
2624	Unicorn-19234.exe
448	Unicorn-44117.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
8560	5744	WerFault.exe	210
18880	7812	WerFault.exe	829
18872	8028	WerFault.exe	826
18904	14652	WerFault.exe	906

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63568.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16091.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4228.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25439.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20053.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20597.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62252.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47840.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8077.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49033.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40453.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41250.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48585.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7105.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8466.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2200.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50053.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13883.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12907.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50297.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24059.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49705.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35570.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59936.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1147.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23922.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43459.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32306.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2472.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48480.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56197.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6363.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33800.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62444.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49833.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21224.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	18604	dwm.exe
Token: SeChangeNotifyPrivilege	18604	dwm.exe
Token: 33	18604	dwm.exe
Token: SeIncBasePriorityPrivilege	18604	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
224	c05550d0252a3e650cee40796b367d42e85932030626a2a92edf9643d4735066.exe
996	Unicorn-54917.exe
748	Unicorn-52530.exe
1296	Unicorn-48809.exe
2744	Unicorn-19189.exe
4560	Unicorn-51020.exe
5076	Unicorn-22562.exe
3240	Unicorn-32959.exe
3680	Unicorn-22661.exe
3144	Unicorn-52489.exe
3644	Unicorn-39106.exe
3600	Unicorn-41794.exe
4436	Unicorn-34402.exe
3316	Unicorn-17979.exe
1568	Unicorn-8088.exe
4280	Unicorn-41410.exe
232	Unicorn-35349.exe
696	Unicorn-49033.exe
4644	Unicorn-13375.exe
4368	Unicorn-2977.exe
4580	Unicorn-20741.exe
544	Unicorn-49884.exe
3800	Unicorn-26997.exe
3228	Unicorn-42876.exe
5000	Unicorn-20287.exe
4880	Unicorn-60629.exe
1816	Unicorn-27298.exe
1376	Unicorn-59093.exe
2740	Unicorn-6363.exe
1228	Unicorn-20783.exe
4464	Unicorn-12004.exe
1844	Unicorn-40763.exe
1444	Unicorn-56130.exe
4640	Unicorn-35003.exe
3300	Unicorn-22690.exe
808	Unicorn-64499.exe
624	Unicorn-21787.exe
5012	Unicorn-54978.exe
2124	Unicorn-21656.exe
2100	Unicorn-37416.exe
4216	Unicorn-36779.exe
2120	Unicorn-56898.exe
2068	Unicorn-52003.exe
516	Unicorn-51916.exe
368	Unicorn-40453.exe
628	Unicorn-63068.exe
1064	Unicorn-17397.exe
768	Unicorn-51059.exe
964	Unicorn-16245.exe
2620	Unicorn-64869.exe
2036	Unicorn-28667.exe
3312	Unicorn-32306.exe
4432	Unicorn-34226.exe
1812	Unicorn-49301.exe
1040	Unicorn-57189.exe
2800	Unicorn-27515.exe
2192	Unicorn-19736.exe
1204	Unicorn-33157.exe
448	Unicorn-44117.exe
4220	Unicorn-46914.exe
4348	Unicorn-37983.exe
3728	Unicorn-38859.exe
3552	Unicorn-53468.exe
1300	Unicorn-26546.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 224 wrote to memory of 996	224	c05550d0252a3e650cee40796b367d42e85932030626a2a92edf9643d4735066.exe	87
PID 224 wrote to memory of 996	224	c05550d0252a3e650cee40796b367d42e85932030626a2a92edf9643d4735066.exe	87
PID 224 wrote to memory of 996	224	c05550d0252a3e650cee40796b367d42e85932030626a2a92edf9643d4735066.exe	87
PID 996 wrote to memory of 748	996	Unicorn-54917.exe	92
PID 996 wrote to memory of 748	996	Unicorn-54917.exe	92
PID 996 wrote to memory of 748	996	Unicorn-54917.exe	92
PID 224 wrote to memory of 1296	224	c05550d0252a3e650cee40796b367d42e85932030626a2a92edf9643d4735066.exe	93
PID 224 wrote to memory of 1296	224	c05550d0252a3e650cee40796b367d42e85932030626a2a92edf9643d4735066.exe	93
PID 224 wrote to memory of 1296	224	c05550d0252a3e650cee40796b367d42e85932030626a2a92edf9643d4735066.exe	93
PID 748 wrote to memory of 2744	748	Unicorn-52530.exe	95
PID 748 wrote to memory of 2744	748	Unicorn-52530.exe	95
PID 748 wrote to memory of 2744	748	Unicorn-52530.exe	95
PID 996 wrote to memory of 4560	996	Unicorn-54917.exe	96
PID 996 wrote to memory of 4560	996	Unicorn-54917.exe	96
PID 996 wrote to memory of 4560	996	Unicorn-54917.exe	96
PID 1296 wrote to memory of 5076	1296	Unicorn-48809.exe	97
PID 1296 wrote to memory of 5076	1296	Unicorn-48809.exe	97
PID 1296 wrote to memory of 5076	1296	Unicorn-48809.exe	97
PID 224 wrote to memory of 3240	224	c05550d0252a3e650cee40796b367d42e85932030626a2a92edf9643d4735066.exe	98
PID 224 wrote to memory of 3240	224	c05550d0252a3e650cee40796b367d42e85932030626a2a92edf9643d4735066.exe	98
PID 224 wrote to memory of 3240	224	c05550d0252a3e650cee40796b367d42e85932030626a2a92edf9643d4735066.exe	98
PID 2744 wrote to memory of 3680	2744	Unicorn-19189.exe	101
PID 2744 wrote to memory of 3680	2744	Unicorn-19189.exe	101
PID 2744 wrote to memory of 3680	2744	Unicorn-19189.exe	101
PID 748 wrote to memory of 3144	748	Unicorn-52530.exe	102
PID 748 wrote to memory of 3144	748	Unicorn-52530.exe	102
PID 748 wrote to memory of 3144	748	Unicorn-52530.exe	102
PID 5076 wrote to memory of 3644	5076	Unicorn-22562.exe	103
PID 5076 wrote to memory of 3644	5076	Unicorn-22562.exe	103
PID 5076 wrote to memory of 3644	5076	Unicorn-22562.exe	103
PID 1296 wrote to memory of 3316	1296	Unicorn-48809.exe	104
PID 1296 wrote to memory of 3316	1296	Unicorn-48809.exe	104
PID 1296 wrote to memory of 3316	1296	Unicorn-48809.exe	104
PID 4560 wrote to memory of 3600	4560	Unicorn-51020.exe	105
PID 4560 wrote to memory of 3600	4560	Unicorn-51020.exe	105
PID 4560 wrote to memory of 3600	4560	Unicorn-51020.exe	105
PID 996 wrote to memory of 4436	996	Unicorn-54917.exe	106
PID 996 wrote to memory of 4436	996	Unicorn-54917.exe	106
PID 996 wrote to memory of 4436	996	Unicorn-54917.exe	106
PID 3240 wrote to memory of 4280	3240	Unicorn-32959.exe	107
PID 3240 wrote to memory of 4280	3240	Unicorn-32959.exe	107
PID 3240 wrote to memory of 4280	3240	Unicorn-32959.exe	107
PID 224 wrote to memory of 1568	224	c05550d0252a3e650cee40796b367d42e85932030626a2a92edf9643d4735066.exe	108
PID 224 wrote to memory of 1568	224	c05550d0252a3e650cee40796b367d42e85932030626a2a92edf9643d4735066.exe	108
PID 224 wrote to memory of 1568	224	c05550d0252a3e650cee40796b367d42e85932030626a2a92edf9643d4735066.exe	108
PID 3680 wrote to memory of 232	3680	Unicorn-22661.exe	109
PID 3680 wrote to memory of 232	3680	Unicorn-22661.exe	109
PID 3680 wrote to memory of 232	3680	Unicorn-22661.exe	109
PID 2744 wrote to memory of 696	2744	Unicorn-19189.exe	110
PID 2744 wrote to memory of 696	2744	Unicorn-19189.exe	110
PID 2744 wrote to memory of 696	2744	Unicorn-19189.exe	110
PID 3144 wrote to memory of 4368	3144	Unicorn-52489.exe	111
PID 3144 wrote to memory of 4368	3144	Unicorn-52489.exe	111
PID 3144 wrote to memory of 4368	3144	Unicorn-52489.exe	111
PID 748 wrote to memory of 4644	748	Unicorn-52530.exe	112
PID 748 wrote to memory of 4644	748	Unicorn-52530.exe	112
PID 748 wrote to memory of 4644	748	Unicorn-52530.exe	112
PID 3644 wrote to memory of 4580	3644	Unicorn-39106.exe	113
PID 3644 wrote to memory of 4580	3644	Unicorn-39106.exe	113
PID 3644 wrote to memory of 4580	3644	Unicorn-39106.exe	113
PID 5076 wrote to memory of 544	5076	Unicorn-22562.exe	114
PID 5076 wrote to memory of 544	5076	Unicorn-22562.exe	114
PID 5076 wrote to memory of 544	5076	Unicorn-22562.exe	114
PID 4436 wrote to memory of 3800	4436	Unicorn-34402.exe	115

C:\Users\Admin\AppData\Local\Temp\c05550d0252a3e650cee40796b367d42e85932030626a2a92edf9643d4735066.exe
"C:\Users\Admin\AppData\Local\Temp\c05550d0252a3e650cee40796b367d42e85932030626a2a92edf9643d4735066.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54917.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54917.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52530.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52530.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22661.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35349.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56130.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57189.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14641.exe
        9⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10170.exe
        10⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34104.exe
        10⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5883.exe
        9⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24901.exe
        10⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
        10⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        9⤵
        
        PID:12372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17352.exe
        9⤵
        
        PID:15492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        8⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
        8⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
        8⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        8⤵
        
        PID:14596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38859.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65285.exe
        8⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32357.exe
        9⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46592.exe
        9⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58924.exe
        9⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32491.exe
        8⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        8⤵
        
        PID:12472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17352.exe
        8⤵
        
        PID:15524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
        7⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49698.exe
        8⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46338.exe
        9⤵
        
        PID:11548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
        8⤵
        
        PID:12744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16283.exe
        8⤵
        
        PID:15592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51602.exe
        7⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1153.exe
        8⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
        7⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35003.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58725.exe
        7⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17621.exe
        8⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        9⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46245.exe
        10⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60528.exe
        9⤵
        
        PID:720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62763.exe
        9⤵
        
        PID:16992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17995.exe
        8⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20306.exe
        8⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        8⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65321.exe
        7⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56197.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58332.exe
        8⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20879.exe
        8⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42387.exe
        7⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
        7⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1384.exe
        7⤵
        
        PID:15488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6959.exe
        6⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26581.exe
        7⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61586.exe
        8⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17010.exe
        9⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29067.exe
        9⤵
        
        PID:12384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47555.exe
        9⤵
        
        PID:13900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42329.exe
        9⤵
        
        PID:15016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44530.exe
        10⤵
        
        PID:15776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8402.exe
        9⤵
        
        PID:15852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30859.exe
        8⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44073.exe
        7⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10623.exe
        7⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32812.exe
        7⤵
        
        PID:16216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
        6⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
        6⤵
        
        PID:8916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21464.exe
        6⤵
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24676.exe
        6⤵
        
        PID:15992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22690.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24325.exe
        7⤵
        Executes dropped EXE
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26005.exe
        8⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11825.exe
        9⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-411.exe
        9⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4539.exe
        9⤵
        
        PID:14768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32987.exe
        8⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        8⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44809.exe
        8⤵
        
        PID:14524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42760.exe
        7⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57808.exe
        7⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52690.exe
        8⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65017.exe
        8⤵
        
        PID:15332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
        7⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24146.exe
        7⤵
        
        PID:16228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53468.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7428.exe
        7⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41314.exe
        8⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49705.exe
        7⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        7⤵
        
        PID:12428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17352.exe
        7⤵
        
        PID:15584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43395.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15922.exe
        7⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        7⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17768.exe
        7⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4705.exe
        7⤵
        
        PID:17276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2200.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44005.exe
        7⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44812.exe
        7⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        7⤵
        
        PID:14532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60835.exe
        6⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35858.exe
        7⤵
        
        PID:15144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44696.exe
        6⤵
        
        PID:10944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20529.exe
        6⤵
        
        PID:14492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64499.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26546.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25877.exe
        7⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4612.exe
        8⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        9⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        9⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36967.exe
        10⤵
        
        PID:16196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
        8⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20879.exe
        8⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49705.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        7⤵
        
        PID:12448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17352.exe
        7⤵
        
        PID:15516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63401.exe
        6⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32834.exe
        7⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 724
        7⤵
        Program crash
        
        PID:8560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61872.exe
        6⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
        7⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7528.exe
        7⤵
        
        PID:14540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4216.exe
        6⤵
        
        PID:9788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54128.exe
        6⤵
        
        PID:11468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58540.exe
        6⤵
        
        PID:15184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
        5⤵
        
        PID:32
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64162.exe
        6⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47109.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60889.exe
        7⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
        7⤵
        
        PID:16020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        6⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-856.exe
        6⤵
        
        PID:13236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25823.exe
        5⤵
        
        PID:5548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49397.exe
        6⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6753.exe
        7⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13211.exe
        7⤵
        
        PID:16028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
        6⤵
        
        PID:12732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7176.exe
        6⤵
        
        PID:16360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44232.exe
        5⤵
        
        PID:8424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29442.exe
        6⤵
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-356.exe
        5⤵
        
        PID:12068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14650.exe
        5⤵
        
        PID:7936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52489.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2977.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21787.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44885.exe
        7⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47509.exe
        8⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44674.exe
        9⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28253.exe
        9⤵
        
        PID:15664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59235.exe
        8⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44444.exe
        8⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30306.exe
        8⤵
        
        PID:16372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14888.exe
        7⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30114.exe
        8⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3327.exe
        8⤵
        
        PID:12704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16283.exe
        8⤵
        
        PID:15448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47440.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56546.exe
        8⤵
        
        PID:12412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32587.exe
        8⤵
        
        PID:15952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4696.exe
        7⤵
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58377.exe
        6⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36674.exe
        7⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55493.exe
        8⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33400.exe
        8⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50153.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46304.exe
        7⤵
        
        PID:13396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
        7⤵
        
        PID:17056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
        6⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61938.exe
        7⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
        8⤵
        
        PID:15864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17384.exe
        7⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        7⤵
        
        PID:17024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10050.exe
        6⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        7⤵
        
        PID:13916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42093.exe
        7⤵
        
        PID:17300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
        6⤵
        
        PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37416.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13473.exe
        6⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50594.exe
        7⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20053.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40562.exe
        9⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56537.exe
        9⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28411.exe
        8⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16315.exe
        8⤵
        
        PID:13824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57276.exe
        7⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29765.exe
        8⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65280.exe
        8⤵
        
        PID:14792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63888.exe
        7⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62793.exe
        7⤵
        
        PID:11516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39237.exe
        8⤵
        
        PID:16180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10415.exe
        7⤵
        
        PID:15316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65321.exe
        6⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20549.exe
        7⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
        7⤵
        
        PID:14920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47744.exe
        6⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61724.exe
        6⤵
        
        PID:11440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3871.exe
        6⤵
        
        PID:15172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38755.exe
        5⤵
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49746.exe
        6⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61186.exe
        7⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17224.exe
        7⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        6⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36242.exe
        7⤵
        
        PID:15032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-856.exe
        6⤵
        
        PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51017.exe
        5⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44640.exe
        5⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17922.exe
        6⤵
        
        PID:12968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        6⤵
        
        PID:16128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45032.exe
        5⤵
        
        PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13375.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54978.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20101.exe
        6⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
        7⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31317.exe
        8⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14561.exe
        9⤵
        
        PID:12344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30802.exe
        9⤵
        
        PID:15624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32968.exe
        8⤵
        
        PID:13868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
        8⤵
        
        PID:17340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45504.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9617.exe
        8⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12897.exe
        8⤵
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62252.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65280.exe
        8⤵
        
        PID:14776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51036.exe
        8⤵
        
        PID:18588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42307.exe
        7⤵
        
        PID:11688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13613.exe
        7⤵
        
        PID:15756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42827.exe
        6⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9425.exe
        7⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
        7⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11855.exe
        6⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42642.exe
        7⤵
        
        PID:13584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
        7⤵
        
        PID:16928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65379.exe
        6⤵
        
        PID:12684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56620.exe
        6⤵
        
        PID:16080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36583.exe
        7⤵
        
        PID:16248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49929.exe
        5⤵
        
        PID:992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46658.exe
        6⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22485.exe
        7⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32146.exe
        8⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28344.exe
        8⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48617.exe
        7⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60453.exe
        7⤵
        
        PID:9552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58400.exe
        6⤵
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17352.exe
        6⤵
        
        PID:15480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27170.exe
        5⤵
        
        PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53305.exe
        5⤵
        
        PID:8232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30322.exe
        6⤵
        
        PID:12656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        6⤵
        
        PID:16112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
        5⤵
        
        PID:12964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21656.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44117.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        6⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51205.exe
        7⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        8⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13211.exe
        8⤵
        
        PID:15568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-411.exe
        7⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42242.exe
        8⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22728.exe
        7⤵
        
        PID:12644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
        6⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27189.exe
        7⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
        7⤵
        
        PID:14948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64032.exe
        6⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61411.exe
        6⤵
        
        PID:14748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
        5⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6788.exe
        6⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        6⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58691.exe
        6⤵
        
        PID:13240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9997.exe
        6⤵
        
        PID:16972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40835.exe
        5⤵
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13153.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
        6⤵
        
        PID:14904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20168.exe
        5⤵
        
        PID:9964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24095.exe
        5⤵
        
        PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16946.exe
        5⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20309.exe
        6⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17995.exe
        6⤵
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20306.exe
        6⤵
        
        PID:11924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41628.exe
        6⤵
        
        PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33800.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60674.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        7⤵
        
        PID:14384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
        6⤵
        
        PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31730.exe
        5⤵
        
        PID:7920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57225.exe
        5⤵
        
        PID:11832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34882.exe
        5⤵
        
        PID:14500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24059.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65314.exe
        5⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33653.exe
        6⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        7⤵
        
        PID:12952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        7⤵
        
        PID:15716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24843.exe
        6⤵
        
        PID:11592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
        5⤵
        
        PID:8220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21189.exe
        6⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47840.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9524.exe
      4⤵
      PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61634.exe
        5⤵
        
        PID:8844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19768.exe
        5⤵
        
        PID:12452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11487.exe
        5⤵
        
        PID:15560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23943.exe
      4⤵
      PID:9796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41970.exe
        5⤵
        
        PID:9516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
        5⤵
        
        PID:11308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23122.exe
        5⤵
        
        PID:12596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52284.exe
        5⤵
        
        PID:8028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8028 -s 72
        6⤵
        Program crash
        
        PID:18872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49440.exe
        5⤵
        
        PID:15788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57632.exe
      4⤵
      PID:9664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50507.exe
      4⤵
      PID:6848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27298.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34226.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18098.exe
        7⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29346.exe
        8⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32523.exe
        8⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32167.exe
        9⤵
        
        PID:15888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41736.exe
        7⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        7⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61411.exe
        7⤵
        
        PID:14740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18891.exe
        6⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        7⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10964.exe
        8⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
        9⤵
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
        8⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        8⤵
        
        PID:17040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2635.exe
        7⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46259.exe
        7⤵
        
        PID:11876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18530.exe
        6⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
        7⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22235.exe
        6⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39010.exe
        7⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43459.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12907.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42133.exe
        6⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19045.exe
        7⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54779.exe
        8⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34981.exe
        9⤵
        
        PID:15060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25960.exe
        8⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6466.exe
        8⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        8⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62864.exe
        8⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
        8⤵
        
        PID:18788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
        7⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13087.exe
        7⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46060.exe
        6⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38579.exe
        6⤵
        
        PID:11952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        6⤵
        
        PID:16168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38307.exe
        5⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16050.exe
        6⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-411.exe
        6⤵
        
        PID:10672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
        6⤵
        
        PID:9132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17227.exe
        5⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3857.exe
        6⤵
        
        PID:11644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22027.exe
        6⤵
        
        PID:13556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35778.exe
        5⤵
        
        PID:11676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7611.exe
        5⤵
        
        PID:16012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6363.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32306.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65186.exe
        6⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11153.exe
        7⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31154.exe
        7⤵
        
        PID:14836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49705.exe
        6⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35074.exe
        7⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1848.exe
        7⤵
        
        PID:14652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14652 -s 72
        8⤵
        Program crash
        
        PID:18904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50297.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34031.exe
        6⤵
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18891.exe
        5⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3249.exe
        6⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50037.exe
        7⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50876.exe
        7⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30818.exe
        8⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        8⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57360.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21464.exe
        7⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13215.exe
        7⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17384.exe
        7⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8148.exe
        7⤵
        
        PID:15428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        7⤵
        
        PID:12036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30472.exe
        6⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55189.exe
        7⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3327.exe
        7⤵
        
        PID:12712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60807.exe
        8⤵
        
        PID:16844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16283.exe
        7⤵
        
        PID:15636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63504.exe
        6⤵
        
        PID:9908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61724.exe
        6⤵
        
        PID:14056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27010.exe
        7⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14989.exe
        7⤵
        
        PID:16264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24146.exe
        6⤵
        
        PID:16740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38505.exe
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        6⤵
        
        PID:10492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20719.exe
        6⤵
        
        PID:15444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20168.exe
        5⤵
        
        PID:9948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34415.exe
        5⤵
        
        PID:6888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43555.exe
      4⤵
      PID:928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41557.exe
        5⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32373.exe
        6⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-411.exe
        6⤵
        
        PID:10688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55664.exe
        6⤵
        
        PID:14604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe
        5⤵
        
        PID:7352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54348.exe
        6⤵
        
        PID:15404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        5⤵
        
        PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53820.exe
        5⤵
        
        PID:6720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
      4⤵
      PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22821.exe
        5⤵
        
        PID:10172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50130.exe
        6⤵
        
        PID:13324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33400.exe
        5⤵
        
        PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31451.exe
      4⤵
      PID:8792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36802.exe
      4⤵
      PID:10536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
      4⤵
      PID:16156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34402.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34402.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40453.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47973.exe
        6⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35189.exe
        7⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33035.exe
        7⤵
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49705.exe
        6⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40834.exe
        7⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61694.exe
        7⤵
        
        PID:18552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        6⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17352.exe
        6⤵
        
        PID:15460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18891.exe
        5⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13233.exe
        6⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30610.exe
        7⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17384.exe
        7⤵
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11400.exe
        6⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38579.exe
        6⤵
        
        PID:11996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        6⤵
        
        PID:16380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
        5⤵
        
        PID:1348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10065.exe
        6⤵
        
        PID:9812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23480.exe
        6⤵
        
        PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
        5⤵
        
        PID:12564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7611.exe
        5⤵
        
        PID:15980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27515.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23106.exe
        5⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15444.exe
        6⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49769.exe
        6⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15970.exe
        7⤵
        
        PID:11508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25976.exe
        7⤵
        
        PID:9756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48480.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        6⤵
        
        PID:16300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61132.exe
        5⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
        6⤵
        
        PID:10376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32683.exe
        6⤵
        
        PID:7636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        5⤵
        
        PID:12420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17352.exe
        5⤵
        
        PID:15500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48387.exe
      4⤵
      PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40402.exe
        5⤵
        
        PID:12584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62220.exe
        5⤵
        
        PID:16092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3768.exe
      4⤵
      PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11346.exe
      4⤵
      PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35451.exe
      4⤵
      PID:14468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42876.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42876.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-868.exe
      4⤵
      Executes dropped EXE
      PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
        5⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17509.exe
        6⤵
        
        PID:8324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35640.exe
        6⤵
        
        PID:12592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4516.exe
        6⤵
        
        PID:16936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28680.exe
        5⤵
        
        PID:7328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26677.exe
        6⤵
        
        PID:9604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39323.exe
        6⤵
        
        PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6530.exe
        5⤵
        
        PID:10568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        5⤵
        
        PID:8516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
      4⤵
      PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56197.exe
        5⤵
        
        PID:7100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-267.exe
        5⤵
        
        PID:9680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58691.exe
        5⤵
        
        PID:5164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
      4⤵
      PID:6156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
        5⤵
        
        PID:6976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
      4⤵
      PID:11108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44875.exe
      4⤵
      PID:14688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8466.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8466.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38501.exe
      4⤵
      PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30962.exe
        5⤵
        
        PID:11420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3569.exe
        6⤵
        
        PID:15052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25016.exe
        5⤵
        
        PID:14508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
      4⤵
      PID:9764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36441.exe
      4⤵
      PID:7812
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 72
        5⤵
        Program crash
        
        PID:18880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53004.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53004.exe
    3⤵
    PID:6544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22085.exe
      4⤵
      PID:11096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26585.exe
      4⤵
      PID:15720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55538.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55538.exe
    3⤵
    PID:8932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14778.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14778.exe
    3⤵
    PID:11620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63348.exe
    3⤵
    PID:16104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48809.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48809.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22562.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39106.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20741.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2420.exe
        7⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48501.exe
        8⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
        9⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45641.exe
        9⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-568.exe
        8⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56245.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13211.exe
        9⤵
        
        PID:15552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46304.exe
        8⤵
        
        PID:13412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41136.exe
        7⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7185.exe
        8⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39323.exe
        8⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53225.exe
        7⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53059.exe
        7⤵
        
        PID:11416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15653.exe
        8⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27768.exe
        7⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13883.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16962.exe
        7⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32357.exe
        8⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51109.exe
        9⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65280.exe
        9⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19784.exe
        8⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55859.exe
        8⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19272.exe
        8⤵
        
        PID:15216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
        7⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37746.exe
        8⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41826.exe
        9⤵
        
        PID:15136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
        8⤵
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        7⤵
        
        PID:12392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
        7⤵
        
        PID:15604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58387.exe
        6⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7105.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26437.exe
        8⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2817.exe
        9⤵
        
        PID:15356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40008.exe
        8⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16027.exe
        7⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43040.exe
        7⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62379.exe
        7⤵
        
        PID:18356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48252.exe
        6⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55154.exe
        7⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7883.exe
        6⤵
        
        PID:11584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43810.exe
        6⤵
        
        PID:15348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51916.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63769.exe
        6⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1236.exe
        7⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51157.exe
        8⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34104.exe
        8⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50153.exe
        7⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55859.exe
        7⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2936.exe
        7⤵
        
        PID:15244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55472.exe
        6⤵
        
        PID:7388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
        6⤵
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44875.exe
        6⤵
        
        PID:14716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29538.exe
        5⤵
        
        PID:864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13601.exe
        6⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30610.exe
        7⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33720.exe
        7⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        7⤵
        
        PID:17064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59235.exe
        6⤵
        
        PID:8256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14952.exe
        6⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64048.exe
        6⤵
        
        PID:15704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33036.exe
        5⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11348.exe
        6⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9412.exe
        7⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1624.exe
        6⤵
        
        PID:13268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60768.exe
        5⤵
        
        PID:8404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48827.exe
        5⤵
        
        PID:12052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49653.exe
        5⤵
        
        PID:15160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49884.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36779.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46914.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        7⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
        8⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65090.exe
        9⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24843.exe
        9⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17499.exe
        8⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35603.exe
        8⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63241.exe
        8⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26271.exe
        8⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8627.exe
        9⤵
        
        PID:15740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42728.exe
        8⤵
        
        PID:13444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63477.exe
        8⤵
        
        PID:14984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21178.exe
        8⤵
        
        PID:18800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
        7⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39586.exe
        8⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48949.exe
        9⤵
        
        PID:12896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53113.exe
        9⤵
        
        PID:16340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62736.exe
        8⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
        9⤵
        
        PID:13944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20488.exe
        8⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8767.exe
        7⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12340.exe
        8⤵
        
        PID:12728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63289.exe
        8⤵
        
        PID:16324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
        7⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45155.exe
        7⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
        6⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63138.exe
        7⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62850.exe
        8⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3649.exe
        8⤵
        
        PID:15672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-411.exe
        7⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23719.exe
        8⤵
        
        PID:14400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60626.exe
        7⤵
        
        PID:16276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15394.exe
        6⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58898.exe
        7⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35288.exe
        7⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56348.exe
        6⤵
        
        PID:11776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34031.exe
        6⤵
        
        PID:7644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13883.exe
        5⤵
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
        6⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54178.exe
        7⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10436.exe
        8⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
        8⤵
        
        PID:16944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58691.exe
        7⤵
        
        PID:12872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe
        6⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4004.exe
        7⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
        7⤵
        
        PID:14516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14303.exe
        6⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18741.exe
        7⤵
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3060.exe
        8⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38939.exe
        7⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56348.exe
        6⤵
        
        PID:11784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30546.exe
        6⤵
        
        PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46000.exe
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63925.exe
        6⤵
        
        PID:12296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
        6⤵
        
        PID:16888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21259.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16018.exe
        6⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        7⤵
        
        PID:12088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15131.exe
        7⤵
        
        PID:15288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25336.exe
        6⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44050.exe
        7⤵
        
        PID:12776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44204.exe
        7⤵
        
        PID:14124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exe
        7⤵
        
        PID:14944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18555.exe
        7⤵
        
        PID:11092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37536.exe
        6⤵
        
        PID:12860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17210.exe
        6⤵
        
        PID:16320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25343.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59289.exe
        5⤵
        
        PID:6608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52003.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18949.exe
        5⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22485.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60101.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17384.exe
        7⤵
        
        PID:13172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        7⤵
        
        PID:17016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59164.exe
        6⤵
        
        PID:12608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33106.exe
        6⤵
        
        PID:16768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34411.exe
        5⤵
        
        PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
        5⤵
        
        PID:10404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22769.exe
        5⤵
        
        PID:15820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11771.exe
      4⤵
      PID:868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15637.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
        6⤵
        
        PID:13156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65067.exe
        6⤵
        
        PID:15976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-568.exe
        5⤵
        
        PID:9996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58691.exe
        5⤵
        
        PID:13264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13370.exe
        5⤵
        
        PID:18344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
      4⤵
      PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22053.exe
        5⤵
        
        PID:9976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32568.exe
        5⤵
        
        PID:13372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16504.exe
      4⤵
      PID:10232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
      4⤵
      PID:14548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17979.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17979.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59093.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16245.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe
        6⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29387.exe
        6⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48441.exe
        7⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53715.exe
        7⤵
        
        PID:14556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42147.exe
        6⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12033.exe
        7⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4696.exe
        6⤵
        
        PID:1440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29659.exe
        5⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12081.exe
        6⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4228.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-411.exe
        7⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39712.exe
        7⤵
        
        PID:7268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60668.exe
        6⤵
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38579.exe
        6⤵
        
        PID:12024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        6⤵
        
        PID:14584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44313.exe
        5⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20834.exe
        5⤵
        
        PID:10776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28619.exe
        5⤵
        
        PID:7360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63068.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12420.exe
        5⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        6⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58882.exe
        7⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40008.exe
        7⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44073.exe
        6⤵
        
        PID:8984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41952.exe
        6⤵
        
        PID:12324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
        6⤵
        
        PID:15656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14504.exe
        5⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        6⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33746.exe
        7⤵
        
        PID:15104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34697.exe
        6⤵
        
        PID:13816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63568.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57500.exe
        5⤵
        
        PID:12004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10415.exe
        5⤵
        
        PID:15308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5906.exe
      4⤵
      PID:4664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20597.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34104.exe
        5⤵
        
        PID:13528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5003.exe
      4⤵
      PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23922.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42635.exe
        5⤵
        
        PID:12340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11487.exe
        5⤵
        
        PID:15544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59936.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
      4⤵
      PID:14676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20783.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33157.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
        5⤵
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40981.exe
        6⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-657.exe
        7⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31154.exe
        7⤵
        
        PID:14820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28411.exe
        6⤵
        
        PID:8788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64368.exe
        6⤵
        
        PID:12332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62444.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22882.exe
        6⤵
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25208.exe
        6⤵
        
        PID:14700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42147.exe
        5⤵
        
        PID:8808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35570.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7144.exe
        6⤵
        
        PID:7860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21224.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8239.exe
      4⤵
      PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18210.exe
        5⤵
        
        PID:9080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17384.exe
        5⤵
        
        PID:632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        5⤵
        
        PID:17032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3896.exe
      4⤵
      PID:8444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18130.exe
        5⤵
        
        PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39323.exe
        5⤵
        
        PID:8072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43024.exe
      4⤵
      PID:10168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
      4⤵
      PID:14624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19736.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19736.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25109.exe
      4⤵
      PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13633.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
        6⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27759.exe
        5⤵
        
        PID:9784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18952.exe
        5⤵
        
        PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21640.exe
      4⤵
      PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe
        5⤵
        
        PID:9628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39323.exe
        5⤵
        
        PID:8756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
      4⤵
      PID:10592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61145.exe
      4⤵
      PID:14444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40595.exe
    3⤵
    PID:5784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58101.exe
      4⤵
      PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39029.exe
        5⤵
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35682.exe
        6⤵
        
        PID:15280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        5⤵
        
        PID:14588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25240.exe
      4⤵
      PID:8880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        5⤵
        
        PID:5268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41952.exe
      4⤵
      PID:12312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32812.exe
      4⤵
      PID:16728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21499.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21499.exe
    3⤵
    PID:7144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30610.exe
      4⤵
      PID:9540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
      4⤵
      PID:16120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12033.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12033.exe
    3⤵
    PID:9872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22503.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22503.exe
    3⤵
    PID:13384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40917.exe
    3⤵
    PID:16964
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32959.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32959.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41410.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41410.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60629.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64869.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38741.exe
        6⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59253.exe
        7⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25445.exe
        8⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41250.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23042.exe
        10⤵
        
        PID:13980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51033.exe
        9⤵
        
        PID:13800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
        9⤵
        
        PID:17312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16091.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22882.exe
        9⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56537.exe
        9⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51635.exe
        8⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14520.exe
        9⤵
        
        PID:14160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4516.exe
        9⤵
        
        PID:16912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        8⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39019.exe
        7⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39698.exe
        8⤵
        
        PID:14708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        7⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17352.exe
        7⤵
        
        PID:15508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8827.exe
        6⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55621.exe
        7⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57808.exe
        6⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34818.exe
        7⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65401.exe
        7⤵
        
        PID:15208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48585.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24146.exe
        6⤵
        
        PID:16720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9083.exe
        5⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37909.exe
        6⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52741.exe
        7⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-411.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58386.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25359.exe
        7⤵
        
        PID:13284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9997.exe
        7⤵
        
        PID:17048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
        6⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53705.exe
        6⤵
        
        PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
        5⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59682.exe
        6⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60807.exe
        7⤵
        
        PID:16852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-411.exe
        6⤵
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38067.exe
        6⤵
        
        PID:14460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28857.exe
        5⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47093.exe
        6⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24821.exe
        7⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31397.exe
        8⤵
        
        PID:14108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45852.exe
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49024.exe
        7⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8328.exe
        6⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51253.exe
        7⤵
        
        PID:13068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        7⤵
        
        PID:15964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9410.exe
        6⤵
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20712.exe
        6⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        6⤵
        
        PID:13500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32872.exe
        6⤵
        
        PID:15044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10420.exe
        6⤵
        
        PID:18736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53923.exe
        5⤵
        
        PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55145.exe
        5⤵
        
        PID:10680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45685.exe
        5⤵
        
        PID:5860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28667.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31061.exe
        5⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14769.exe
        6⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19813.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6929.exe
        8⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57719.exe
        9⤵
        
        PID:14632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31154.exe
        8⤵
        
        PID:14812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
        7⤵
        
        PID:11916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62133.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
        8⤵
        
        PID:16900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52563.exe
        7⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
        6⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43634.exe
        7⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60626.exe
        7⤵
        
        PID:16284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51635.exe
        6⤵
        
        PID:12092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26745.exe
        6⤵
        
        PID:15072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13435.exe
        5⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30882.exe
        6⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52690.exe
        7⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
        7⤵
        
        PID:17012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61273.exe
        6⤵
        
        PID:12396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
        6⤵
        
        PID:15648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30821.exe
        5⤵
        
        PID:10388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52284.exe
        5⤵
        
        PID:6804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11967.exe
      4⤵
      PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50053.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18978.exe
        6⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38866.exe
        7⤵
        
        PID:12508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        7⤵
        
        PID:16088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
        6⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44782.exe
        6⤵
        
        PID:17284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-568.exe
        5⤵
        
        PID:9988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58691.exe
        5⤵
        
        PID:12680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61337.exe
      4⤵
      PID:7380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59538.exe
        5⤵
        
        PID:13248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64544.exe
        5⤵
        
        PID:15988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
      4⤵
      PID:11604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50021.exe
      4⤵
      PID:8032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19234.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50594.exe
        5⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62837.exe
        6⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15028.exe
        7⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13211.exe
        7⤵
        
        PID:16148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-411.exe
        6⤵
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20276.exe
        6⤵
        
        PID:10432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1659.exe
        5⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48258.exe
        6⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2500.exe
        7⤵
        
        PID:15120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36322.exe
        6⤵
        
        PID:15712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24169.exe
        5⤵
        
        PID:656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30306.exe
        5⤵
        
        PID:16312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2472.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51052.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48887.exe
        5⤵
        
        PID:15860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43971.exe
      4⤵
      PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25346.exe
        5⤵
        
        PID:13516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38472.exe
        5⤵
        
        PID:14888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        5⤵
        
        PID:18848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
      4⤵
      PID:6704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51059.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51059.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4340.exe
      4⤵
      PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3332.exe
        5⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64005.exe
        6⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62722.exe
        7⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57689.exe
        7⤵
        
        PID:14452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41611.exe
        6⤵
        
        PID:10600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
        5⤵
        
        PID:8396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
        5⤵
        
        PID:12040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36050.exe
        6⤵
        
        PID:15128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
        5⤵
        
        PID:15080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38920.exe
      4⤵
      PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6548.exe
        5⤵
        
        PID:10008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62553.exe
        5⤵
        
        PID:12880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56339.exe
      4⤵
      PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
        5⤵
        
        PID:11080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6141.exe
        5⤵
        
        PID:10332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54377.exe
      4⤵
      PID:9656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
      4⤵
      PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
      4⤵
      PID:12648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54517.exe
      4⤵
      PID:14048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21210.exe
      4⤵
      PID:15272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49091.exe
      4⤵
      PID:18620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55772.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55772.exe
    3⤵
    PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19461.exe
      4⤵
      PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15973.exe
        5⤵
        
        PID:8304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34597.exe
        6⤵
        
        PID:15024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3327.exe
        5⤵
        
        PID:12720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16283.exe
        5⤵
        
        PID:15628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25240.exe
      4⤵
      PID:8872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56690.exe
        5⤵
        
        PID:6080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38579.exe
      4⤵
      PID:11808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32812.exe
      4⤵
      PID:16748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25439.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25439.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9428.exe
      4⤵
      PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1377.exe
        5⤵
        
        PID:12364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13211.exe
        5⤵
        
        PID:15576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
      4⤵
      PID:13216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44232.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44232.exe
    3⤵
    PID:8456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4113.exe
    3⤵
    PID:12080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28122.exe
    3⤵
    PID:15096
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8088.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8088.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12004.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12004.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17397.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28565.exe
        5⤵
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
        6⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-568.exe
        6⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24946.exe
        7⤵
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46304.exe
        6⤵
        
        PID:13404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
        6⤵
        
        PID:16956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34411.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64386.exe
        6⤵
        
        PID:11232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
        6⤵
        
        PID:14928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35840.exe
        5⤵
        
        PID:9480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59609.exe
        5⤵
        
        PID:14484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57708.exe
      4⤵
      PID:640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
        5⤵
        
        PID:7792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35627.exe
        5⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18802.exe
        6⤵
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58238.exe
        6⤵
        
        PID:18324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46304.exe
        5⤵
        
        PID:13420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
        5⤵
        
        PID:17000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2895.exe
      4⤵
      PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44802.exe
        5⤵
        
        PID:12248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36626.exe
        6⤵
        
        PID:15112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65401.exe
        5⤵
        
        PID:15224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41705.exe
      4⤵
      PID:9568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-482.exe
      4⤵
      PID:7420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29819.exe
    3⤵
    PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23301.exe
      4⤵
      PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59269.exe
        5⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49298.exe
        6⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31154.exe
        6⤵
        
        PID:14828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1480.exe
        5⤵
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15583.exe
        5⤵
        
        PID:6512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49705.exe
      4⤵
      PID:8012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26994.exe
        5⤵
        
        PID:11180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8077.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
      4⤵
      PID:10456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1147.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12641.exe
      4⤵
      PID:13292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
      4⤵
      PID:15440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62595.exe
    3⤵
    PID:8488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
      4⤵
      PID:6900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19243.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19243.exe
    3⤵
    PID:11716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24676.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24676.exe
    3⤵
    PID:16004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20287.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20287.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49301.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27605.exe
      4⤵
      PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52853.exe
        5⤵
        
        PID:7732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-411.exe
        5⤵
        
        PID:9724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14898.exe
        5⤵
        
        PID:15236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50940.exe
      4⤵
      PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20597.exe
        5⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34104.exe
        5⤵
        
        PID:13040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62736.exe
      4⤵
      PID:10032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58924.exe
      4⤵
      PID:14340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59244.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59244.exe
    3⤵
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41890.exe
      4⤵
      PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-657.exe
        5⤵
        
        PID:11020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        5⤵
        
        PID:14804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8808.exe
      4⤵
      PID:11760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
      4⤵
      PID:16040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30466.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30466.exe
    3⤵
    PID:7196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
    3⤵
    PID:10484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52480.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52480.exe
    3⤵
    PID:14476
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26523.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26523.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28133.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28133.exe
    3⤵
    PID:7048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
      4⤵
      PID:11960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15816.exe
      4⤵
      PID:15300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50153.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50153.exe
    3⤵
    PID:9748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55859.exe
    3⤵
    PID:11392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17051.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17051.exe
    3⤵
    PID:14364
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65362.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65362.exe
  2⤵
  PID:5680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60037.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60037.exe
    3⤵
    PID:6324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13252.exe
      4⤵
      PID:14564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44025.exe
    3⤵
    PID:10732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47955.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47955.exe
    3⤵
    PID:6728
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
  2⤵
  PID:6460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37746.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37746.exe
    3⤵
    PID:10304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17618.exe
      4⤵
      PID:15532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
    3⤵
    PID:9116
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12611.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12611.exe
  2⤵
  PID:9072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16838.exe
    3⤵
    PID:9224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
    3⤵
    PID:14348
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
  2⤵
  PID:408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28930.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28930.exe
    3⤵
    PID:9136
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59217.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59217.exe
  2⤵
  PID:11680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12417.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12417.exe
    3⤵
    PID:15088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
  2⤵
  PID:12960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49009.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49009.exe
  2⤵
  PID:7940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33851.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33851.exe
  2⤵
  PID:18780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5744 -ip 5744
1⤵
PID:8392

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:18604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12004.exe

Filesize
468KB

MD5
65f83a16c651338092c6c77ce22014e9

SHA1
37f77f288ab7420f63cf6d6699a2054f5e637518

SHA256
47dd78756f92ee44cf446c6462ec5a427d6c20a1d5c5656121410b49332d5030

SHA512
a3f45574697ec402eebfd742eefea96a5802ba54b566f8e80496cfd5c930a526c1fdcce05690ae86ccf73bd9c5b519cc362b8f676e614741e87ccf03cfe8d0ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13375.exe

Filesize
468KB

MD5
8fa4873c7adb198a39c4a67fb7ab8642

SHA1
9d16e208088d7f1b115f15aa5d43d15dfd9b4d41

SHA256
fd15e6ac884d87bd72e0b48f32972db899d4ae005965c04e9a1b09dbefe0a8eb

SHA512
cd918727e90909f479a7c434c7ee9000eb7e99d8326c216e16d25ed83f808ed0ca8d7146e15e58782924e502785c52896ade41cdd6efbc3f46a17a41a7467525

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17979.exe

Filesize
468KB

MD5
8219ef9274b68e2abde28e607d8eeac1

SHA1
03e237c9b757928fbd264d4e8f4be0589b8e56f5

SHA256
03a82c609b318d5967c01703eef7e2d181b4a97e775668a31341a58c6d31b076

SHA512
da0a1290da7bd8bcb574be105d9aab030e3778df7106835b6a62a112622b41ea7158e21da8bd32216e544d1372d0b1169601b3d0ea542bc9de07759393c40269

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18978.exe

Filesize
468KB

MD5
84a930ef250f065534883fa6b8f60bf4

SHA1
d15d8c0d90f15a3d27fcad0c970d0eaaf38d7da4

SHA256
74521706e6eacd3c5f28ac445412a03be41b39f7c87d33bb092bc9a4a73c7c9a

SHA512
7fe7b5b977bbe881b8f30a6c0ffe652c561bf1f7e00d9a7ff74531ad03669742797ef41f9cf6876f8fc2e2e89a809ea7124d4c8e40efd1a07f2882f7daa0c0f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe

Filesize
468KB

MD5
2eafa13e65191c29e21f5b497664a6ff

SHA1
c5368d233d6b97510cc45934ff691fc39063bb52

SHA256
ade1bd6f9e7cedd03f2b6a07f0fb2a6a2e11a08564dd4b0d053ff0511c8ac11b

SHA512
49ee4dbc820c73ef4585f897cc31613d7f4d78aeeced3781951e65cc24df23939e6eb94b88fd9f959fadb969f3c39ba13c9a1e84ac441483fcf62b0beeb5602d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20287.exe

Filesize
468KB

MD5
fe65c375064f49a872166601cfc11204

SHA1
1d1772237e547600c03c27d335dfbd10366f5038

SHA256
70081fc828e510431bca9248f0b75e5c7ce6b4eb5aeeb615c3eece1f0eb5419c

SHA512
77be41071a5d080aecc5b5a2dfedba47f14f43cf5c314ad57565e208df7007580e8a529b5cb972ad7994d1a5ad02777cde9d06dffb2677a4e8f2cf02c1de0d36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20741.exe

Filesize
468KB

MD5
aca921a3d5807d6782159ab21be90b98

SHA1
4593dddf387de6bd77091d0047cb0dd01a8fb09f

SHA256
dd1cafef38eaa0beec98df3844f8fdd67b9932df9552e643087364ff6c9934dd

SHA512
8308f3f8c1100c0b7451d75010d71e94fad29291c5125916202dccd5854f3ca8d4fa0b18e3689233a9b8ae0eab6d63b9828e877ab55b6640f5c318aaa4ae2ee3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20783.exe

Filesize
468KB

MD5
b4bbb7c509e4d8a581b4d7d54c945764

SHA1
3586dd9ee39b44acf794664fb69421a512202356

SHA256
b3979d12223c6e4d3c67605f38acb2a14988ee3fc39ae6b90ee6c07df2ed52d4

SHA512
9eeedb2ea840d3cc17183492ae4cfff21eef405eee24898abf3f0a161c2d6924273a55624eb1c85eb3b4e9dd2ea3e601661c0698c78215583f3a1c6dca2ced80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22562.exe

Filesize
468KB

MD5
7dd5365afdb35043e746bb60b278f05a

SHA1
e576ed457d3339883a7261d9d91ee0bab68cad0d

SHA256
c92f271b345bcb1e611207b9f70b0e61c1bb4d5c0714ac2c4305264209063f8e

SHA512
9c564feaa48a0c114d0195d8215b7c245a6161688c72a711a8319e67381beef2adad75292150098e1fe53a0cf5cb9c23e48edca3fdd2863866e4b7426faf18f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22661.exe

Filesize
468KB

MD5
0a43568d91a10a43b9b0e7d732cb96e4

SHA1
679bf43183cc7d20bf0900e0a861b8be687b5239

SHA256
3e7286f2fc9fc5bb8c6f0c36f134bd7e30ed38bea45876f0897aacd7119453b9

SHA512
f2aee33758021dd88713ce143e7a1dd13f4099bf1aa175497b93425a964002fa085bcded835bd98c4602a2914ea8a632e692064447367504e0ba1f134135b0e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe

Filesize
468KB

MD5
054b69ccb280ea78be54f68444b7dffb

SHA1
c9543dba8d2e8d7f40e797bcef8ba3fd87bb67c6

SHA256
07abd3469ffa95d24eeced6968b34761b8e2ea037865c2f34af6d35c9f5071e9

SHA512
ac6a62c73a77bcc85c7e73f66dc2467f7c1e155fc378b6254b666b39b87f19abc2ad057444b09f3ba78b08d2bcf0b2e9c47eb37abea03f00b23f23ab3c6a3a01

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27298.exe

Filesize
468KB

MD5
488b5ed77cf38565bcfa680cbff741b7

SHA1
80ea7fb167bf97d520d3eb2e86f01ac208e5153d

SHA256
2ce08ba8a9ff66bce38a8f752b3760d2b6850561711cbddd6d94db5a8a1723bd

SHA512
708f837e4cc6172f6c98aa0ae4c95956b7c64473c997d872f1b2f14942d95bb59d174c8f5dd0788eb49bfa7ec8440d2c8a3f2419c7fa63e43c5a4ae4ae52b53c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2977.exe

Filesize
468KB

MD5
0e3241a7f59b286e34968cc7752b7b63

SHA1
c4e922d5d6987dca71dc42297661073250c77d60

SHA256
9a96652fd91b28e98dc1fae83317f77812c3244aafe600294dbcf9d59f30feb6

SHA512
da613e785c246724defa38f9039f834a446c0ef03d420ca51b47439756751e39e74aad94d640c82cae8f1db14c8ef93f9ebec398aa490629f941a3c9553c0007

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32959.exe

Filesize
468KB

MD5
923901821af15688f2144877b75d2eaf

SHA1
04f2454a38184ab1214fd28b52e0ede96eb72821

SHA256
749563212036364a6ba43bb4afc9d9319d09206efcbc99a7e0cbc0ea38474ea2

SHA512
c3751935e48e0ac54d3ec309842eb7b7502174a77d14a5185130b60bfc35ce54819b0dd95f6c1aad2ea3b0c16ebe040d1514c52ef89354c3f41fc3455c501da3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34402.exe

Filesize
468KB

MD5
0e89d8a900546ec77e7855bbf0a30119

SHA1
e9f6707958b64d20fb7e80f9878fe363a1722bad

SHA256
9823281465c54b01ed3e101ad3033fe36c5be5dd1b5a615f7e4673a4bb836d99

SHA512
18ddb37247d818bd9aeb1cb102b7db36fe1106ca61f442d4385c29fd84d00d46ee3f05fd82fd9069d972990f2b7387b6f9160700ac96134ea1de2733c978e3c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35349.exe

Filesize
468KB

MD5
8e187b2c30cc8e8797c7f6c435f974a3

SHA1
b90d016a500cb8da93cdea7525698c5bcb672616

SHA256
5bf1834d3345d966b33f17a6cce2febf495c08a206c5326d416a2a8f9b435fc9

SHA512
b14a2732557eff6795d5a4fa6edd0fc03d9942f8ad800d3fd28fb4919a422e86d0c2ed1ddd7750f9dbcab799091d97093875b9b6270c8c7aecf0c627ed260c96

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39106.exe

Filesize
468KB

MD5
2a5d86a58808f2d568868945922f6455

SHA1
5dc8856b3514bc4298429f7441d02096f68400fb

SHA256
ce522923eab13638537cbb40b9c83b2af8b9f699f26c8a3332023846a84c1845

SHA512
9c0642b760bd1f609350fceac57128755af81ee7b9936900112635f6fd785b61c4daf84e6da7dc9d9487d86a2e1096670a7d0931c973acadaf28abeb8e1ebdc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe

Filesize
468KB

MD5
a5cd70cb95bd5e6f67c939cd8b09a2f1

SHA1
a842ab08fe36ef908a47480902056fb8cab8604f

SHA256
691df33b29ec0d0615ec345564319bfed76b6979aad121e20f7bfa9f5ed04056

SHA512
f148e81d8ad925173a1b8e67a0b418c41a54b4d56d5ac5b287bafaaa7055e71792096cbd6e9dccb163481a621a480e9f7ddd46d6bb249e2973ecc105f2722ec0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41410.exe

Filesize
468KB

MD5
717d1eb06733c4ecf802784e76ef4305

SHA1
80f0db862f61184f71d723c5bc3728a8a1b7c7bb

SHA256
dd8d25bde26b5258e720a7ea40d447ec203182d39aa4e8ef42761f6abfc22a6d

SHA512
4d675e960931a9ffcab29e62d87b1aebc28f47640b883a9e72b9465d02935a1051d3510090bbe9e3f6c624a1242ecac34bdc0dc4849fb6b8c449deebdf4b73ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe

Filesize
468KB

MD5
f2b46c5213c4616a4a8734a05348271f

SHA1
336df65f144cda9922eb11939170824534f30b0c

SHA256
0ddd9b11ee937720a059e4f5a69274ac492eb5027a7ad89730b8bd4ede102ba7

SHA512
3c17efd06e944ae7243995cb17d4bfc5933926cff9a973e37bb606d6d278751d9e7a7ef840af5e0b81ea1742cfaf1a0e54c3b34934f92373b33bf3d10029992c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42876.exe

Filesize
468KB

MD5
e8570c4acccb1a55154319f3cc1122af

SHA1
fd1d492775c1f4a03baebed809891e0642596535

SHA256
fa886599b5af8cb52e1853d171cd3d8d5a2a92bc627e1af1cf416fb22b0b5026

SHA512
77e6a125fc7a675e578dc5246fc970d8c54f37d3a682aa9b693c7170a991e675dec8ff8b0344f52b1878d26bf07d5c812c8e59f63efea88ab147a48382728f9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48809.exe

Filesize
468KB

MD5
dd7b5ad32e5e7db195f55dfedd687e86

SHA1
5b233724cb69d5ca291fbba12f4cd2fa59aff5f5

SHA256
9394db31a9d46cd1fc2fae00e011e43d294a41b9f20a5d8f1c8e12c3138f91da

SHA512
ef690ea9daaf65f6d6b4617261982ef499e0755c5788540e2733d98eba43d5f7c98229cf4bc7b63b35a2c64673c747d9dff634f15f06b59c6094ed6cc0b40895

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe

Filesize
468KB

MD5
68990160f4185e792b6e680fca39f0a4

SHA1
2c3348dda901b2cc55fc4c74d8fd002b65095286

SHA256
618cf410c563a2f3ba1939c3bf6ac4b1525dc7311a977ae02b8ac0bc554d6f42

SHA512
f88de89d7291a9c962e086e6d00e4f2a118a3955d9d2a8c9f7d30ccb39f1b3efb862172668d6dc39972d7d45030a14ffb7d81f8c6d128203efb17f0c1e51f2e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49884.exe

Filesize
468KB

MD5
f244d4a1b81b5c3fb0301721d7da64fa

SHA1
3c4a0e7dc0e79f094cff5fe4bf5410297ec8651d

SHA256
5e5dc98c4c6aae6ca72977b0baa41370b52de9c29acbbfae0a8d6ff072ed2bd6

SHA512
d996dca403e41139176706d03d0d4ea7feeeb7fccdc0b0c96000b4a861df142d9e5e35eba9e50ca4e879c2e6c2210d6ad969b2f7c6be3b33a20a76b33b1367bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe

Filesize
468KB

MD5
57c10a266cb9824e34bb6846cdb2536e

SHA1
2423e8bda8679cc38d9bcbfddefe6e64b98cd223

SHA256
75ad55787d6f68b78a4e9036c1dc9520bc6682223f23bbf88e042d031ce6adf2

SHA512
9557e47345d65c596fcc05d8ac66925fb801f3c6070406ccef7251235f7d6147ce84c09dd5c1eb2d9b0011963694423838e9339f872274bdb7acf25f7a02e135

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52489.exe

Filesize
468KB

MD5
61cbd4db3554bb4f9d1f40b2e1edb838

SHA1
009a4a1789c1713a94c3330ed888368be1f7e237

SHA256
c6d0397aeadd0d5d99d3ba525efcd67780d6c9b8e849eea4622cf08432eaf424

SHA512
5a767112d389ccca3db82657e0f824ce58e3d8bf2b739cdd397c479d2e4c1aad18d637d30c9b4c134161e0b09585cdf2f9d2ebc9e7e89d846e8f9ee5ac4216f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52530.exe

Filesize
468KB

MD5
02e9e99346663376c69467dbbe1cbcd1

SHA1
aeee59b8f41ddd1a9fdb959abf5fc2daaa471b86

SHA256
7c497d2c1365754e9e79d5b48cdebd91949bcdc1346833b75efa4c86ce986c3e

SHA512
3891cb2c384e8fed027671f6f4539ec010b4a95eea81bf587b64c351f46ca5f2af778353060a469d0b9b6d41206b12d82801e713bbbf0b5f36639b27b689f9d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54917.exe

Filesize
468KB

MD5
07f5386412bc751457fe285fc88f78af

SHA1
b8a0425e6517762df0eba105505518dc8e1da8cd

SHA256
d2e76693238144b2722dec3f1deda54135b0e7227d31dfad3be4c3041657bb60

SHA512
bff30df14ebb69840861dc5eddcd8ad2000928cd994a1cc1405fb25ebdffdc2638b31389ce5e38b65e7dbb0bc205eac5d34ea3510a0bfca2733875377aeb0589

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56130.exe

Filesize
468KB

MD5
30d742fd0db1ee0136b8dd3219c2accf

SHA1
e03a83f1f55287d8adc9fbd253be99af88bcf65b

SHA256
bcfc94a27d7b9beda9838229158dfde51e0fb996e082449fd86b8d06417afe4f

SHA512
da575b804d5469e5ab69204ef13797893c5048135958deff1c97f045f7138936736c89b8137f688deee279a4589b95786412a6be93bbe5b59f0c4cb3b015c500

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59093.exe

Filesize
468KB

MD5
9b51ed688715bfbd2e8702f34b7dbc86

SHA1
0488dc3df753962e58be5523fe87d2455590f9b6

SHA256
59dbe1fbf02f54c7cc647e9cdb17d0f92a94fe41b5aa5b0dd98d68927330c236

SHA512
5830dbd337b794d2d506cf30ed9d1285cc4a1c03a21427a35840f0f51a31710b8a0bbad38478c1ac91d3518a05b93902a108718a870b7ad91427b7fa0bdf1322

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60101.exe

Filesize
468KB

MD5
30c72c3679187d079694d98c5b5e791d

SHA1
cbd4e3444220b311c27a2156e9e003d14f7142c4

SHA256
628a1dd16668be4f0e57fea6dfadd13e3d5d9099add7504270053a2aabe7657f

SHA512
a4366be9f5f8b118545fc50fe68475a778685109ad9c8d512661d727fa1139eda234805b17b41a81300b75964a63470952e457f5b7a62707e611064cd57616bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60629.exe

Filesize
468KB

MD5
02ef7809008d7775c0f9bd393a26ff05

SHA1
3ca7319ee659e71b9d80007f898a33c316903d24

SHA256
3883a1d295f2ba6498f081659cd9783cf058e5899c8c10887a732221fb79e5cd

SHA512
1bb2aceff87803b79d697281bec6ef86fffa10f5bdc602ce2140c827469b27b6e63a41aff53775de1ef871aa946294a5602b09fda4e05497daba56c5eccba569

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6363.exe

Filesize
468KB

MD5
4a07539eb0c49044b5ba3ec37be84bbd

SHA1
a27dc637b7b5fdd8df3cf1b38671229918a0d5e0

SHA256
dbf49950b52ccb44ff0d2fed044603060e9592a42b806f8f71a619e4cb715f89

SHA512
947e11217e751cab451464c019c081658a05e974786e9e87ec1f8a3d592ede7f9ee66c5795f715ef37e0179e7a5d96b5e3a680ce244210f300c36511431c4ea8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8088.exe

Filesize
468KB

MD5
f10c5331cf0abff33b7773eb7f93c568

SHA1
2f9c182330aa5aab93dfb2f866998ce7b05f22fd

SHA256
e2b5937013f6b02e1990202c69a3d17225fd4b862be3d5961ce5f60255ebd2f8

SHA512
d3cb3347d1f43c78f418f4e187c51627b4349ef605fa1db206460a660fcd88296d9c84d841e68e5ce2250accc7f5ca29e913c297cb5db42d611c62ca672c6a52

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads