f4a9d5521490cb580953fd2aaea6814838d6315a97b68f35ef9af857a771c57c

Analysis

max time kernel
150s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 05:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f4a9d5521490cb580953fd2aaea6814838d6315a97b68f35ef9af857a771c57c.exe
Size

468KB
MD5

7db157d5f69fef03d055ebf76fd264a7
SHA1

3ddd114ddb0c536198b67efeaed5bba8591eb894
SHA256

f4a9d5521490cb580953fd2aaea6814838d6315a97b68f35ef9af857a771c57c
SHA512

18098ea5b0d367c24faad6c6622e29eb83e4fde1759529718581c233d2c32c946b9629a4c6d4d42306a500e06282521fab206e3732f0cd0b2a654b0f0cec4783
SSDEEP

3072:4belogxuIU57tbYZPzcfmbfD/n2DnsXH9QmytQVqAmygkMi3ux0lp:4b4oWc7tCP4fmbfr3EwmyZD3ux

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1584	Unicorn-47226.exe
4880	Unicorn-59810.exe
4808	Unicorn-48305.exe
3508	Unicorn-52514.exe
1548	Unicorn-41008.exe
3540	Unicorn-13711.exe
548	Unicorn-19842.exe
1440	Unicorn-5936.exe
4740	Unicorn-6201.exe
3828	Unicorn-47234.exe
644	Unicorn-62610.exe
1200	Unicorn-1904.exe
2928	Unicorn-56480.exe
4888	Unicorn-35064.exe
3656	Unicorn-16127.exe
3500	Unicorn-65210.exe
336	Unicorn-48688.exe
4920	Unicorn-16778.exe
880	Unicorn-29392.exe
3244	Unicorn-16586.exe
3044	Unicorn-16586.exe
1704	Unicorn-32922.exe
3604	Unicorn-46772.exe
1276	Unicorn-47037.exe
5068	Unicorn-27171.exe
3064	Unicorn-27171.exe
468	Unicorn-40907.exe
3008	Unicorn-6793.exe
4368	Unicorn-31298.exe
1856	Unicorn-39009.exe
5008	Unicorn-41312.exe
2548	Unicorn-9097.exe
4588	Unicorn-54577.exe
3552	Unicorn-8329.exe
2204	Unicorn-58489.exe
744	Unicorn-33986.exe
1916	Unicorn-3159.exe
4680	Unicorn-9289.exe
2552	Unicorn-47177.exe
2468	Unicorn-26202.exe
1528	Unicorn-26202.exe
3788	Unicorn-63513.exe
3820	Unicorn-44458.exe
1532	Unicorn-32760.exe
528	Unicorn-38136.exe
4644	Unicorn-44266.exe
3464	Unicorn-44266.exe
4464	Unicorn-60602.exe
3400	Unicorn-38712.exe
812	Unicorn-8064.exe
3156	Unicorn-24976.exe
3932	Unicorn-44577.exe
2088	Unicorn-35911.exe
1060	Unicorn-1033.exe
244	Unicorn-38152.exe
2544	Unicorn-1417.exe
2688	Unicorn-33633.exe
1748	Unicorn-1225.exe
3976	Unicorn-41106.exe
2004	Unicorn-15839.exe
2236	Unicorn-50706.exe
2412	Unicorn-5034.exe
4460	Unicorn-51696.exe
1776	Unicorn-57826.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
12812	8700	WerFault.exe	375
16724	8716	WerFault.exe	376
16344	9096	WerFault.exe	391

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47105.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42658.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54129.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39802.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19743.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12448.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19450.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19151.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30007.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30614.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14271.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59004.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47792.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-720.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29055.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16244.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19970.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38418.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23466.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22379.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62817.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61061.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20990.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34668.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35064.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29392.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53936.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45905.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45569.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41945.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3510.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41008.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15696.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5448.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48705.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22983.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41056.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7129.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20851.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4768.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34786.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	17280	dwm.exe
Token: SeChangeNotifyPrivilege	17280	dwm.exe
Token: 33	17280	dwm.exe
Token: SeIncBasePriorityPrivilege	17280	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
856	f4a9d5521490cb580953fd2aaea6814838d6315a97b68f35ef9af857a771c57c.exe
1584	Unicorn-47226.exe
4880	Unicorn-59810.exe
4808	Unicorn-48305.exe
3540	Unicorn-13711.exe
3508	Unicorn-52514.exe
548	Unicorn-19842.exe
1548	Unicorn-41008.exe
1440	Unicorn-5936.exe
4740	Unicorn-6201.exe
1200	Unicorn-1904.exe
3828	Unicorn-47234.exe
644	Unicorn-62610.exe
2928	Unicorn-56480.exe
4888	Unicorn-35064.exe
3656	Unicorn-16127.exe
3500	Unicorn-65210.exe
336	Unicorn-48688.exe
4920	Unicorn-16778.exe
3044	Unicorn-16586.exe
880	Unicorn-29392.exe
3244	Unicorn-16586.exe
3064	Unicorn-27171.exe
3604	Unicorn-46772.exe
1276	Unicorn-47037.exe
5068	Unicorn-27171.exe
468	Unicorn-40907.exe
3008	Unicorn-6793.exe
4368	Unicorn-31298.exe
5008	Unicorn-41312.exe
1856	Unicorn-39009.exe
4588	Unicorn-54577.exe
2548	Unicorn-9097.exe
3552	Unicorn-8329.exe
2204	Unicorn-58489.exe
744	Unicorn-33986.exe
1916	Unicorn-3159.exe
4680	Unicorn-9289.exe
1528	Unicorn-26202.exe
2552	Unicorn-47177.exe
2468	Unicorn-26202.exe
3788	Unicorn-63513.exe
4644	Unicorn-44266.exe
528	Unicorn-38136.exe
1532	Unicorn-32760.exe
3820	Unicorn-44458.exe
4464	Unicorn-60602.exe
3400	Unicorn-38712.exe
3156	Unicorn-24976.exe
3932	Unicorn-44577.exe
4876	Unicorn-3425.exe
3464	Unicorn-44266.exe
812	Unicorn-8064.exe
2088	Unicorn-35911.exe
1060	Unicorn-1033.exe
244	Unicorn-38152.exe
2544	Unicorn-1417.exe
2688	Unicorn-33633.exe
2004	Unicorn-15839.exe
1748	Unicorn-1225.exe
3976	Unicorn-41106.exe
2236	Unicorn-50706.exe
2412	Unicorn-5034.exe
1776	Unicorn-57826.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 856 wrote to memory of 1584	856	f4a9d5521490cb580953fd2aaea6814838d6315a97b68f35ef9af857a771c57c.exe	87
PID 856 wrote to memory of 1584	856	f4a9d5521490cb580953fd2aaea6814838d6315a97b68f35ef9af857a771c57c.exe	87
PID 856 wrote to memory of 1584	856	f4a9d5521490cb580953fd2aaea6814838d6315a97b68f35ef9af857a771c57c.exe	87
PID 1584 wrote to memory of 4880	1584	Unicorn-47226.exe	92
PID 1584 wrote to memory of 4880	1584	Unicorn-47226.exe	92
PID 1584 wrote to memory of 4880	1584	Unicorn-47226.exe	92
PID 856 wrote to memory of 4808	856	f4a9d5521490cb580953fd2aaea6814838d6315a97b68f35ef9af857a771c57c.exe	93
PID 856 wrote to memory of 4808	856	f4a9d5521490cb580953fd2aaea6814838d6315a97b68f35ef9af857a771c57c.exe	93
PID 856 wrote to memory of 4808	856	f4a9d5521490cb580953fd2aaea6814838d6315a97b68f35ef9af857a771c57c.exe	93
PID 4880 wrote to memory of 3508	4880	Unicorn-59810.exe	95
PID 4880 wrote to memory of 3508	4880	Unicorn-59810.exe	95
PID 4880 wrote to memory of 3508	4880	Unicorn-59810.exe	95
PID 1584 wrote to memory of 1548	1584	Unicorn-47226.exe	96
PID 1584 wrote to memory of 1548	1584	Unicorn-47226.exe	96
PID 1584 wrote to memory of 1548	1584	Unicorn-47226.exe	96
PID 856 wrote to memory of 3540	856	f4a9d5521490cb580953fd2aaea6814838d6315a97b68f35ef9af857a771c57c.exe	97
PID 856 wrote to memory of 3540	856	f4a9d5521490cb580953fd2aaea6814838d6315a97b68f35ef9af857a771c57c.exe	97
PID 856 wrote to memory of 3540	856	f4a9d5521490cb580953fd2aaea6814838d6315a97b68f35ef9af857a771c57c.exe	97
PID 4808 wrote to memory of 548	4808	Unicorn-48305.exe	98
PID 4808 wrote to memory of 548	4808	Unicorn-48305.exe	98
PID 4808 wrote to memory of 548	4808	Unicorn-48305.exe	98
PID 856 wrote to memory of 1440	856	f4a9d5521490cb580953fd2aaea6814838d6315a97b68f35ef9af857a771c57c.exe	101
PID 856 wrote to memory of 1440	856	f4a9d5521490cb580953fd2aaea6814838d6315a97b68f35ef9af857a771c57c.exe	101
PID 856 wrote to memory of 1440	856	f4a9d5521490cb580953fd2aaea6814838d6315a97b68f35ef9af857a771c57c.exe	101
PID 3540 wrote to memory of 4740	3540	Unicorn-13711.exe	102
PID 3540 wrote to memory of 4740	3540	Unicorn-13711.exe	102
PID 3540 wrote to memory of 4740	3540	Unicorn-13711.exe	102
PID 1548 wrote to memory of 3828	1548	Unicorn-41008.exe	103
PID 1548 wrote to memory of 3828	1548	Unicorn-41008.exe	103
PID 1548 wrote to memory of 3828	1548	Unicorn-41008.exe	103
PID 548 wrote to memory of 644	548	Unicorn-19842.exe	104
PID 548 wrote to memory of 644	548	Unicorn-19842.exe	104
PID 548 wrote to memory of 644	548	Unicorn-19842.exe	104
PID 4880 wrote to memory of 1200	4880	Unicorn-59810.exe	105
PID 4880 wrote to memory of 1200	4880	Unicorn-59810.exe	105
PID 4880 wrote to memory of 1200	4880	Unicorn-59810.exe	105
PID 1584 wrote to memory of 2928	1584	Unicorn-47226.exe	106
PID 1584 wrote to memory of 2928	1584	Unicorn-47226.exe	106
PID 1584 wrote to memory of 2928	1584	Unicorn-47226.exe	106
PID 3508 wrote to memory of 4888	3508	Unicorn-52514.exe	107
PID 3508 wrote to memory of 4888	3508	Unicorn-52514.exe	107
PID 3508 wrote to memory of 4888	3508	Unicorn-52514.exe	107
PID 4808 wrote to memory of 3656	4808	Unicorn-48305.exe	108
PID 4808 wrote to memory of 3656	4808	Unicorn-48305.exe	108
PID 4808 wrote to memory of 3656	4808	Unicorn-48305.exe	108
PID 1440 wrote to memory of 3500	1440	Unicorn-5936.exe	109
PID 1440 wrote to memory of 3500	1440	Unicorn-5936.exe	109
PID 1440 wrote to memory of 3500	1440	Unicorn-5936.exe	109
PID 856 wrote to memory of 336	856	f4a9d5521490cb580953fd2aaea6814838d6315a97b68f35ef9af857a771c57c.exe	110
PID 856 wrote to memory of 336	856	f4a9d5521490cb580953fd2aaea6814838d6315a97b68f35ef9af857a771c57c.exe	110
PID 856 wrote to memory of 336	856	f4a9d5521490cb580953fd2aaea6814838d6315a97b68f35ef9af857a771c57c.exe	110
PID 4740 wrote to memory of 4920	4740	Unicorn-6201.exe	111
PID 4740 wrote to memory of 4920	4740	Unicorn-6201.exe	111
PID 4740 wrote to memory of 4920	4740	Unicorn-6201.exe	111
PID 3540 wrote to memory of 880	3540	Unicorn-13711.exe	112
PID 3540 wrote to memory of 880	3540	Unicorn-13711.exe	112
PID 3540 wrote to memory of 880	3540	Unicorn-13711.exe	112
PID 1200 wrote to memory of 3244	1200	Unicorn-1904.exe	113
PID 1200 wrote to memory of 3244	1200	Unicorn-1904.exe	113
PID 1200 wrote to memory of 3244	1200	Unicorn-1904.exe	113
PID 3828 wrote to memory of 3044	3828	Unicorn-47234.exe	114
PID 3828 wrote to memory of 3044	3828	Unicorn-47234.exe	114
PID 3828 wrote to memory of 3044	3828	Unicorn-47234.exe	114
PID 2928 wrote to memory of 1704	2928	Unicorn-56480.exe	115

C:\Users\Admin\AppData\Local\Temp\f4a9d5521490cb580953fd2aaea6814838d6315a97b68f35ef9af857a771c57c.exe
"C:\Users\Admin\AppData\Local\Temp\f4a9d5521490cb580953fd2aaea6814838d6315a97b68f35ef9af857a771c57c.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:856
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47226.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47226.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59810.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59810.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52514.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35064.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6793.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1033.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52066.exe
        8⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4889.exe
        9⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53818.exe
        10⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
        10⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39961.exe
        10⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11176.exe
        9⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38680.exe
        9⤵
        
        PID:12832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61417.exe
        8⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13169.exe
        9⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
        10⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9759.exe
        10⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-248.exe
        9⤵
        
        PID:12408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
        9⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7527.exe
        8⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62801.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
        8⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31692.exe
        8⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
        7⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
        8⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        9⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        8⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9672.exe
        8⤵
        
        PID:15956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
        8⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
        7⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8120.exe
        7⤵
        
        PID:11676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        7⤵
        
        PID:16532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38152.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36498.exe
        7⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23280.exe
        8⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43288.exe
        8⤵
        
        PID:11640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42921.exe
        8⤵
        
        PID:16556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20030.exe
        8⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
        7⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
        7⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49711.exe
        7⤵
        
        PID:15472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
        7⤵
        
        PID:17512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        6⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53818.exe
        7⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33880.exe
        7⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48705.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22215.exe
        6⤵
        
        PID:9716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
        6⤵
        
        PID:13772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41312.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1417.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19010.exe
        7⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
        8⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20306.exe
        9⤵
        
        PID:13152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34668.exe
        9⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53272.exe
        8⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        8⤵
        
        PID:15380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        8⤵
        
        PID:17200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48028.exe
        8⤵
        
        PID:12796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49217.exe
        7⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57114.exe
        8⤵
        
        PID:15328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        7⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60869.exe
        7⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
        6⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25474.exe
        7⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4768.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22638.exe
        7⤵
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22895.exe
        6⤵
        
        PID:10564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55961.exe
        6⤵
        
        PID:13544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
        6⤵
        
        PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10457.exe
        6⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51594.exe
        7⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1457.exe
        8⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21976.exe
        8⤵
        
        PID:16004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30614.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9672.exe
        7⤵
        
        PID:15996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58700.exe
        7⤵
        
        PID:10488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
        6⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35415.exe
        7⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18163.exe
        7⤵
        
        PID:11604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45872.exe
        6⤵
        
        PID:9424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65313.exe
        6⤵
        
        PID:16328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48420.exe
        6⤵
        
        PID:9688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47552.exe
        5⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12777.exe
        6⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57026.exe
        7⤵
        
        PID:16296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34969.exe
        7⤵
        
        PID:7352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
        6⤵
        
        PID:14640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3080.exe
        5⤵
        
        PID:9148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44578.exe
        5⤵
        
        PID:12124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        5⤵
        
        PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54564.exe
        5⤵
        
        PID:12744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16586.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36970.exe
        7⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65034.exe
        8⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
        9⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22624.exe
        9⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35328.exe
        9⤵
        
        PID:15728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26717.exe
        9⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25968.exe
        8⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45016.exe
        8⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25345.exe
        8⤵
        
        PID:17156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52407.exe
        8⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24868.exe
        8⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
        7⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
        8⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        8⤵
        
        PID:13832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30614.exe
        8⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63525.exe
        8⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40096.exe
        7⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44545.exe
        7⤵
        
        PID:12460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3694.exe
        7⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18448.exe
        6⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21890.exe
        7⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54002.exe
        8⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17810.exe
        9⤵
        
        PID:14512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4428.exe
        9⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6583.exe
        8⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56893.exe
        8⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57881.exe
        7⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46848.exe
        7⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13044.exe
        7⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16515.exe
        7⤵
        
        PID:11340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49688.exe
        6⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21138.exe
        7⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
        7⤵
        
        PID:13456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45905.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54129.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35879.exe
        6⤵
        
        PID:12848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62434.exe
        6⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40442.exe
        7⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
        8⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        8⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16971.exe
        8⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65061.exe
        8⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19151.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29849.exe
        7⤵
        
        PID:14712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        7⤵
        
        PID:17364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41810.exe
        7⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4768.exe
        7⤵
        
        PID:15296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48705.exe
        7⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19255.exe
        6⤵
        
        PID:10928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
        6⤵
        
        PID:15292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46351.exe
        6⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
        6⤵
        
        PID:10772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12879.exe
        5⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe
        6⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23450.exe
        7⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        7⤵
        
        PID:13852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48705.exe
        7⤵
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26761.exe
        6⤵
        
        PID:11788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33487.exe
        6⤵
        
        PID:16864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63256.exe
        6⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8493.exe
        6⤵
        
        PID:1148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11448.exe
        5⤵
        
        PID:7680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        6⤵
        
        PID:12236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16036.exe
        6⤵
        
        PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56912.exe
        5⤵
        
        PID:10904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6480.exe
        5⤵
        
        PID:15568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
        5⤵
        
        PID:7080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40907.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44266.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3752.exe
        6⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28930.exe
        7⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34736.exe
        7⤵
        
        PID:12412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        7⤵
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30881.exe
        6⤵
        
        PID:9752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23383.exe
        6⤵
        
        PID:14088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
        6⤵
        
        PID:12992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2024.exe
        5⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52082.exe
        6⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        7⤵
        
        PID:15504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33599.exe
        7⤵
        
        PID:17008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54720.exe
        6⤵
        
        PID:12324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65225.exe
        6⤵
        
        PID:17344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25835.exe
        6⤵
        
        PID:10716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47104.exe
        5⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4841.exe
        6⤵
        
        PID:12676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-720.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15615.exe
        5⤵
        
        PID:15432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14484.exe
        5⤵
        
        PID:1436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44577.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19866.exe
        5⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62538.exe
        6⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24786.exe
        7⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
        8⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        8⤵
        
        PID:13824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18123.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-484.exe
        8⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4264.exe
        7⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7839.exe
        7⤵
        
        PID:14588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
        7⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64564.exe
        7⤵
        
        PID:12772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57385.exe
        6⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7129.exe
        7⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53009.exe
        7⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48705.exe
        7⤵
        
        PID:7416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        6⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26935.exe
        6⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17621.exe
        6⤵
        
        PID:11080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26440.exe
        5⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54002.exe
        6⤵
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
        6⤵
        
        PID:13176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27814.exe
        6⤵
        
        PID:7436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58501.exe
        6⤵
        
        PID:10652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41056.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52713.exe
        5⤵
        
        PID:12852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29575.exe
      4⤵
      PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55050.exe
        5⤵
        
        PID:7040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20762.exe
        6⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 488
        7⤵
        Program crash
        
        PID:16724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
        6⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15243.exe
        6⤵
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1828.exe
        6⤵
        
        PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
        5⤵
        
        PID:8748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56936.exe
        5⤵
        
        PID:13332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54570.exe
        5⤵
        
        PID:8048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21904.exe
      4⤵
      PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17794.exe
        5⤵
        
        PID:11236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37160.exe
        5⤵
        
        PID:15576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20851.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15729.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9695.exe
      4⤵
      PID:14548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41008.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41008.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47234.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16586.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9289.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26498.exe
        7⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44858.exe
        8⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
        9⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11353.exe
        10⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
        10⤵
        
        PID:16352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
        10⤵
        
        PID:14828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28575.exe
        9⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21566.exe
        10⤵
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        9⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27814.exe
        9⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
        9⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49217.exe
        8⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
        9⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4680.exe
        9⤵
        
        PID:16380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10379.exe
        9⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27423.exe
        8⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
        8⤵
        
        PID:14932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1523.exe
        8⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52377.exe
        7⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23450.exe
        8⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        8⤵
        
        PID:13428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40599.exe
        8⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56509.exe
        8⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14247.exe
        7⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24632.exe
        7⤵
        
        PID:12812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46435.exe
        7⤵
        
        PID:7876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49585.exe
        6⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44858.exe
        7⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9113.exe
        8⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
        9⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        9⤵
        
        PID:13840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8886.exe
        9⤵
        
        PID:17160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25181.exe
        9⤵
        
        PID:11928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
        8⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50409.exe
        8⤵
        
        PID:14416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exe
        8⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47105.exe
        7⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22802.exe
        8⤵
        
        PID:11492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26863.exe
        8⤵
        
        PID:17020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
        8⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
        7⤵
        
        PID:16388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25079.exe
        6⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13353.exe
        7⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17056.exe
        7⤵
        
        PID:12240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        7⤵
        
        PID:17328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54570.exe
        7⤵
        
        PID:7952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20112.exe
        6⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3688.exe
        6⤵
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19984.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47177.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20634.exe
        6⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59881.exe
        7⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44617.exe
        8⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56936.exe
        8⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
        8⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49188.exe
        8⤵
        
        PID:11720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15399.exe
        7⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14264.exe
        7⤵
        
        PID:14912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
        7⤵
        
        PID:17656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10488.exe
        6⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        7⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
        8⤵
        
        PID:15916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64485.exe
        8⤵
        
        PID:17552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64529.exe
        7⤵
        
        PID:11764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36288.exe
        7⤵
        
        PID:16856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        7⤵
        
        PID:16820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23367.exe
        6⤵
        
        PID:8292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50881.exe
        6⤵
        
        PID:11976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-535.exe
        6⤵
        
        PID:17212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
        6⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        6⤵
        
        PID:17668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40352.exe
        5⤵
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38418.exe
        6⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-857.exe
        7⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5105.exe
        8⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        8⤵
        
        PID:13948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24646.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
        8⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22520.exe
        7⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7839.exe
        7⤵
        
        PID:14572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8568.exe
        6⤵
        
        PID:7812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27423.exe
        6⤵
        
        PID:10984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
        6⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3694.exe
        6⤵
        
        PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55553.exe
        5⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20762.exe
        6⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 488
        7⤵
        Program crash
        
        PID:12812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
        6⤵
        
        PID:12392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3510.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26717.exe
        6⤵
        
        PID:10432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20767.exe
        5⤵
        
        PID:8756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20177.exe
        5⤵
        
        PID:13444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24904.exe
        5⤵
        
        PID:7924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27171.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44266.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19778.exe
        6⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43234.exe
        7⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34130.exe
        8⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5448.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45977.exe
        7⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60496.exe
        7⤵
        
        PID:14996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29431.exe
        6⤵
        
        PID:8468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36657.exe
        6⤵
        
        PID:12248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56560.exe
        6⤵
        
        PID:17352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35656.exe
        5⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38848.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36936.exe
        6⤵
        
        PID:10248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        6⤵
        
        PID:15436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3768.exe
        5⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28002.exe
        6⤵
        
        PID:16904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18287.exe
        5⤵
        
        PID:11840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43568.exe
        5⤵
        
        PID:16892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54198.exe
        5⤵
        
        PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61628.exe
        5⤵
        
        PID:10628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38712.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38506.exe
        5⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40442.exe
        6⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        7⤵
        
        PID:13908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32238.exe
        7⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7692.exe
        7⤵
        
        PID:12756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57985.exe
        6⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
        6⤵
        
        PID:13724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20872.exe
        5⤵
        
        PID:796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6937.exe
        6⤵
        
        PID:10504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44160.exe
        6⤵
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43376.exe
        5⤵
        
        PID:10752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24753.exe
        5⤵
        
        PID:14728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17091.exe
        5⤵
        
        PID:14096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10576.exe
      4⤵
      PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43042.exe
        5⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23450.exe
        6⤵
        
        PID:9672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
        6⤵
        
        PID:14164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28576.exe
        5⤵
        
        PID:9556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        5⤵
        
        PID:14464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35637.exe
        5⤵
        
        PID:8248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42384.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63850.exe
        5⤵
        
        PID:15640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23952.exe
      4⤵
      PID:11648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34786.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46251.exe
      4⤵
      PID:17544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56480.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56480.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32922.exe
      4⤵
      Executes dropped EXE
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3425.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62434.exe
        6⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31802.exe
        7⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
        8⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52537.exe
        8⤵
        
        PID:15000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38591.exe
        8⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21752.exe
        7⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        7⤵
        
        PID:14732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13044.exe
        7⤵
        
        PID:7800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40856.exe
        6⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48250.exe
        7⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51281.exe
        7⤵
        
        PID:14776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49151.exe
        7⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
        7⤵
        
        PID:12720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59712.exe
        6⤵
        
        PID:11040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
        6⤵
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
        6⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16316.exe
        6⤵
        
        PID:9632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
        5⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15273.exe
        6⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64306.exe
        7⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61177.exe
        7⤵
        
        PID:15136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
        6⤵
        
        PID:9144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50409.exe
        6⤵
        
        PID:12808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
        6⤵
        
        PID:1116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21919.exe
        5⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6937.exe
        6⤵
        
        PID:10492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61177.exe
        6⤵
        
        PID:15100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48705.exe
        6⤵
        
        PID:8380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33289.exe
        5⤵
        
        PID:10960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57696.exe
        5⤵
        
        PID:14792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-172.exe
        5⤵
        
        PID:17440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46098.exe
        5⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40442.exe
        6⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23450.exe
        7⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        7⤵
        
        PID:13876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40407.exe
        7⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8460.exe
        7⤵
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
        6⤵
        
        PID:10604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32527.exe
        6⤵
        
        PID:15704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25828.exe
        6⤵
        
        PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
        5⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
        6⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        6⤵
        
        PID:13940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22638.exe
        6⤵
        
        PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34441.exe
        5⤵
        
        PID:11216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63280.exe
        5⤵
        
        PID:15416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53381.exe
        5⤵
        
        PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17045.exe
        5⤵
        
        PID:11692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44976.exe
      4⤵
      PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9113.exe
        5⤵
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31442.exe
        6⤵
        
        PID:10524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61177.exe
        6⤵
        
        PID:15128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
        5⤵
        
        PID:8228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64440.exe
        5⤵
        
        PID:14284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1168.exe
      4⤵
      PID:7524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41146.exe
        5⤵
        
        PID:10848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60705.exe
        5⤵
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46508.exe
        5⤵
        
        PID:14232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49032.exe
      4⤵
      PID:11896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44490.exe
      4⤵
      PID:17116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8630.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:17216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38228.exe
      4⤵
      PID:12608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46772.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46772.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
      4⤵
      PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63882.exe
        5⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63706.exe
        6⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
        7⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        7⤵
        
        PID:13900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38975.exe
        7⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28575.exe
        6⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        6⤵
        
        PID:15408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45905.exe
        6⤵
        
        PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
        5⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        6⤵
        
        PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58281.exe
        5⤵
        
        PID:11596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33871.exe
        5⤵
        
        PID:16400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37599.exe
        5⤵
        
        PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40206.exe
        5⤵
        
        PID:12868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
      4⤵
      PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13353.exe
        5⤵
        
        PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5815.exe
        5⤵
        
        PID:12444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30512.exe
        5⤵
        
        PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56204.exe
        5⤵
        
        PID:12792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
      4⤵
      PID:8156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
      4⤵
      PID:14420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29969.exe
      4⤵
      PID:6472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52691.exe
      4⤵
      PID:10832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4520.exe
      4⤵
      PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
        5⤵
        
        PID:7328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56936.exe
        5⤵
        
        PID:13372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14751.exe
        5⤵
        
        PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16515.exe
        5⤵
        
        PID:12224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14247.exe
      4⤵
      PID:9096
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9096 -s 640
        5⤵
        Program crash
        
        PID:16344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28583.exe
      4⤵
      PID:14272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29369.exe
      4⤵
      PID:6860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
    3⤵
    PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45642.exe
      4⤵
      PID:7556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
      4⤵
      PID:13068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
      4⤵
      PID:16288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48028.exe
      4⤵
      PID:12624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
    3⤵
    PID:9060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23047.exe
    3⤵
    PID:12020
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48305.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48305.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19842.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47037.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62434.exe
        7⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63218.exe
        8⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37474.exe
        9⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
        9⤵
        
        PID:13268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
        9⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51057.exe
        8⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63184.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16244.exe
        8⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27504.exe
        7⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56330.exe
        8⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4768.exe
        8⤵
        
        PID:15304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
        8⤵
        
        PID:17352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25975.exe
        7⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14856.exe
        7⤵
        
        PID:14472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45905.exe
        7⤵
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
        6⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9113.exe
        7⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7129.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53009.exe
        8⤵
        
        PID:15264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36360.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56656.exe
        7⤵
        
        PID:13552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60304.exe
        7⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26027.exe
        7⤵
        
        PID:11964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
        6⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39610.exe
        7⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61177.exe
        7⤵
        
        PID:15120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1251.exe
        7⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        6⤵
        
        PID:10908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14271.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8064.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44090.exe
        6⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43234.exe
        7⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63834.exe
        8⤵
        
        PID:13284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34969.exe
        8⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
        7⤵
        
        PID:13296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5311.exe
        7⤵
        
        PID:15548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8301.exe
        7⤵
        
        PID:12204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29431.exe
        6⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
        7⤵
        
        PID:16264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11960.exe
        6⤵
        
        PID:12132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64728.exe
        6⤵
        
        PID:17376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30007.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9511.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
        6⤵
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        6⤵
        
        PID:13340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47143.exe
        6⤵
        
        PID:11512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16628.exe
        6⤵
        
        PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22215.exe
        5⤵
        
        PID:9744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
        5⤵
        
        PID:13796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27171.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44458.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38506.exe
        6⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-369.exe
        7⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
        8⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        8⤵
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
        8⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32197.exe
        8⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10128.exe
        7⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17823.exe
        7⤵
        
        PID:13676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30512.exe
        7⤵
        
        PID:15792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22379.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46529.exe
        6⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64306.exe
        7⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
        7⤵
        
        PID:16760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52400.exe
        6⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5344.exe
        6⤵
        
        PID:14684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20030.exe
        6⤵
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe
        6⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49978.exe
        7⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10248.exe
        7⤵
        
        PID:14704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7563.exe
        7⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12240.exe
        6⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7839.exe
        6⤵
        
        PID:14580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44840.exe
        6⤵
        
        PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
        5⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48090.exe
        6⤵
        
        PID:14928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31.exe
        5⤵
        
        PID:11852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60289.exe
        5⤵
        
        PID:17004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43838.exe
        5⤵
        
        PID:8828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38136.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10575.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-808.exe
        6⤵
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64912.exe
        6⤵
        
        PID:13520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
        6⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48228.exe
        6⤵
        
        PID:9808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20984.exe
        5⤵
        
        PID:9448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54136.exe
        5⤵
        
        PID:13380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5311.exe
        5⤵
        
        PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56734.exe
        5⤵
        
        PID:12472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55257.exe
      4⤵
      PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22128.exe
        5⤵
        
        PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59424.exe
        5⤵
        
        PID:12976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
        5⤵
        
        PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60152.exe
      4⤵
      PID:7636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
        5⤵
        
        PID:15884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16256.exe
      4⤵
      PID:11000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
      4⤵
      PID:14816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16127.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41106.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36498.exe
        6⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43234.exe
        7⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60938.exe
        8⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45137.exe
        8⤵
        
        PID:15512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18547.exe
        8⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
        7⤵
        
        PID:11496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9672.exe
        7⤵
        
        PID:15932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56145.exe
        6⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16864.exe
        7⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
        7⤵
        
        PID:17220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62800.exe
        7⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
        7⤵
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        6⤵
        
        PID:10860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41577.exe
        6⤵
        
        PID:15984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46351.exe
        6⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        6⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37192.exe
        5⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43914.exe
        6⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41458.exe
        7⤵
        
        PID:15772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32136.exe
        6⤵
        
        PID:11284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59448.exe
        6⤵
        
        PID:16320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23559.exe
        5⤵
        
        PID:8200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3783.exe
        5⤵
        
        PID:11672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50706.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19970.exe
        5⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47370.exe
        6⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11353.exe
        7⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10735.exe
        7⤵
        
        PID:15592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28696.exe
        7⤵
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44912.exe
        6⤵
        
        PID:8444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        6⤵
        
        PID:15400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20030.exe
        6⤵
        
        PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47105.exe
        5⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
        6⤵
        
        PID:11656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35415.exe
        6⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59004.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        5⤵
        
        PID:12504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51632.exe
        5⤵
        
        PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50928.exe
      4⤵
      PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60258.exe
        5⤵
        
        PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33776.exe
        5⤵
        
        PID:12172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1991.exe
        5⤵
        
        PID:17388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21684.exe
        5⤵
        
        PID:6100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22215.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
      4⤵
      PID:13804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39009.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39009.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1225.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36498.exe
        5⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42658.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44410.exe
        7⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37160.exe
        7⤵
        
        PID:16012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13112.exe
        6⤵
        
        PID:10808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60496.exe
        6⤵
        
        PID:14772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exe
        5⤵
        
        PID:8
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52401.exe
        6⤵
        
        PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
        5⤵
        
        PID:11136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16880.exe
        5⤵
        
        PID:15948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4379.exe
        5⤵
        
        PID:7868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24100.exe
        5⤵
        
        PID:8716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52377.exe
      4⤵
      PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8169.exe
        5⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57114.exe
        6⤵
        
        PID:15320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54913.exe
        5⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35328.exe
        5⤵
        
        PID:15692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16244.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22983.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48946.exe
        5⤵
        
        PID:15048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10911.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
        5⤵
        
        PID:7996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36936.exe
      4⤵
      PID:13060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36705.exe
      4⤵
      PID:6120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34962.exe
      4⤵
      PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
        5⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6937.exe
        6⤵
        
        PID:10596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55121.exe
        6⤵
        
        PID:14456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47335.exe
        6⤵
        
        PID:17004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
        5⤵
        
        PID:11472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27999.exe
        5⤵
        
        PID:16316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29431.exe
      4⤵
      PID:8364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3792.exe
      4⤵
      PID:12116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-535.exe
      4⤵
      PID:17228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2476.exe
      4⤵
      PID:17712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
    3⤵
    PID:5456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37778.exe
      4⤵
      PID:9308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
      4⤵
      PID:13932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
      4⤵
      PID:216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20145.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20145.exe
    3⤵
    PID:8548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14879.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14879.exe
    3⤵
    PID:11812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
    3⤵
    PID:5320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13711.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13711.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6201.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6201.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16778.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27842.exe
        6⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38418.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24506.exe
        8⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11457.exe
        9⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45625.exe
        9⤵
        
        PID:17360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51028.exe
        9⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47321.exe
        8⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35328.exe
        8⤵
        
        PID:15720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
        7⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
        8⤵
        
        PID:15652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34668.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12448.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-592.exe
        6⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19994.exe
        7⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16584.exe
        7⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
        7⤵
        
        PID:10940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38281.exe
        6⤵
        
        PID:9892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47792.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10029.exe
        6⤵
        
        PID:9568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1920.exe
        5⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30058.exe
        6⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23450.exe
        7⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        7⤵
        
        PID:13868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18123.exe
        7⤵
        
        PID:15156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24413.exe
        7⤵
        
        PID:9464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-704.exe
        6⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48090.exe
        7⤵
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64485.exe
        7⤵
        
        PID:9604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38680.exe
        6⤵
        
        PID:11132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14327.exe
        5⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54002.exe
        6⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18961.exe
        7⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
        6⤵
        
        PID:13144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45905.exe
        6⤵
        
        PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45961.exe
        5⤵
        
        PID:8356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29055.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37599.exe
        5⤵
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
        5⤵
        
        PID:11292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32760.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62434.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9113.exe
        6⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        8⤵
        
        PID:15460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34969.exe
        8⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        7⤵
        
        PID:13916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38975.exe
        7⤵
        
        PID:16724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
        6⤵
        
        PID:10228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64440.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50645.exe
        6⤵
        
        PID:10020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47105.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39802.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4768.exe
        6⤵
        
        PID:15160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29771.exe
        6⤵
        
        PID:8772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
        5⤵
        
        PID:11552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
        5⤵
        
        PID:15748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29815.exe
        5⤵
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65094.exe
        5⤵
        
        PID:12580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23353.exe
      4⤵
      PID:6284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        5⤵
        
        PID:8796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64633.exe
        5⤵
        
        PID:13200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32238.exe
        5⤵
        
        PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
        5⤵
        
        PID:12800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19615.exe
      4⤵
      PID:9132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27512.exe
      4⤵
      PID:12140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
      4⤵
      PID:11092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29392.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29392.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33986.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26114.exe
        5⤵
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19970.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
        7⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
        8⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4680.exe
        8⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28575.exe
        7⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        7⤵
        
        PID:15372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
        7⤵
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
        6⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
        7⤵
        
        PID:16928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3236.exe
        7⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10763.exe
        7⤵
        
        PID:8616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54224.exe
        6⤵
        
        PID:12564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2623.exe
        6⤵
        
        PID:16868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2053.exe
        6⤵
        
        PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36616.exe
        5⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
        6⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        6⤵
        
        PID:13892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32238.exe
        6⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8268.exe
        6⤵
        
        PID:11728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16743.exe
        5⤵
        
        PID:8224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44545.exe
        5⤵
        
        PID:11892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6811.exe
        5⤵
        
        PID:7756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14800.exe
      4⤵
      PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19970.exe
        5⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        6⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23466.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11473.exe
        8⤵
        
        PID:17264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16879.exe
        8⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1827.exe
        8⤵
        
        PID:12704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4768.exe
        7⤵
        
        PID:15168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63863.exe
        7⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-484.exe
        7⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13304.exe
        6⤵
        
        PID:12432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41551.exe
        6⤵
        
        PID:17332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51869.exe
        6⤵
        
        PID:17680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
        5⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        6⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2167.exe
        6⤵
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42476.exe
        6⤵
        
        PID:13072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60392.exe
        5⤵
        
        PID:11388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24281.exe
        5⤵
        
        PID:14804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61063.exe
        5⤵
        
        PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23140.exe
        5⤵
        
        PID:12652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
      4⤵
      PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20762.exe
        5⤵
        
        PID:8724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
        5⤵
        
        PID:12384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44351.exe
        5⤵
        
        PID:17348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28281.exe
      4⤵
      PID:9184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
      4⤵
      PID:12840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39630.exe
      4⤵
      PID:11016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64489.exe
      4⤵
      PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9049.exe
        6⤵
        
        PID:11064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46761.exe
        6⤵
        
        PID:15004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37940.exe
        6⤵
        
        PID:8684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60777.exe
        5⤵
        
        PID:10456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1207.exe
        5⤵
        
        PID:15112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14175.exe
        5⤵
        
        PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48036.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5583.exe
      4⤵
      PID:7692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48282.exe
        5⤵
        
        PID:15488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31.exe
      4⤵
      PID:11432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
      4⤵
      PID:15756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54665.exe
      4⤵
      PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26843.exe
      4⤵
      PID:10220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60825.exe
    3⤵
    PID:1396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36336.exe
      4⤵
      PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4609.exe
        5⤵
        
        PID:8268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
        5⤵
        
        PID:13244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13584.exe
      4⤵
      PID:9936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47792.exe
      4⤵
      PID:13532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28823.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28823.exe
    3⤵
    PID:6324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12777.exe
      4⤵
      PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3393.exe
        5⤵
        
        PID:13088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
        5⤵
        
        PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2979.exe
        5⤵
        
        PID:12048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31280.exe
      4⤵
      PID:12032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
      4⤵
      PID:17204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20724.exe
      4⤵
      PID:17224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25835.exe
      4⤵
      PID:10704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
    3⤵
    PID:8300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
    3⤵
    PID:12424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-803.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-803.exe
    3⤵
    PID:8528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5936.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5936.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65210.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9097.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57826.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
        6⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30842.exe
        7⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5385.exe
        8⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        8⤵
        
        PID:11952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36420.exe
        8⤵
        
        PID:17496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        7⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64912.exe
        7⤵
        
        PID:13512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
        7⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48036.exe
        7⤵
        
        PID:10104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15584.exe
        6⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
        7⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        7⤵
        
        PID:13860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62844.exe
        7⤵
        
        PID:14252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18095.exe
        6⤵
        
        PID:11800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
        6⤵
        
        PID:16836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19880.exe
        6⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4259.exe
        6⤵
        
        PID:10708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36616.exe
        5⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45642.exe
        6⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
        6⤵
        
        PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30881.exe
        5⤵
        
        PID:9736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40104.exe
        5⤵
        
        PID:13788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13264.exe
      4⤵
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9113.exe
        6⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25314.exe
        7⤵
        
        PID:16048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12020.exe
        7⤵
        
        PID:16320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
        6⤵
        
        PID:7312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50409.exe
        6⤵
        
        PID:14452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53367.exe
        6⤵
        
        PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47105.exe
        5⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15577.exe
        6⤵
        
        PID:9264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
        6⤵
        
        PID:14860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13428.exe
        6⤵
        
        PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
        5⤵
        
        PID:11560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
        5⤵
        
        PID:15964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10436.exe
        5⤵
        
        PID:6308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24609.exe
      4⤵
      PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47954.exe
        5⤵
        
        PID:9036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20990.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        5⤵
        
        PID:13416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18123.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49301.exe
        5⤵
        
        PID:16344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12319.exe
      4⤵
      PID:9456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37600.exe
      4⤵
      PID:13392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25982.exe
      4⤵
      PID:17420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54577.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54577.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5034.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
        5⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22128.exe
        6⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64498.exe
        7⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4768.exe
        7⤵
        
        PID:15056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28575.exe
        6⤵
        
        PID:11260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        6⤵
        
        PID:15424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
        6⤵
        
        PID:6904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49217.exe
        5⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-617.exe
        6⤵
        
        PID:16236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        5⤵
        
        PID:12488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35487.exe
        5⤵
        
        PID:16908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9837.exe
        5⤵
        
        PID:13692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37192.exe
      4⤵
      PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53810.exe
        5⤵
        
        PID:7904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
        5⤵
        
        PID:13164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20600.exe
      4⤵
      PID:9692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51696.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51696.exe
    3⤵
    - Executes dropped EXE
    PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
      4⤵
      PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51402.exe
        5⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50482.exe
        6⤵
        
        PID:12128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26863.exe
        6⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2403.exe
        6⤵
        
        PID:9876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22048.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19450.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
      4⤵
      PID:7700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
        5⤵
        
        PID:14748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45872.exe
      4⤵
      PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24281.exe
      4⤵
      PID:15532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34195.exe
      4⤵
      PID:10340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21624.exe
    3⤵
    PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11560.exe
      4⤵
      PID:9192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56936.exe
      4⤵
      PID:13356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47040.exe
      4⤵
      PID:6136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10843.exe
      4⤵
      PID:17816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3279.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3279.exe
    3⤵
    PID:8244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19344.exe
    3⤵
    PID:2384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11181.exe
    3⤵
    PID:17596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48688.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48688.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8329.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8329.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
      4⤵
      PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36498.exe
        5⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe
        6⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64778.exe
        7⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42920.exe
        7⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38975.exe
        7⤵
        
        PID:1236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51832.exe
        6⤵
        
        PID:13076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26935.exe
        6⤵
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34150.exe
        6⤵
        
        PID:17804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
        5⤵
        
        PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54224.exe
        5⤵
        
        PID:12572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61061.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33958.exe
        5⤵
        
        PID:17524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37192.exe
      4⤵
      PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23066.exe
        5⤵
        
        PID:8540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        5⤵
        
        PID:13884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38591.exe
        5⤵
        
        PID:16056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22415.exe
      4⤵
      PID:9196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20223.exe
      4⤵
      PID:14264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53936.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
      4⤵
      PID:6080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31712.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31712.exe
    3⤵
    PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
      4⤵
      PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42274.exe
        5⤵
        
        PID:7584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6465.exe
        6⤵
        
        PID:11428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57720.exe
        6⤵
        
        PID:7216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2831.exe
        5⤵
        
        PID:11448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9672.exe
        5⤵
        
        PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21803.exe
        5⤵
        
        PID:10748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14728.exe
      4⤵
      PID:7784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14649.exe
        5⤵
        
        PID:15540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        5⤵
        
        PID:228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26567.exe
      4⤵
      PID:11696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-710.exe
      4⤵
      PID:17244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
      4⤵
      PID:14256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15759.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15759.exe
    3⤵
    PID:5844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37674.exe
      4⤵
      PID:8764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57041.exe
      4⤵
      PID:13040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55207.exe
      4⤵
      PID:1160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
    3⤵
    PID:9044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40690.exe
      4⤵
      PID:15516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44048.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44048.exe
    3⤵
    PID:12540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-748.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-748.exe
    3⤵
    PID:180
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58489.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58489.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10545.exe
    3⤵
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19970.exe
      4⤵
      PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40472.exe
        5⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57114.exe
        6⤵
        
        PID:15336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35607.exe
        6⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28059.exe
        6⤵
        
        PID:10712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        5⤵
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19263.exe
        5⤵
        
        PID:17088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62104.exe
        5⤵
        
        PID:16712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        5⤵
        
        PID:13124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55273.exe
      4⤵
      PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50466.exe
        5⤵
        
        PID:10412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62817.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49151.exe
        5⤵
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24797.exe
        5⤵
        
        PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8696.exe
      4⤵
      PID:11864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19455.exe
      4⤵
      PID:17020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26935.exe
      4⤵
      PID:4628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
      4⤵
      PID:3944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1063.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1063.exe
    3⤵
    PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61978.exe
      4⤵
      PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60674.exe
        5⤵
        
        PID:17244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39020.exe
        5⤵
        
        PID:17432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58281.exe
      4⤵
      PID:12196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
      4⤵
      PID:2372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29433.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29433.exe
    3⤵
    PID:9076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21271.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21271.exe
    3⤵
    PID:13096
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18481.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18481.exe
  2⤵
  PID:232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36690.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36690.exe
    3⤵
    PID:6036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1521.exe
      4⤵
      PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
        5⤵
        
        PID:10796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60705.exe
        5⤵
        
        PID:14744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36996.exe
        5⤵
        
        PID:11988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2920.exe
      4⤵
      PID:9820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
      4⤵
      PID:14064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55849.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55849.exe
    3⤵
    PID:7184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46538.exe
      4⤵
      PID:13592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60112.exe
      4⤵
      PID:6596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-483.exe
      4⤵
      PID:7932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2535.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2535.exe
    3⤵
    PID:10780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
    3⤵
    PID:13292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59415.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59415.exe
  2⤵
  PID:5204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
    3⤵
    PID:9020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19729.exe
      4⤵
      PID:4428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33112.exe
    3⤵
    PID:12000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40599.exe
    3⤵
    PID:6552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7692.exe
    3⤵
    PID:12604
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58816.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58816.exe
  2⤵
  PID:9124
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21912.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21912.exe
  2⤵
  PID:12520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42637.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42637.exe
  2⤵
  PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 8700 -ip 8700
1⤵
PID:10096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 8716 -ip 8716
1⤵
PID:15592

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:17280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13711.exe

Filesize
468KB

MD5
651e51d075b8bc31230f62ddd8a48190

SHA1
f2b6d5690ed8d4c65f985248d0bf14cc3e6a2d7b

SHA256
410b3e0063757d24416ec4be5ca908de5a86a81afba20a0f408318f932cd62a1

SHA512
aaac0e58dcd39688b927cbda15383f4ef6f22065873e4db75487ed4c1655e8c058fa2915ba8ea7ed54840019af099c8378c1cfc4981bf30d94a849449f7c210f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16127.exe

Filesize
468KB

MD5
9ce6dd91186168edf3c946034050565b

SHA1
bca0f67064df65773bbcd11f9be805069408bea8

SHA256
5335ec6d821e574a47258536c1eda02b418de982b83685a1c90eb08588e83d9f

SHA512
6005a1e46b7c72d053d5aa98beaee288288d71c902f668288c4e875847e0d35a2875f45c0d9f2948ebbf64a7da4925a87759323d0eaf954fb6c0da3d9f6b88ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16586.exe

Filesize
468KB

MD5
8a3fcd0e13ff8585498b805ac062da4f

SHA1
b121f6a1e41c59c7fc2fd2311e5de5d2de06ea8d

SHA256
3468aceeb0be635906dc7b1fd30bab627b6a6a831613813e7abd08fa84be5431

SHA512
c401f22d93586f5731eaa475f1236a2b53661b0bc39f77b0d3cfefd1b4b2ce01da795242e0d003a2f76cb165bd498f298ed86c8031b957b035f0b491c938d72d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16778.exe

Filesize
468KB

MD5
fb106d52bc338792b72e76d2d927f2c4

SHA1
c8d17c406ea86a5e16e178e8bf95b8c114a0b1f5

SHA256
5558eab47cd1dc1c1ba30eaca66a8beb1deaa6af4dccd3fda8217f90a0489750

SHA512
d5b98cde5133da85b7eb950d71428b95c28f12ca4fe957a0652121e08c9d262e6e995ad5f5e3c19e9cbdef7bf8d3c5c8f2a2365dccd1290a08413724cf8112b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe

Filesize
468KB

MD5
18c43fb99742180e07eb3688a74bd79b

SHA1
80aac952c3802a582276f7d72d6ade7065dd5086

SHA256
ffde66029f19cb850728886e247d7f03b3f42650ff5a0cebbe0547898bbe2a66

SHA512
3e178c2db3da11849d78a389833f61430d7487d490e9b35831f234dc9289064f840910231223f55ea09fea6417f8ca4287d483f29d06ff622708952a9334416c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19842.exe

Filesize
468KB

MD5
e3d48912634be910c87974a83a8fe5b5

SHA1
29ce2ab99fd4bc2171a47e3afc529e9f8b93ca2e

SHA256
28d6a3be697afb01fa8863afc131ba59571fb967b8345d2a0d801344938b72cf

SHA512
91c2937b8400e8c39dc9f951ab18872fffc82523e7d5e881f1e764be88ed819cf1a37254f002fd392757417ff5a9abc0206fc1a1bee0f3383f0955729c1c3e59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27171.exe

Filesize
468KB

MD5
8875fc4d0c4812b91f6bb88e23f3a439

SHA1
a40995c872c3ac4943669d1261e7555ff25c1a98

SHA256
536f8b90634e6b2593f1e25887e75a4a798f22c4bc7da311373b816a236b93f2

SHA512
010166ae63d787cbca1a9ec1eddee6b51a2589a509f9242ebe09699db78de66fd9d27f84dd015bd3a76bfdb72734b4c6f37f062492a1aafe00c58468a969c028

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29392.exe

Filesize
468KB

MD5
c28600d66cc6dc87ac233ef79a05f106

SHA1
4aa85a1f0cfdcb8a5aa183e0f991a051c79530f9

SHA256
3a1d6cdc66122db77cb389a8781236467edcf7af3a2b937f602a8a1c743da742

SHA512
1e3db7fd0fd4a1241747462d316276fa9f41767129c09f442052399b134b4cd6230ee8a0486b4bf175eb9ba926f40481bb31eba8a2c2d88c0b015a2b936bbb71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe

Filesize
468KB

MD5
15b90e5b16d76d2ecc7da59214645057

SHA1
16b6213da81c1d55f141723652b449540a6f438d

SHA256
1e212a6a0e2cb60b86a8be14009be147d7580d1eb4fa6d68a8032c9d7ccd2e75

SHA512
d2408a9b54b7c3b257c954e0b2682f788823a9d3340aa655615331ced5ad0d54bc6bf249b644a0775cb8892d5c25174d32a7ea649f9b794966eeabe1e16c15f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32922.exe

Filesize
468KB

MD5
ec8141b2e65966fea4b89e706082af21

SHA1
3a3940f429b0a7d572901beef55504f6b73cf2ec

SHA256
b65e5eb80b0a8eff076b856db6cf71c9d5ccaf278346fd88c0ca93c6a10d1006

SHA512
e36ed0342cfd9bd1d93158c6ce5adf8860ebb12c2a06c4ef3744fab49899a1d2a6f48870829ec80ceef8179f77814ef082bd20578d40336f7d7cddf0783d4303

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35064.exe

Filesize
468KB

MD5
35bd7bf180040ac584bc3a51562533b1

SHA1
077f330ae3737ba80e47a8af649088d909b07757

SHA256
f78727fa635b94585728791c66a60fcee6ba19b59d9d00147e4f6156664ba2bb

SHA512
bad291380dc69564abcf188011cb1a719679d0b4e0cdcc8913c4145ff331f39037bf1200a4e88641396f202037c1689fc82ca188c51e0604bb04c76d6fab6f03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39009.exe

Filesize
468KB

MD5
b4eb34164fdfd093aed0936e9420859e

SHA1
e9658cbf705c99e8572e1760f700bdfb36714cc1

SHA256
83ddc91df8ef0733af07c4b93cadece7104eedac193f031de917c21c6225a1db

SHA512
476ea9b14471b62462a6d9eaba6b4b3c69343bfc2812e24ac947d448be01fc0e2fc8e55f683778d796fdf47c385a3caacaf2d54016eb7fafbbeec501cc73b520

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40907.exe

Filesize
468KB

MD5
39511f3dec777ebc8523e578c925b03f

SHA1
4d11036fb84acccbead194f5c92781fdc68fb2d7

SHA256
e9fcc6d1a883263fa7e3c333cb4f0dd847c0a9eadf9c9253870e7544a63e3e32

SHA512
d25c71ab9cc3cffb3db51a2636c9e21dbcce3c66fe20e33389ed81219c85865662982708afc36aca8acd7c68f8a95edf159cc5be2622c6a7979830d7f951fb4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41008.exe

Filesize
468KB

MD5
2dee7c0583459dfba34c83f568b2b6ef

SHA1
8a2b53958ef7a65fd9367315c06c397b4cd08c7f

SHA256
5566bf755bebeccedcd614811b8bc88dfd25978bfb6a0acf808d5d5346c3051d

SHA512
ab69ac2d0ebc43d340f41dd2fe8d9c2edea22abc17ccf280145a450cbcb8d1c669b914c54f4330441da743948388dee2858dc7fd0ef1dc72f8db8c77c159753c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41312.exe

Filesize
468KB

MD5
9ca38f11c65963c1866e06c5442e6eba

SHA1
bf7a627ffdd50a5722a7bbba97a7c3cfb8646114

SHA256
6ce27d7bde656245351516ce18e31f186d28681fb590366bf91c8c84e47c00b2

SHA512
93f35411a291c374344d621d2fc2dc954a958e15f182e99d1686cc6914d4263e237f30e310134f4118705423c1b73e4e03d21f72c79b147ab0189d3a73bab365

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46772.exe

Filesize
468KB

MD5
ca91f2a5556e23df317ec2b422ca85d6

SHA1
b9317fc03d5a7eb8ea67e065c6b0b9846dd58050

SHA256
e326e2995ef900aa52c45e6b986496d47e71639fcbb52c511c524a3d266600c8

SHA512
a7a68ebd851b6441b8901817f709d83867d2d7661b8d1252088b3fef4dbb21ab3cab1a237afe97a650587c0c56fb9ea5414f8c7e938e139ef086a3f0443a2424

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47037.exe

Filesize
468KB

MD5
666682198967a68ebcb7285072a60a19

SHA1
c1e0d857d64a02c219c59a46e7bb1e72275335d7

SHA256
a8afef835d9fdf71e6ce70731146cded567c109e070d7405ee85c2d67568843b

SHA512
c7dcb1fc28d059e43cc9c0b73a5e3537ccab5c5bc6fbf79a99aac0a9ec60df9919e909baf79cb91278470b9d6ce2801bad1229fc4a37aa52da372093afdf7252

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47226.exe

Filesize
468KB

MD5
0291ee0359d27a5c203924d3aef75090

SHA1
7075c02e9e2f4cdc454d4707066b2cfe8ec1eb76

SHA256
cd9d1dd643ad9225d25ade867559f370c38da1e1474058c658abe2f1998bb176

SHA512
00205c76686739a2bb1a5ebcc739bb95c3140e02e41190c480c5046a53cdabfbf693226dad053802ac1c198a899a1b1cd65f7c6da1d3f8b256057bec541e03dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47234.exe

Filesize
468KB

MD5
9dd2e106f25b61b2d5ce681c95021b59

SHA1
3774daaa9c4ea15e65745eb3374094f9f89eaa66

SHA256
9f9f515149ba873058cdc6c911297ddb66b390ededf521daed094eeee5de5a73

SHA512
b19556bd7d0215318e4ca0997675b48a92ffa4f09cd19798eb907bf5088f94a8e7b3c060d6a5cd797cb7eba920eb7e65e84b4ed751807d4fc8b47ba9ded81197

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48305.exe

Filesize
468KB

MD5
478044a4c20ec4b4866871ab2550a4fc

SHA1
156a26d99b941cc19b215a9fcd3bcd1001fef463

SHA256
a4df4730a1604bc6b2f85cccfad5e5fb9d2b3e6ab095fc02dc043b45a96dea65

SHA512
a83b130830fa87370e994cf6e93d4597b6a5da0cf963dc0a9598ed1022764e733321006eea632bf47b0458097edc69f0bfe4313a644984b56a6206c5c15f1f02

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48688.exe

Filesize
468KB

MD5
35bac03e40b45b5f902225837f55e97a

SHA1
78588c491eaa008dd91fa6f8bf02a7ef66c6ccd1

SHA256
1e7b702dbc5e7a0d0c41ad9571522efc95ad2467a7109c2a61a191d9a5a3148d

SHA512
6c8e6f977a2aa519ae157a87cbbca5f56df81c64ac86cb9aa8d2569fcd69cc6c782f7aa691f11b6ba78269f1229c1297f3a4245ebcfcbfaf4cdbe55435a4fe43

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52514.exe

Filesize
468KB

MD5
35fb9c53417bc3206ef8d753b669ab48

SHA1
41968fe60165c39fc7249ade7581d79d22298cac

SHA256
8c612cd445eadb9e50eb18e279c8e2ab1bda6c7ce8bd3bf3cb2930cf88038ec8

SHA512
03a0ef5909e5e8d98d8e718bbe7fe51ffccf7f99b2b9df5ea8962a80102e8b898df487c76027244892849f75591a0e7ddf88ce0eb16d7249fba9ba385cc6fd37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52713.exe

Filesize
468KB

MD5
1fd904d987dcaa165f9b63aa1192de96

SHA1
74ea6192dabead75c38769637779ee230eb1c111

SHA256
673e4f7409c397722f3602dc8008d03e2ba29f2b381dc4ed1ee70c9c0b454654

SHA512
f26c67d551f6bf5c4c17079a12d388def18e820ee9e12e94ddb3053b58af3d1484ddb9ba06316b7c7d914584b49abfe4041a74d4ce5161626ef7605bc403a419

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56480.exe

Filesize
468KB

MD5
fcb24d0165869504aeeaa16c3748b2fb

SHA1
1a6c630a42eb85707cf95271858ed3e2bd6a0388

SHA256
20c3d5910b1ad8370964fe5f15daf7ddd42dc7c1964590be28e5827952bdb674

SHA512
813ed188f00753b60eff4c37450789a1ddcf4fbdd6c4b988fd636aa8d315fda4d600e5095938e6b3cb188ce2ad9a0c72c45c230a350c2f3e45f33ec075642f3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5936.exe

Filesize
468KB

MD5
ea0bf4e3b6fb379089150d1ebf74be74

SHA1
8ca32e18db943385fa777816e8e41723046aa611

SHA256
2c20cb2c1421de41e7dc131656ab9107df8d7f58b39d84884d667f135262eb6e

SHA512
b281d32e8e2f7e5eadb889985dbc1d44d1612e2ae40232125eddb2ffe99dee2db5ef0a153bbd6c4ccceb636326ade806bc1947a7ab0060486e4a2b12153e74be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59810.exe

Filesize
468KB

MD5
3ea37d2b68d09da56193e2afc7b3582f

SHA1
dd40be14afc2418df8badc4a22d805f7bf33ed9f

SHA256
bea9712edd11222dafc0d175468ce555dcd3d4d940e8bf47c10c8e65da11b095

SHA512
85e18841dad63c55a1d1524d513064f001f9aa55dff85b956cb7c8440de0217612136e2a63233357b5adf66539761c5d88592378ccdad8613b08f16f2e5d7692

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6201.exe

Filesize
468KB

MD5
9b7191448b7733e91662a9d3339ac67b

SHA1
f18fa8f74aa40ab7f48c602d06246ed32c2918b2

SHA256
cc3faa71bf86b24b6996e3d0aaeb39fb20eb6f28348ea965d77df208d1dbdd40

SHA512
74f6af4c4c631b0c1cff76b8f9fd16484de3e6e6e3e68bfb4788c5adc56be633043ee8edcda5040aec801a346c0ac49a9cca4b9a915493af2441bfb1160e41d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe

Filesize
468KB

MD5
5c39ae441ff8479d77043692720905f9

SHA1
050fcedadf2b06299bc149a892c0800b95991007

SHA256
58d923c2afc7dd265faf03bbbb4c488e2aec791b171905cf49267ed134f6831e

SHA512
69117b5539b8502f02961a774d8c38c7609b8c9a002b2208b9f25427acdc9df2cfaa8f6b6a53fba41bf10694b95ce1f281d82ae493949e108e23e5921162466b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65210.exe

Filesize
468KB

MD5
65be5c54e650002d041a82bf4d437326

SHA1
4c8d167df5cfd9fc0271dff75ad6220ec70aed84

SHA256
eaa162b0bcc8c38ee10519876f480ca70c90ffa6b7ba570068ab30d34910effc

SHA512
2fd4874649bde083de18ab759bbef17f15335c97624959a18b3dac23edd4db5faa99a04e76a79f0f7e486e948b43dbc5dde5b65edcaf570153bf0b56d2cada23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6793.exe

Filesize
468KB

MD5
9143306b50312962949eb935c6177557

SHA1
211478a126778908e925257637cbc03a917a478b

SHA256
c9256587e8f801278f6bac91b9d7ff1574a0e8f06affba95276492be69a56724

SHA512
5af1f0ea27ade7d1dae1e9bc54501a6dd8af7a85afa95265ab69e0815451f22b64aa4ba8253e92e9e36539a85cddadb632ff2709328365e10fb5325df85b0096

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9097.exe

Filesize
468KB

MD5
9b51d17630f536cebbe98e4b7d95cadc

SHA1
f0529fd7687cd2ac322471382e61750af7f78175

SHA256
e717c2df349d63cbaab7dc9381e801293929af212c515950d296e3dfd0fd2477

SHA512
72893989c18eb2a6935f2463a31ea077b9ec867030fcb9c09119247125645c31c7bc69a3a219753bf2223e42e53dbc0b6bdf0f74eacbc4eb6f09f9879dd8503d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads